I'm attempting to test some filesystem exceptions in a Java based application.
I need to find a way to create a directory that is located under %TMP% that is set to read-only.
Essentially on UNIX/POSIX platforms, I can do a chmod -w and get this effect. Under Windows 7/NTFS this is of course a different story.
I'm running into multiple issues on this. My user has "administrative" right (although this may not always be the case) and as such the directory is created with an ACL including:
NT AUTHORITY\SYSTEM
BUILTIN\Administrators
<my current user>
Is there a way using icacls to essentially get this directory into a state where it is read-only PERIOD, do my test, then restore the ACL for removal?
EDIT
With the information provided by @Ansgar Wiechers I was able to come up with a solution.
I used the following:
icacls dirname /deny %username%:(WD)
In the page located here I found this in the remarks section:
icacls preserves the canonical order of ACE entries as:
* Explicit denials
* Explicit grants
* Inherited denials
* Inherited grants
By performing the above icalcs command, I was able to set the current user's ability to write or append files (WD) to the directory to deny.
Then it was a question of returning it to a state post test:
icacls dirname /reset /t /c
Done
