Hi Guys I have written a simple batch script to lock down a folder so that domain users cannot access it, and the script works as expected. What I have found after deploying it to the users is that the script makes its way to the PC's targeted but for some reason a percentage of unknown number of PC's do not kick off the script and on others it does. Yet the KACE log shows that the PC's have run the script. I then login to some of the PC's that have receive the script but have not run, then deploy the script again via KACE and then it runs successfully...??? Why would this be? Is there a way to track the effect of the script via KACE so that we can find out which ones have "Actually" run vs the PC's that have not and or vice versa?

Redacted version of the batch script

icacls "C:\Program Files\x\x\x\rdata\archive" /reset /T
icacls "C:\Program Files\x\x\\rdata\archive" /deny "jdg\domain users":(OI)(CI)f
icacls "C:\Program Files\x\x\x\rdata\archive" /grant:r "CREATOR OWNER":(oi)(ci)f
icacls "C:\Program Files\x\x\x\rdata\archive" /grant:r "SYSTEM":(oi)(ci)f
icacls "C:\Program Files\x\x\x\rdata\archive" /grant:r "Users":(oi)(ci)f
icacls "C:\Program Files\x\x\x\rdata\archive" /grant:r "administrators":(oi)(ci)f
icacls "C:\Program Files\x\x\x\rdata\archive" /inheritance:r

2 Comments   [ - ] Hide Comments


  • Does the KACE agent have rights to preform this task?
  • Thanks Guys for the input, Flag makes it easier to track on which PC's it applies, just worried as to why it would not apply after deployment on some PC's.
Please log in to comment

Answer this question or Comment on this question for clarity


Try specifying the full path to icacls.exe - never rely on any environment variables when deploying via a system account.
Answered 09/30/2015 by: EdT
Red Belt

Please log in to comment
If you *have* to use batch and its primitive - or, in this case, non-existent - error handling, you could write a flag file to a location. If the file doesn't exist on script completion, it would probably be fair to assume that it didn't complete successfully.
Answered 10/01/2015 by: VBScab
Red Belt

Please log in to comment