Icacls Command In Windows Server 2008

In this article I am going to explain about Icacls command in Windows Server 2008 operating system and also explain it's related syntax.
  • 3369


Icacls command is available in Windows Server 2008, Windows 7 and Windows Vista. Icacls command is used to display, modify, backup and restore discretionary access control lists (DACLs) on specified files.

Note- Icacls command is updated version of cacls command so it resolves various issues that occur when using the older cacls command.


icacls <FileName> [/grant[:r] <Sid>:<Perm>[...]] [/deny <Sid>:<Perm>[...]] [ /remove[:g|:d]] <Sid>[...]] [/t] [/c] [/l] [/q]
[/setintegritylevel <Level>:<Policy>[...]] icacls <Directory> [/substitute <SidOld> <SidNew> [...]] [/restore <ACLfile> [/c] [/l] [/q]]

In above syntax

Parameter Description
<FileName> Specifies file for which discretionary access control lists is displayed.
/grant [:r] <Sid>:<Perm>[...] Grants access rights to specified users. The permissions will replace any previously granted explicit permissions. If :r is omitted than permissions will be added.
/deny <Sid>:<Perm>[...] Denies specified user access right, explicitly. It removes any explicit grant of the same permission or started permission.
/remove [:g |:d]] <Sid>[...]] [/t] [/c] [/l] [/q] Removes all occurrences of the specified user from the DACL.
:g removes all granted rights to the specified SID or user.
:d removes all denied rights to the specified SID or user.
/t Processes all specified files in the current directory and its subdirectories.
/c Operation is performed despite any file error. Error messages are still displayed.
/l Operation is performed on a symbolic link not its destination.
/q Suppress success messages.
 /setintegritylevel <Level>:<Policy>[...] Explicitly adds an integrity ACE to all matching files. Level is one of  Low, Medium or High.
<Directory> Specifies directory for which discretionary access control lists is displayed.
/substitute <SidOld> <SidNew> Existing SID is replaced with a new SID (SidOld).
/restore <ACLfile> [/c] [/l] [/q]
Apply the DACLS stored in ACLs to the files in specified directory.
/save <ACLfile> [/t] [/c] [/l] [/q] Stores DACLs for all matching files into ACLfile for later use with /restore.

Ask Your Question

Got a programming related question? You may want to post your question here

Programming Answers here


More Articles

© 2020 DotNetHeaven. All rights reserved.