## Thursday, February 18, 2016

### Replace inheritance permissions on folder/file using commandline in Windows server 2008

When you create a new folder or file (B) inside an existing folder (A) in Windows environment (It's Windows Server 2008 R2 in my case), B will inherit all the security access permissions of A. And you don't want that happen just like me. You can run this command in cmd to replace all the inherited aces (access control entries) from B with different ace set (the following will replace all the inherited trustee with domain admins and local administrators):

icacls "\\path\\to\\folder\\or\\file" /inheritance:r /grant:r "MYDOMAIN\\Domain Admins":$$OI$$$$CI$$F /grant:r "Administrators":$$OI$$$$CI$$F /T