I use the following command (in an admin batch file) to grant all users (specifically users on the network) full access to a folder and all its contents:
Icacls %fold% /grant Everyone:F /inheritance:e /T
However, it is not applying these settings to files newly created. What am I missing in the Icacls command?
The /inheritance option only defines whether the item will receive ACL entries from its parent, but has nothing to do with whether it'll provide its own ACEs to be inherited by children.
Instead you need to mark each ACL entry as inheritable, separately for child files ((OI) for object inherit) and subfolders ((CI) for container inherit):
icacls The_folder /grant "Everyone:(OI)(CI)F"
This is equivalent to the "Inherit: [Files and subfolders]" drop-down in Properties – Security – Advanced.
icacls will automatically propagate such "inheritable" ACEs, so the /t option is unnecessary and should not be used.
