![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 51%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZW%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 61%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHP%3C/text%3E%3C/svg%3E)
Hello Zenith, I strongly recommend taking a full backup or snapshot of the file server before making any changes. It's also wise to test the command on a small, non-critical set of folders first.
The core command you would use looks like this, run from an elevated Command Prompt:
icacls "D:\YourRootFolder\*" /inheritance:r /grant:r "Domain\Group1":(R) "Domain\Group2":(R)
However, this basic example has a significant drawback: you must list every single group explicitly to grant them read permission. A more practical and safer approach is a two-step PowerShell script that:
Removes all existing explicit permissions.
Grants a specified set of groups read-only access.
Given the complexity and risk, using a well-tested PowerShell script is the recommended method for a task of this scale. Would you like me to provide a sample script structure for this two-step process?
Hope this points you in the right direction. If this answer is helpful, please feel free to mark it as accepted :)