Icacls Command In Windows Server 2008
In this article I am going to explain about Icacls command in Windows Server 2008 operating system and also explain it's related syntax.
Icacls command is available in Windows Server 2008, Windows 7 and Windows Vista. Icacls command is used to display, modify, backup and restore discretionary access control lists (DACLs) on specified files.
Note- Icacls command is updated version of cacls command so it resolves various issues that occur when using the older cacls command.
icacls <FileName> [/grant[:r] <Sid>:<Perm>[...]] [/deny <Sid>:<Perm>[...]] [ /remove[:g|:d]] <Sid>[...]] [/t] [/c] [/l] [/q]
[/setintegritylevel <Level>:<Policy>[...]] icacls <Directory> [/substitute <SidOld> <SidNew> [...]] [/restore <ACLfile> [/c] [/l] [/q]]
In above syntax
||Specifies file for which discretionary access control lists is displayed.
|/grant [:r] <Sid>:<Perm>[...]
||Grants access rights to specified users. The permissions will replace any previously granted explicit permissions. If :r is omitted than permissions will be added.
||Denies specified user access right, explicitly. It removes any explicit grant of the same permission or started permission.
|/remove [:g |:d]] <Sid>[...]] [/t] [/c] [/l] [/q]
||Removes all occurrences of the specified user from the DACL.
:g removes all granted rights to the specified SID or user.
:d removes all denied rights to the specified SID or user.
||Processes all specified files in the current directory and its subdirectories.
||Operation is performed despite any file error. Error messages are still displayed.
||Operation is performed on a symbolic link not its destination.
||Suppress success messages.
| /setintegritylevel <Level>:<Policy>[...]
||Explicitly adds an integrity ACE to all matching files. Level is one of Low, Medium or High.
||Specifies directory for which discretionary access control lists is displayed.
|/substitute <SidOld> <SidNew>
||Existing SID is replaced with a new SID (SidOld).
|/restore <ACLfile> [/c] [/l] [/q]
Apply the DACLS stored in ACLs to the files in specified directory.
|/save <ACLfile> [/t] [/c] [/l] [/q]
||Stores DACLs for all matching files into ACLfile for later use with /restore.
Ask Your Question
Got a programming related question? You may want to post your question here
Programming Answers here