WINDOWS PERMISSIONS WITH ICACLSWINDOWS permissions with icacls.
When permissions in WINDOWS is FUBAR'd, start from scratch by resetting the permissions as they would be if nothing has changed.
RESET PERMS FOR DIR RECURSIVELY
icacls folder-name-here /t /reset
Now, from this point if you would like to add a USERNAME or GROUPNAME:
ADD FULL PERMS FOR DIR RECURSIVELY
(doesn't change existing)
icacls folder-name-here /grant username-or-groupname:f /t
If you want to set permissions explicitly as you tell it to:
REMOVE INHERITANCE | GRANT USERNAME | (CI) ENSURES NEW ITEMS WILL HAVE THESE PERMS
(changes everything from scratch)
icacls foo-folder /inheritance:r /grant username:(ci)f /t
EXAMPLE
(This is probably what you want. The SYSTEM, OWNER, ADMINISTRATORS all have FULL CONTROL. The USERNAME has READ-ONLY-CONTROL).
icacls foo-dir /inheritance:r /grant "creator owner":(CI)(CI)F system:(CI)(CI)F administrators:(CI)(CI)F other-username-for-full-control:(CI)(CI)F other-groupname-for read-control:(CI)(CI)RX /T
BONUS:
If you need to take ownership beforehand, you can do so by the following:
takeown /f top-folder-name /r /d y
or:
takeown /f "c:\foo folder" /r /d y