Q: How can I remove all the permissions granted to a specific user or group from a file server?
A: It's easyâ€”just use Icacls, a command-line utility available in Windows Vista and Windows Server 2003 SP2. For example, letâ€™s say you want to remove any permissions mdemarco has on the F drive of your file server. Open a command prompt, and enter the following command:
icacls f:\*.*Â /remove mdemarco /T
Icacls will search every file and folder from the root of the F drive down and remove any permissions granted to or denied to mdemarco. Be careful not to remove deny permissions that could result in a user being able to access data they arenâ€™t supposed to. If you want to remove only allow permissions, change the command to the following:
icacls f:\*.*Â /remove:g mdemarco /T
To remove only deny permissions, change /remove:g to /remove:d.