0
My goal is to set up permissions on a user account profile to be readable by another user. I'm setting up such scheme for an automated backup purpose.
So, say I have two standard user accounts -- User A
that is a general user of the system, whose data will be backed up:
And BackupUser
that will be doing the backing up:
I want to set up permissions on the User A
's profile folder C:\Users\User A
to be readable by BackupUser
.
So I start a cmd
as administrator and run the following icacls command:
icacls "C:\Users\User A" /t /c /l /q /grant DESKTOP-69AQNQQ\BackupUser:(RX)
But it fails with errors of access denied to some folders.
OK. So I downloaded PSEXEC and first run my cmd
as SYSTEM
hoping to prevent access denied errors:
PSEXEC -i -s -d CMD
and then run the same command from it. But it still gives me the same errors:
So as a result when I try to copy the C:\Users\User A
folder from a process running under BackupUser
user account it fails with, you guessed it, "access denied" error.
So what am I doing wrong here?
PS. I'm doing these tests on Windows 10 Pro.
PS2. Here's the result of running whoami
on the cmd
prompt that I use for this:
PS3: And here's the output for icacls "C:\users\User A\Documents"
:
Can you try it with GUI? Right click user folder, and give permissions for read and execute. – edumgui – 2016-08-25T08:15:49.397
What's the output of
icacls "C:\users\User A\Documents"
? Administrators should have full access to this. If they have, your cmd.exe doesn't run elevated, check withwhoami /groups
– Peter Hahndorf – 2016-08-25T08:55:26.523@PeterHahndorf: I updated my OP with the
whoami
result. – c00000fd – 2016-08-25T19:31:04.6071All the "folders" it fails on are actually junctions that are only there for compatibility with older applications. You're not missing any data by not backing them up. – Ben N – 2016-08-25T19:33:56.470
@BenN: Hmm. That's interesting. Good point. Although, you see my issue is that when I try to copy
C:\users\User A
it fails because that folder contains those junctions thatUser A
doesn't have read-access to. There must be a way to set read permissions on them from theSYSTEM
account, right? – c00000fd – 2016-08-25T19:38:41.407