1

Context: Windows 10 pro, NTFS, no networking involved, my own computer, I'm the only user.

After installing Vagrant in d:\vagrant, I created a subdirectory (d:\vagrant\guests), then discovered that it unexpectedly has the following inherited permissions:

SYSTEM: full control (everything allowed, nothing denied)

Administrators: same as System

Users: Read & Execute, List folder contents, and Read are checked... nothing else is allowed, nothing is denied.

I want to give myself full control over that newly-created subdirectory and everything that ultimately gets created in it... WITHOUT having to always explicitly run Vagrant as administrator, and without changing the default permissions granted to members of "Users".

Put another way, what is the Windows equivalent of chmod 755 d:\vagrant\guests

Implied details that might or might not be significant: d:\vagrant was created by Vagrant's .msi installer; d:\vagrant\guests was created by me in a non-elevated cmd.exe shell; my user is the one Windows presumably regards as "Administrator" (created at installation time, the only user on the system).

Improve this question

1 Answer 1

Reset to default
0

Your user created at install time is part of Administrators goup - it is not the Administrator.

If you want to have access to a directory owned by another without security prompts then you need to take ownership and give yourself full authority. You can then change ownership back it you want.

Take ownership with takeown :

takeown /f "d:\vagrant\guests" /r

Then grant the authority you want with icacls,

Reset to default to get rid of any previous changes (/t means recurse)

icacls "d:\vagrant\guests" /reset /t

Give yourself full authority :

icacls "d:\vagrant\guests" /grant "%USERDOMAIN%\%USERNAME%":(F) /t

Make sure inheritance is enabled :

icacls "d:\vagrant\guests" /inheritance:e /t

Now perhaps you want to remove some group authority (but perhaps not)

icacls "d:\vagrant\guests" /remove:g "BUILTIN\Administrators" /t
icacls "d:\vagrant\guests" /remove:g "NT AUTHORITY\SYSTEM" /t
icacls "d:\vagrant\guests" /remove:g "NT AUTHORITY\Authenticated Users" /t

Then check :

icacls "d:\vagrant\guests" /t

Then if you want change ownership back

icacls "d:\vagrant\guests" /setowner "BUILTIN\Administrators" /t
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .