psexec icacls remote computer

Set proper permissions in IIS 7.x on a remote computer

We will be using psexec icacls on the remote comptuer

Objective: Grant NT AUTHORITY\NetworkService the proper permissions for a particular website on “somecomputer” using credentials “somedomain\someuser somepassword”

The Command to Run

psexec -u somedomain\someuser -p somepassword -e \\somecomputer cmd /c (^
mkdir c:\temp1\Common ^
& icacls c:\temp1\Common /grant "NT AUTHORITY\NetworkService":^^(OI^^)^^(M^^) ^
& icacls c:\temp1\Common /grant "NT AUTHORITY\NetworkService":(CI^^)^^(M^^) ^
& icacls c:\temp1\Common /grant "NT AUTHORITY\NetworkService":^^(OI^^)^^(CI^^)^^(M^^) ^

What if we want to do this through jenkins?

On the remote computer set up c:\admin_scripts\permfix.bat file with contents

@echo off
echo Permissions Before:
icacls C:\temp1\Common | find "NETWORK SERVICE"
echo Fixing Permissions ...
icacls C:\temp1\Common /grant "NT AUTHORITY\NetworkService":(OI)(M)
icacls C:\temp1\Common /grant "NT AUTHORITY\NetworkService":(CI)(M)
icacls C:\temp1\Common /grant "NT AUTHORITY\NetworkService":(OI)(CI)(M)
echo Permissions After:
icacls C:\temp1\Common | find "NETWORK SERVICE"

On Jenkins Machine set up job like this, each command should be separate windows batch command

psexec -u somedomain/someuser -p somepw -e \\remotehost cmd /c "c:\admin_scripts\permfix.bat >>c:\console.log 2>&1" -i 1 -accepteula
net use \\remotehost\c$ /USER:somedomain/someuser somepw
type \remotehost\c$\console.log

Leave a Reply

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    Markdown is turned off in code blocks:
     [This is not a link](

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>