Use cacls to modify file access control permissions

Nowadays, more and more users use the NTFS file system to enhance the security of Windows systems. Generally, the file or directory access control permission is set on the "Security" tab of the graphic user interface (GUI. Another setting method is rarely used. This is the cacls command. Although it is a command based on the command line, it is a little tedious to use, but as long as you make reasonable use of it, it will also play a very good effect in improving system security. The format of the cacls command is as follows:
Cacls filename [/T] [/E] [/C] [/g User: perm] [/r user [...] [/P User: perm [...] [/d user [...]

Filename -- display the access control list (ACL);/t -- change the ACL of the specified file in the current directory and all its subdirectories;/e -- edit the ACL without replacing it; /c -- continue when an access denial error occurs;/g User: perm -- Grant the specified user access permission. Perm can be R (read), w (write), C (change, write), F (full control ); /r user -- revoke the access permission of the specified user (only used with/E);/P User: perm -- replace the access permission of the specified user; /d user -- deny access from the specified user.

1. view the Directory and ACL

Taking Windows XP as an example, the author uses the cacls command to view the CCE Directory Access Control permission of the e-disk. Click Start> Run. In the run dialog box, enter the CMD command. In the command prompt dialog box that appears, enter the cacls CCE command at the E: \> prompt, the user group and the user's access control permissions to the CCE directory in Windows XP are listed. To view all the file access control permissions in the CCE directory, enter the "cacls CCE \." command.

2. Modify the Directory and ACL

Set User Access Permissions: we often need to modify the access permissions of directories and files, which can be easily achieved by using the cacls command. The following grants the local user DOTNET full control permissions on the files in the backup directory and all subdirectories of the edisk. In the command prompt dialog box, enter the cacls "E: \ backup"/T/E/C/g DOTNET: F command.

Replace the user access permission: Replace the full control permission of the local user DOTNET with the read-only permission. In the command prompt dialog box, enter the cacls "E: \ backup"/T/E/C/p dotnet: R command.

Revoke User Access Permissions: To revoke full control permissions of the local user DOTNET to this directory, run cacls "E: \ backup "/T/E/C/r dotnet.

Deny User Access: To deny user DOTNET access to files in the backup directory and all its subdirectories, run
Cacls "E: \ backup"/T/E/C/d dotnet.

In Windows2003
Compiler error message: cs0016: failed to write the output file ..... most of the time, it is because c: \ windows \ Temp does not have the permission for the network service, so we can use this batch to solve the problem.
Cacls "C: \ WINDOWS \ Temp"/T/E/C/g everyone: F
The above is just a brief introduction to the use of the cacls command. We suggest you try it yourself and you will find that it has many wonderful functions.