When you
add the :g argument, the system removes all grant ACEs associated with the SID. When you add
CHANGING FILE AND DIRECTORY ACCESS WITH THE ICACLS COMMAND 411
the :d argument, the system removes all deny ACEs associated with the SID. The default action
removes both grant and deny ACEs.
/SetIntegrityLevel Level[...] Adds an integrity ACE to all of the matching files. You
specify the integrity level as L (low), M (medium), or H (high). This option also accepts the inheritance
options of CI (container inherit) and OI (object inherit) when working with directories.
You may have noticed in Figure 15.2 that the Administrators group doesn??™t have full access to
the root directory. This is the default setting for Windows Server 2008, even the Server Core version.
Having this limitation in place does protect the drive from viruses, rootkits, and adware to
an extent, but can also prove encumbering when working at the command line as Server Core
demands. Use these steps to remove this restriction.
1. Type Takeown /A /F C:\ and press Enter. This command takes ownership of C:\ for the
Administrators group. You must take ownership or any attempt to change the access rights
for administrators will fail.
Pages:
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977