Icacls Command In Windows Server 2008
In this article I am going to explain about Icacls command in Windows Server 2008 operating system and also explain it's related syntax.
Introduction
Icacls command is available in Windows Server 2008, Windows 7 and Windows Vista. Icacls command is used to display, modify, backup and restore discretionary access control lists (DACLs) on specified files.
Note- Icacls command is updated version of cacls command so it resolves various issues that occur when using the older cacls command.
Syntax
icacls <FileName> [/grant[:r] <Sid>:<Perm>[...]] [/deny <Sid>:<Perm>[...]] [ /remove[:g|:d]] <Sid>[...]] [/t] [/c] [/l] [/q]
[/setintegritylevel <Level>:<Policy>[...]] icacls <Directory> [/substitute <SidOld> <SidNew> [...]] [/restore <ACLfile> [/c] [/l] [/q]]
|
In above syntax
| Parameter |
Description |
| <FileName> |
Specifies file for which discretionary access control lists is displayed. |
| /grant [:r] <Sid>:<Perm>[...] |
Grants access rights to specified users. The permissions will replace any previously granted explicit permissions. If :r is omitted than permissions will be added. |
| /deny <Sid>:<Perm>[...] |
Denies specified user access right, explicitly. It removes any explicit grant of the same permission or started permission. |
| /remove [:g |:d]] <Sid>[...]] [/t] [/c] [/l] [/q] |
Removes all occurrences of the specified user from the DACL.
:g removes all granted rights to the specified SID or user.
:d removes all denied rights to the specified SID or user. |
| /t |
Processes all specified files in the current directory and its subdirectories. |
| /c |
Operation is performed despite any file error. Error messages are still displayed. |
| /l |
Operation is performed on a symbolic link not its destination. |
| /q |
Suppress success messages. |
| /setintegritylevel <Level>:<Policy>[...] |
Explicitly adds an integrity ACE to all matching files. Level is one of Low, Medium or High. |
| <Directory> |
Specifies directory for which discretionary access control lists is displayed. |
| /substitute <SidOld> <SidNew> |
Existing SID is replaced with a new SID (SidOld). |
| /restore <ACLfile> [/c] [/l] [/q] |
Apply the DACLS stored in ACLs to the files in specified directory.
|
| /save <ACLfile> [/t] [/c] [/l] [/q] |
Stores DACLs for all matching files into ACLfile for later use with /restore. |
Ask Your Question
Got a programming related question? You may want to post your question here
Programming Answers here