Set Folder security through RES workspace manager using Icacls

Set Folder security through RES workspace manager using Icacls

Folder security for applications can always be a challenge, when working in a business environment. Users often don’t have all the local access, so during a package process you have to know where and what kind of permissions an application requires.

With this knowledge I faced the following challenge:
“What if your virtualized application needs extra permissions on a local folder and you also need to access this folder from outside of the bubble?”

Of course there are several ways to do this, but I want to share a solution which I implemented at a customer. A solution I think is very easy to change and to manage.

Within RES Workspace manager I created a Managed Application with the following settings:

Properties – General Tab:

Title Set local Permissions
Description Icacls to set local file permissions
Command-line C:WindowsSystem32icacls.exe
Parameters “C:Program FilesFoldername*” /grant domainsecurity-group:(F) /T

Properties – Setting Tab:

Check at least the following:

–          Application is enabled
–          Do not show in “New Applications”
–          AutoLaunch ALL users
–          Hide application


Access Control:

Add the proper security group



Security – Dynamic Privileges Tab:

Set Access token to: “Add administrator rights”



That’s it! Every time the user logs on, the permissions will be set on the proper file/folder.

For more info about Icacls.exe, visit: cacls – Wikipedia, the free encyclopedia

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.