NTFS delete permission RRS feed

  • Question

  • rem log on as account A, and A belongs to Administrators,windows 7 
    rem create a folder 
    MD Test

    rem reomve all inheritanced permissions 
    icacls Test /inheritance:r

    rem grant administrators full permission
    icacls Test /grant administrators:f

    rem set Test owner to system
    icacls test  /setowner system

    rem if deny delete on administrators, A can still delete folder Test 
    icacls Test /deny administrators:(de)

    Test BUILTIN\Administrators:(DENY)(D)

    rem if deny delete on administrators, account A can't  delete folder Test ,but account a can't access the folder
    icacls Test /deny administrators:D

    So the questions are:
    First, why account A can still delete folder test even i deny delete on Test using:icacls Test /deny administrators:(de)
    Second,what's the differences between (de) and D for  denying delete permission by icacls.exe?

    • Edited by mark.gao Tuesday, October 22, 2013 6:09 AM
    Tuesday, October 22, 2013 6:03 AM