this seems to work. seems the easiest way to "clear" existing permissions
to start over by disabling the inherited permissions. a normal user cant
list and gets access denied if they try to open a specific file that they
know the path to. an admin can do anything. am i missing anything? is
Deny rights always override Allow rights in Windows ACLs. If a user is a
member of the Administrator group *AND* the Users group the deny you
applied on the 2nd win_acl task will cause an access is denied message. I'm
pretty sure by default an Admin account is a member of both and that's