I am looking at using icacls.exe. However, before proceeding, I wanted clarification on the difference between these two ACL's:
(OI) - object inherit
(CI) - container inherit
I am looking at using icacls.exe. However, before proceeding, I wanted clarification on the difference between these two ACL's:
(OI) - object inherit
(CI) - container inherit
These flags control the inheritance of ACLs. There are other flags, too-- IO and NP. You can see more about them in the article I link below.
In short, access control entries (ACEs) flagged only with "Object Inheritance" apply that ACE to files in a folder, but not subfolders within that folder. ACEs flagged only with "Container Inheritance" apply that ACE to subfolders of the folder but not files.
There are several more permutations possible, too. You can see more verbose, human-readable descriptions here:
https://web.archive.org/web/20111202234528/http://support.microsoft.com/kb/220167
https://msdn.microsoft.com/en-us/library/ms229747(v=vs.100).aspx