19

I have a batch file that does the following:

@IF EXIST "C:\Program Files\MyAppFolder" (
  icacls "C:\Program Files\MyAppFolder" /inheritance:r
  icacls "C:\Program Files\MyAppFolder" /GRANT SYSTEM:(CI)(OI)(F)
  icacls "C:\Program Files\MyAppFolder" /GRANT Administrators:(CI)(OI)(F)
)

Individually the commands work fine but put together like this in an IF statement I get this error and the script stops in its tracks:

(OI)(F) was unexpected at this time.

If I just have a single command in the IF statement then it works fine.

I'm guessing that you're only permitted one statement between the IF parenthesis?

This happens on Windows 2008 and Windows 2003 (with the ICACLS hotfix).

Improve this question

2 Answers 2

Reset to default
33

The shell seems to think that the ) in the third line of your command is the closing parenthesis for the one opened in the first line. You need to quote the arguments containing parenthesis:

@IF EXIST "C:\Program Files\MyAppFolder" (
  icacls "C:\Program Files\MyAppFolder" /inheritance:r
  icacls "C:\Program Files\MyAppFolder" /GRANT "SYSTEM:(CI)(OI)(F)"
  icacls "C:\Program Files\MyAppFolder" /GRANT "Administrators:(CI)(OI)(F)"
)
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Bloody obvious and I should have known better :) Thanks.
It is 2017 and people like me still need this.. it definitely was not obvious!!
For usernames with spaces (for example "IIS AppPool\PoolName", use separate inverted commas for sid & perm: /GRANT "SYSTEM":"(CI)(OI)(F)"
0

The above answer won't work if you need to assign permissions to a user with a space in their name (EG: "CREATOR OWNER")

A better solution is to use a function with call:

@ECHO OFF

IF EXIST "C:\Program Files\MyAppFolder" (
   CALL:Permissions
)

GOTO:eof

:Permissions
   icacls "C:\Program Files\MyAppFolder" /inheritance:r
   icacls "C:\Program Files\MyAppFolder" /GRANT SYSTEM:(CI)(OI)(F)
   icacls "C:\Program Files\MyAppFolder" /GRANT Administrators:(CI)(OI)(F)
   GOTO:eof

The GOTO:eof is required at the end of the function.

Detailed information on functions in batch can be found here.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.