This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 80%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
I have a run.bat file where I have disabled inheritance option and I have restricted folder access to different type of users. Even restricted to Authenticated users. But when I save the file on c drive on a domain joined device, automatic authenticated users get full permission. Can I have some clue how it is?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 36%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
@Santhosh B S I am reaching out to see if you have any further questions. If so, please let us know and we will be glad to assist further. If the below answer was helpful, please make sure to Accept it as answer as it helps other members in the community. Thank you!
@Santhosh Basavarajappa Just checking in to see if the below answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello,
In this case, you need to use specific parameters to copy the file and also its ACL permissions.
If you copy with XCOPY you need to use the command line XCOPY /o or XCOPY /x
--If the reply is helpful, please Upvote and Accept as answer--
@Santhosh B S Thanks for reaching out to Microsoft Q&A.
The issue you are facing is because of the default permissions assigned to the Authenticated Users group. The Authenticated Users group has the following permissions on the root directory of a file share:
NT AUTHORITY\Authenticated Users:(OI)(CI)(M)
Please refer to this doc- https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/storage/files/storage-files-identity-ad-ds-configure-permissions.md
This means that Authenticated Users have Modify permissions on the root directory of a file share. When you save the run.bat file on the C drive on a domain-joined device, the Authenticated Users group automatically gets full permission to the file.<sup>[0]</sup>
If you want to restrict access to the run.bat file, you can use Windows ACLs to configure directory and file-level permissions for Active Directory authentication to Azure file shares.
Hope this helps. If you have further questions, please do let me know. Thank you!
Team, How can I use Xcopy command to copy run.bat from one location to remote devices (multiple devices)? Need a script .....