Unrelated to my issues with RunAs.

I'm trying to give read permissions to my non-admin account, however when I do that with Cacls it only allows me to view the Folder in question but not any subfolders and files. I don't want to put the admin files in the shared Folders for good reason, don't want the world to be able to view and change them.
What I've found thus far is that, I have to change RIGHTS For each subfolder. and when I do this, The Admin loses the SID, and thus the Permissions on the OWNING (Admin Account) Folders. How can I affectivley view and possibly change these files from a General user account?

Is it possible? Can I do it with cacls? And what other methods are possible?

If I'm missing something about the way NTFS permissions work, I welcome any criticism or suggestions.

Hello again. Believe it or not, it might be related with your RunAs issues. That thing we did invoking MMC to execute the .MSC is called a "snap-in". You could build a custom MMC console file, specifying general access options for the user. I suggest you to read all you can about this Management Consoles.

I understand the principles of Snap-ins. In fact they're covered Lightly in the expensive Microsoft press Books I purchased. How ever, these texts don't do much to explain the relationships to other programs. If that makes sense at all.

My Primary goal of these exercizes, was to understand the command line better so that I might wright some useful scripts. Granted I'm still wondering about the use of Cacls. If you have another Link to Microsoft I'll take it.

I'll try not to ask to much of the same or related questions. And I hear that Oreilly texts have much better coverage.
It's helpful to communicate with someone that knows what ther're talking about.

[size=6][font=Comic Sans Ms] I found out it that I could allow permission based on file properties themselves in the absence of the Command line or a Snap-in. I will contiue to read about snap-ins to see if there's a way to enable Non- Admin rights that way.

I imagine it's more complicated than the method of using the File's Properties dialogue box. It would be nice to use tho if I'm concerned about secondary logon service. (For Security Reasons)

Thanks for the insight Cyclica!