Using the command line, I would like to write a simple script that creates two folders C:\$X.~01 and C:\$X.~01 and then maybe uses the icacls command to set the permissions on both folders such that neither folder may be read, written or modified in any manner except specifically by a single logged-in human Administrator called "Admin". Even that specific Administrator account should be able to do only one limited action, which would be to view then entirely delete the folders. The restriction on the folders should propagate down into anything stored within the folders. Essentially I want to prevent any automated program or other user (or even the system itself) coming along and creating those folders by itself. Is this possible using icacls command? So far I have Code: cd\ mkdir C:\$X.~01\ mkdir C:\$X.~02\ icacls C:\$X.~01\*.* /T /grant administrators:F icacls C:\$X.~02\*.* /T /grant administrators:F pause ..but this just creates the folders with full admin permissions? it's the correct syntax to *remove* all permissions from the folders and anything inside them, I'm looking for.