Set Folder security through RES workspace manager using Icacls
Folder security for applications can always be a challenge, when working in a business environment. Users often don’t have all the local access, so during a package process you have to know where and what kind of permissions an application requires.
With this knowledge I faced the following challenge:
“What if your virtualized application needs extra permissions on a local folder and you also need to access this folder from outside of the bubble?”
Of course there are several ways to do this, but I want to share a solution which I implemented at a customer. A solution I think is very easy to change and to manage.
Within RES Workspace manager I created a Managed Application with the following settings:
Properties – General Tab:
Title | Set local Permissions |
Description | Icacls to set local file permissions |
Command-line | C:WindowsSystem32icacls.exe |
Parameters | “C:Program FilesFoldername*” /grant domainsecurity-group:(F) /T |
Check at least the following:
– Application is enabled
– Do not show in “New Applications”
– AutoLaunch ALL users
– Hide application
Access Control:
Add the proper security group
Security – Dynamic Privileges Tab:
Set Access token to: “Add administrator rights”
That’s it! Every time the user logs on, the permissions will be set on the proper file/folder.
For more info about Icacls.exe, visit: cacls – Wikipedia, the free encyclopedia