Windows 7 blocking folders with icacls

nginmu

New Member
Using the command line, I would like to write a simple script that creates two folders C:\$X.~01 and C:\$X.~01 and then maybe uses the icacls command to set the permissions on both folders such that neither folder may be read, written or modified in any manner except specifically by a single logged-in human Administrator called "Admin". Even that specific Administrator account should be able to do only one limited action, which would be to view then entirely delete the folders.

The restriction on the folders should propagate down into anything stored within the folders.

Essentially I want to prevent any automated program or other user (or even the system itself) coming along and creating those folders by itself.

Is this possible using icacls command?

So far I have

Code:
cd\
mkdir C:\$X.~01\
mkdir C:\$X.~02\
icacls C:\$X.~01\*.* /T /grant administrators:F
icacls C:\$X.~02\*.* /T /grant administrators:F
pause

..but this just creates the folders with full admin permissions? it's the correct syntax to *remove* all permissions from the folders and anything inside them, I'm looking for.
 
Last edited:
Essentially I want to prevent any automated program or other user (or even the system itself) coming along and creating those folders by itself.
its not possible within Windows to have a folder that nobody has control over... the default in w7 is administrator
 
I'm trying to block the upgrade to Windows 10, by attempting to pre-empt the creation of the two folders it uses to preload the installation files. I figured if they're already there and they're locked, it won't be able to proceed.
 
The simple way to block GWX on w7pro is to join a domain... this disables the app because Microsoft does not want to piss off business customers

if you have a non-pro version or don't want to join a domain for whatever reasion then your next best bet is a group policy edit... in any event you should make a back up first then find a code that matches the windows copy you use... don't just google the first regedit code | app you see and assume because they are only good on the right build.
 
Sounds good, thanks for the info :) I'm working on a Windows 7 Ultimate SP1 x64 machine - I'll go google, but if you have any pointers regarding how to join a domain that'd be helpful. I'm not so hot on the commercial side of Windows.
 
Back
Top