Q: How can I remove all the permissions granted to a specific user or group from a file server?

A: It's easy—just use Icacls, a command-line utility available in Windows Vista and Windows Server 2003 SP2. For example, let’s say you want to remove any permissions mdemarco has on the F drive of your file server. Open a command prompt, and enter the following command:

icacls  f:\*.*  /remove mdemarco /T

Icacls will search every file and folder from the root of the F drive down and remove any permissions granted to or denied to mdemarco. Be careful not to remove deny permissions that could result in a user being able to access data they aren’t supposed to. If you want to remove only allow permissions, change the command to the following:

icacls  f:\*.*  /remove:g mdemarco /T

To remove only deny permissions, change /remove:g to /remove:d.