I decided it was time to completely refresh the permissions on all the folders and sub-folders, to ensure that they applied correctly.
To do this, there's three steps which need to be taken.
- Export the existing NTFS permissions
- Reset permissions
- Restore old permissions
This is actually quite a simple task to do, and can be done by using ICACLS. The following guide will explain how this can be done.
1. Open PowerShell as Admin (you can also do this within an Administrative command prompt)
2. Run the following command:
icacls C:\TEMP\* /save "C:\Temp\AclFile.txt" /T /C
The part in bold is the 'source' of your NTFS permissions. Selecting "/T" at the end ensures it goes through all the sub-folders as well to copy the permissions of them.
3. Run the following command to reset the permissions:
icacls C:\Temp\* /reset /T /C /L
The part in bold is the 'source' of your NTFS permissions.
4. Restore the permissions by using the following command:
icacls C:\Temp /restore "C:\Temp\AclFile.txt" /T /C
The part in bold is the 'target' of your NTFS permissions.
Note: before doing anything changes to permissions on a File Server, make sure you have either a working backup, or you've recently snapshotted the server.
/T - Traverse all subfolders to match files/directories. This will apply permission changes to all subfolders whether or not they are set to inherit permissions from the parent. On very large directory structures this may take some time as the command has to traverse the entire tree. /C - Continue on file errors (access denied) Error messages are still displayed. /L - Perform the operation on a symbolic link itself, not its target.
