I attached an hdd to my win7 machine and assigned the drive letter I:
to the only partition on the hdd. The hdd was originally from another computer, and to avoid all those "you don't currently have permission…" dialogs, I decided to use icacls
to clear all ACLs.
I ran icacls I:\ /reset /t /c /l
. After a while, Chrome stopped working. Safari crashed. I traced the problem and find that the ACLs of my home folder (in C:\Users
) are all messed up. Chrome and Safari couldn't write to their cache folder. I fixed the ACLs of my home folder and everything seems to be OK now.
Why would icacls
mess with my home folder when I specifically told it to work on the I:
drive? I have even put in the /L
switch so that it won't resolve symbolic links. Did I misunderstood the switch?
For your reference, below is the relevant parts of the help screen.
ICACLS name /reset [/T] [/C] [/L] [/Q]
replaces ACLs with default inherited ACLs for all matching files.
/T indicates that this operation is performed on all matching
files/directories below the directories specified in the name.
/C indicates that this operation will continue on all file errors.
Error messages will still be displayed.
/L indicates that this operation is performed on a symbolic link
itself versus its target.
Best Answer
OK I found the answer...
The hidden
Documents and Settings
inI:\
is a junction pointing toC:\Users
. The target of the junction is an absolute path (as opposed to a relative path). Since/L
takes care of symbolic links only,icacls
resolvedI:\Documents and Settings
intoC:\Users
and reset all the ACLs there.Therefore, never use
icacls
unless you have examined all the junctions in the folder you wanticacls
to work on! This makesicacls
practically useless as a recursive ACLs modification tool... If the folder contains a junction pointing toC:\
deep inside the folder structure, you could have killed your Windows without even knowing why!