I'm trying to fix permissions on users folders created with Folder Redirect. I need "Domain Admins" group to have full access. Everything works as long as folder name is not using unicode characters. And there a quite many folders like that :(
For example: ICACLS changes Ł to A, ł to B...
D:\Path\Path>icacls ęóąśłżźćń
icacls ↓ˇ♣[B|zD
↓ˇ♣[B: The filename, directory name, or volume label syntax is incorrect.
'zD' is not recognized as an internal or external command,
operable program or batch file.
D:\Path\Path>icacls ĘÓĄŚŁŻŹĆŃ
icacls ↑Ë♦ZA{y♠C
↑Ë♦ZA{y♠C: Successfully processed 0 files; Failed processing 1 files
The filename, directory name, or volume label syntax is incorrect.
I tried changing chcp to various values, nothing worked (by default my cmd uses 852). Tried changing fonts used by cmd, also didn't help.
Is it possible to make ICACLS understand Polish? :)
EDIT: weird thing is, when i use ICACLS as 'system', it behaves like above. When used with mu user rights, it properly reads unicode characters.
EDIT2:
where icacls ran as user
C:\Users\Administrator.CEO>where icacls
C:\Windows\System32\icacls.exe
where icacls ran as system
C:\Windows\system32>where icacls
C:\Windows\System32\icacls.exe
i try to run icacls commands from cmd window, not as .bat or .cmd files, for example
icacls "D:\FolderRedir\IT\Stanisław Smólski" /grant "Domain Admins":F
output changes ł and ó to other characters, and icacls is unable to locate the file/directory
Not sure what exactly was wrong - we had a problem with one ups today and server was forcefully restarted. After the restart (and unexpected Windows update that used the restart oportunity) i tried icacls again, and... it worked with all the Polish characters.
I guess the problem solved itself.
Related
The file still exists (because I can open it through powershell) but Remove-Item isn't able to find the location apparently. Do you have any idea why?
Looks like like you hit a similar problem I recently ran into. In my case I had a space at the end of a folder name, and Windows absolutely refused to delete it.
Turns out Windows has an alternate method for addressing files and folders where you have to prefix the path with \\?\.
In your case, probably need to try this:
Remove-Item "\\?\$Profile"
In my case I was working in the command prompt at the time and RD /Q /S "\\?\FilePath" worked. So if worst comes to worst, you might do a Write-Host $Profile, select and copy the resulting path, switch to the command prompt and try the RD /Q /S command.
In your case, what is causing the problem is almost certainly the special characters after the OneDrive\ in the path.
Admittedly I'm no scripter. I piece together what already works but trying to learn.
I have a script that does a lot of the manual labor for setting up a scan user for myself and our techs. Here is a small portion of it written as a batch file. At the end before the pause I want to call a PowerShell to show what the Network type is, not to change it. At least not at this time. I did remove alot of the extra from the file to save space. Both the batch file and the PS1 file will be in the same folder on a thumb drive.
The nettype.ps1 file just has:
get-netconnectionprofile
pause
The pause of course is so the tech can see the network type.
Hope someone has a simple solution. I did look here and other websites. I may not be using the right terminology in my search or understanding what I need done.
net user Scans Scanner1 /add
net localgroup administrators Scans /add
wmic UserAccount where Name='Scans' set PasswordExpires=False
md C:\Scans
#echo off
NET SHARE Scans=C:\Scans /Grant:Scans,Full
ICACLS "C:\Scans" /Grant Scans:(OI)(CI)(F) /t /c
ICACLS "C:\Scans" /Grant Everyone:(OI)(CI)(F) /t /c
netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
PowerShell.exe -File "nettype.ps1"
pause
If that is all you have inside your powershell script, don't run it as a script, delete it and just run the command directly in your batch-file:
"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-NetConnectionProfile"
Which could be probably be shortened to:
PowerShell Get-NetConnectionProfile
I found the answer, knew it would be simple.
Just had to use the following in the batch file:
powershell.exe -ExecutionPolicy Bypass -File ""%~dp0nettype.ps1""
You can change the powershell call to the following to find the ps1 file in the same directory:
powershell.exe -File "%~dp0nettype.ps1"
%~dp0 is a combination of %0 variable and ~d and ~p modifiers.
%0 is the full path to the current batch file.
~d when combined with %0 (e.g. %~d0) will get you drive letter portion (e.g. C:) from %0.
~p when combined with %0 (e.g. %~p0) will get you the path portion of %0 without the filename.
Combining them together, %~dp0, will get you the full path of the folder where current batch file is located.
You can find a complete list of these modifiers here: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-xp/bb490909(v=technet.10)?redirectedfrom=MSDN
One thing to note, is that %~dp0 modifier only works in batch files, not when you try to run on commandline directly.
I am trying to use a script that I've used before in Powershell, that is supposed to copy and paste all the file names inside a folder, into a text file.
I was able to use this script on a different computer last week, but can't do it now on my laptop.
Is there something I am not aware of?
The error it's giving is
Cannot find path 'C:\b' because it does not exist.
I tried removing the /b and I got a list of all the files but with other extra data like mode, last time write, length, name, and the extension of each file.
I really need the plain file name only. How can I do this? Thanks in advance!
the /b flag only works in cmd, not PowerShell
So you could try
cmd
dir /b
exit
Which will open CMD in your terminal and execute dir /b as a normal cmd command rather than PowerShell
Alternatively, just use PowerShell's Get-ChildItem (or gci for short)
To get just the plain file names using Get-ChildItem, you can do something like this:
# Assign the folder items to a variable $x
$x = gci
# Get only the names of those items
$x.name
See SS64 for details on CMD's dir and PowerShell's Get-ChildItem
I am embarrased that I have to ask this, but as the syntax of icacls apparently has changed in powershell, I seem to be unable to assemble a working command.
What I am trying to do:
I want to remove all permissions from a specific folder and then add the "Current logged on user" and "SYSTEM" to have Full Control. But not Admins or anything else.
What I have:
icacls $MyFolder /inheritance:r /grant: $Domain\Env:Username:(OI)(CI)F /T /grant: SYSTEM:(OI)(CI)F /T
But everytime when I execute the command I get an error
(OI)(CI) /T has not been recognized as a cmdlet or command...
I have read some tricks on the internet to use different kind of quotes or backticks for the parameters, but nothing worked for me.
Can anyone please tell my what I am doing wrong here?
As you've hinted at, the issue here isn't that the syntax is icacls has changed in PowerShell but rather that PowerShell can act strangely when executing an external command (executable) that takes arguments.
There's several ways to handle arguments, one of which is to pass them as an array of strings:
$IcaclsArgs = #(
$MyFolder,
"/inheritance:r",
"/grant",
"$Domain\$($Env:Username):(OI)(CI)F",
"/T",
"/grant",
"SYSTEM:(OI)(CI)F",
"/T"
)
& icacls #IcaclsArgs
I wanted to ask how one would check who has access to subfolders in a certain directory on a server using either the CMD or Powershell?
For NTFS permissions I like to use the NTFSSecurity PowerShell Module as the output is similar to the windows permissions GUI.
It has simple commands for adding and removing permissions, which is an ugly process using the standard acls commands!
To see current NTFS permissions using this module:
Get-NTFSAccess -Path "\\server\share\folder"
Which would give an output like this:
You are looking for icacls. From cmd type icacls directoryname /t replacing directoryname with the actually directory name to display all of the access permissions for the directory and subdirectories. The /t flag specifies to look in subdirectories. For more info just type in icacls into cmd or look at this link: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/icacls