# Removing group permissions for both Shares and NTFS



## BeaumontTX (Jul 26, 2013)

My work has a requirement that no rights shall be granted by use of the "Everyone" group for both folder level NTFS permissions and network shares, so I am examining our systems for compliance.

It's occurred to me that it would be much preferable to simply remove the Everyone permissions wholesale because the alternative is a nightmare. I did some basic research prior to posting, and it's supposed to be possible to remove the NTFS permissions all at once through the command prompt by something like this:


```
icacls c:\* /remove:g Everyone /T /C
icacls d:\* /remove:g Everyone /T /C
```
Running the code seems successful, but is it? Time for validation testing, but I've already 'removed' the Everyone granted permissions.

So:


```
icacls c:\temp\* /grant:r Everyone:(F) /T /C
icacls c:\temp\*
```
And icacls c:\temp\* shows Everyone having Full, so I decided to go ahead and remove the new permissions in the folder permissions ( Right-click temp > Security Tab ). To my surprise the new permissions weren't listed. What's going on here? Why can't I see these command line created/removed permissions in the gui representations?

Also, does anyone know how to remove Everyone from the network shares ( or replace Everyone with Authenticated Users) via command line? It'll be painful to implement/verify by going through shares one at a time through Computer Management.

Thanks in advance for any tips.


----------



## BeaumontTX (Jul 26, 2013)

Also, if it helps anyone, currently our Server OS is 2003.


----------

