#!C:/Perl/bin/perl use strict; # win_icacls.pl # put the name of your privileged user or group in variable $PRIV_USER my $PRIV_USER = " "; # put the names of all the hosts you want to work on here (separate by spaces): my @hostnames = qw(); my $removeInheritance = ' /inheritance:d'; my $removePermissions = ' /remove everyone /remove users /remove "power users"'; my $grantPermissions = ' /grant "$PRIV_USER":m /T'; # First delete all the inherited permissions # Then delete all permisssions # Then assign the specific permissions you want to assign # How it looks on command line: # In this example the SHARENAME is C$ # icacls "\\hostname\c$\Program Files\directory_path\Program Directory" /inheritance:d # icacls "\\hostname\c$\Program Files\directory_path\Program Directory" /remove everyone /remove users /remove "power users" # icacls "\\hostname\c$\Program Files\directory_path\Program Directory" /grant "$PRIV_USER":m /T my @programPaths = ('Program Files\7-Zip', 'Program Files\7-Zip\Lang' ); my @commands; $commands[0] = $removeInheritance; $commands[1] = $removePermissions; $commands[2] = $grantPermissions; my @hostnames = qw(); # for (1..22) { for (@hostnames) [ my $hozt = $_; print "\nWorking on host $hostz\n"; for (@programPaths) { my $programPath = $_; my $caclstring = qq|\\\\$hostz\\c\$\\|; my $command = '"' . $caclstring . $programPath . '"' . $commands[0]; print "\nExecuting icacls $command\n"; `icacls $command`; $command = '"' . $caclstring . $programPath . '"' . $commands[1]; print "\nExecuting icacls $command\n"; `icacls $command`; $command = '"' . $caclstring . $programPath . '"' . $commands[2]; print "\nExecuting icacls $command\n"; `icacls $command`; } } print "Script complete\n"; exit (0);