ICACLS – A magic command

One of our colleague was configuring Auditing on MSSQL Server using Arcsight (more info about the tool can be found here ) and one of the steps is to create SQLTRACE folder and SHARE the folder and provided the necessary permissions for Arcsight AD user to read the SQL Trace files, and then enable the Auditing in MSSQL server and see the files are generating in the SQLTRACE folder. All went well, he could see the files but Arcsight AD user couldn’t see the files.

One thing was very sure, this is related to permissions issue but how come ? If we see the permission on the SQLTRACE it exists (right click -> properties -> security ) and even the Advanced includes “Applies To” – “This folder, subfolder and files”  for that user, but the same doesn’t exits for the SQL trace files generated from MSSQL Server.

Then this magic command ICACLS actually did the trick.

Here is the actual command

icacls * /T /Q /C /RESET

That’s it ! It worked.

Cheers !



About Raheel Syed

Oracle DBA
This entry was posted in Auditing, Database Security and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s