I hope someone can answer this once and for all, this is driving me mad for months now.
- Platform: Windows Server, any version. This problem doesn't happen on a workstation.
- Problem:
In a folder, whenever I create files while being Administrator (from command prompt or from a batch run "As Administrator", the user I am connected with cannot edit the files created. The set of permissions is missing my user with "Special permissions" (whatever that means), whereas this doesn't happen on a workstation. Why??
I tried many flavors of ICACLS, among which the one that comes back all the time in search results: ICACLS folder /reset /C /L /T and it doesn't help: my user still cannot edit the files unless it's in the set of permissions.
The only bypass I found is to force grant full access to my user like so: icacls folder /grant %USERNAME%@%USERDNSDOMAIN%:F /T /C /Q
The problem is that the set of permissions for files still doesn't match what they should be:
- missing CREATOR OWNER
- COMPUTERNAME\Users are missing inheritance ("Special Permissions")
Is there something I'm doing wrong?
What is the best practice when executing batches as admin, when you want the files created to have the same permissions as if you were not executing the batch as Administrator? Is it possible to actually reset the permissions to the way they should be without writing a batch with multiple conditions?