I'm having a problem with subinacl and was hoping someone could help. I've tried searching through this site and in various sites online and couldn't find the answer I was looking for. I think the problem I'm encountering might have something to do with how to identify wildcards? Also, I'm not really a technical person, but for some reason, people come to me with technical questions, so excuse me if I'm not really using the correct jargon.

I'm using Windows Server 2008 R2 Enterprise. I have a set of folders that were originally set up with certain permissions to restrict USERS from doing certain things in and to certain folders (moving the folders, deleting them, and/or creating new ones), but at some point, someone messed things up and the permissions changed, allowing USERS full access to everything. There are three kind of standard-ish sets of folders that are supposed to have restricted access (except there are exceptions for some folders where the fourth level also needs restricted access):

The first level contains folders named by years (i.e. we have a folder for each year). The second level are folders identified by names. The third level is a set of 10 standard folders.

The next level (and on) is supposed to be unrestricted so USERS have full access.

I tried using icacls to more or less "manually" change the permissions, but was unable to do exactly what I wanted. I was able to deny deleting folders, but they could still be moved. So I discovered subinacl, which is supposed to be more powerful?

I have a set of folders with the correct permissions set up. So I used subinacl to copy the permissions from the sample folder three times for each level.

"..\subinacl.exe" /noverbose /nostatistic /outputlog="folder\name.log" /subdirectories "sample_folder_name" /display

Then I tried to use subinacl (playfile) to clone the permissions from the created log files to the messed up folders. But because the names of the folders in level 2 are all different, I was hoping to use a wildcard.

• Level 1: +File X:\Projects\YEAR
• Level 2: +Subdirectories X:\Projects\YEAR\*.* (I also tried +File X:\Projects\YEAR\*.* and +Subdirectories X:\Projects\YEAR\* and +Subdirectories X:\Projects\YEAR\*\ because I read that \* and \*\ don't function the same way)
• Level 3: +Subdirectories X:\Projects\YEAR\*.*\*.* (I also tried +Subdirectories X:\Projects\YEAR\*\*.* and +Subdirectories X:\Projects\YEAR\*\*)
• Level 4: +Subdirectories X:\Projects\YEAR\*.*\*.*\*.*

But it seems like what is happening is the Level 2 command is applying to all the files under YEAR, so access is restricted for all folders, even Level 4. I was hoping I could use the asterisks as wildcards so I won't have to manually type all the names for each of the folders.

Please help? This is driving me nuts! Also, let me know if there's anything I can clarify or if having additional information would be helpful to produce a solution.