I have a folder that contains bunch of *.exe and *.dll files (not necessarily all in root) and I want to ForbidWrite to {S-1-1-0} (Everyone) on all these files.
I've tried:
Get-ChildItem -Path c:\my\path\ -Filter *.exe -Recurse -ErrorAction SilentlyContinue -Force | Foreach {icacls $_.fullname /deny"Authenticated Users:(w)"}however this does something weird - I can no longer run the executable, instead of just not being able to write into it.
I found a similar issues, but there is no answer
https://stackoverflow.com/questions/67301987/deny-write-to-everyone-blocking-also-read-access-icacls
https://stackoverflow.com/questions/48504651/icacls-deny-de-and-d-doesnt-work
UPD: to clear this up, I just want to either set (with add if not present) Authenticated Users to Deny:Write and that is but it proves to be impossible task