CMD command to transfer permissions to a folder

It is not possible to ensure that your disk partition format is Ntfs.fat32.
I. Use of the Cacls.exe command
This is a command that can be used under the Windows 2000/xp/server 2003 operating system to display or modify
Access control tables for files, you can use wildcards to specify multiple files in a command, or you can specify multiple users in a command.
The command syntax is as follows:

CACLS filename [/T] [/E] [/C] [/g usererm] [/R user [...]] [/P Usererm [...]] [/d User [...]]

Filename: Displays the access control list (ACL)

/T: Changes the ACL of the specified file in the current directory and all its subdirectories

/e: Edit the ACL without replacing

/C: Continue when an Access Denied error occurs

/g userer:perm: gives the specified user access rights, perm represents different levels of access, the value can be r (read), W (write), C (change, write), F (Full Control), etc.

/R User: Revoke access to the specified user, note that this parameter is only valid when used with "/E".

/P User:perm: Replaces the access rights of the specified user, perm the meaning of the previous, but adds an "N (none)" option.

/d User: Denies access to the specified user.



①: View access control permissions for a folder

To view access control permissions for the C:\ruery folder, simply type the following command in the start → Run dialog box or switch to command prompt mode:
Cacls C:\ruery

At this point, we see all user groups and user Access control permission entries to the C:\ruery folder.
CI indicates that the ACE is inherited by the directory.
Oi means that the ace is inherited by the file.
IO indicates that ACI does not apply to the current file or directory.
The letters at the end of each line represent control permissions, such as "F" for Full Control, "C" for changes, and "W" for writing. " R "means read

If you want to view access control permissions for all files in that folder, including files in subfolders (see Figure 1), you can type "Cacls C:\ruery." Command.



②: Modifying access control permissions for a folder

If you want to give local users ruery full control over all the files in the C:\ruery folder and subfolders, just type the following command:
Cacls c:\ruery/t/e/c/g ruery:f
"/t" means to modify the ACL for all files in the folder and subfolders.
"/E" means only editing work and not replacement.
"/C" means to continue when an Access denied error occurs.
"/g Ruery:f" represents the right to give the local user Ruery Full control.
"F" stands for full Control, and if you just want to give Read permission, then it should be "R"



③: Revoke access control permissions for a user

If you want to revoke the Ruery user's access control permissions to the C:\ruery folder and its subfolders, you can type the following command:
cacls c:\ruery/t/e/c/R ruery

If you are simply denying access to a user, you can type the following command:
cacls c:\ruery/t/e/c/d ruery



Cacls.exe c:\windows\system32\net.exe/c/e/t/g administrators:f
Cacls.exe c:\windows\system32\dllcache\net.exe/c/e/t/g administrators:f

Cacls.exe c:\windows\system32\net.exe/c/e/t/g everyone:f
Cacls.exe c:\windows\system32\dllcache\net.exe/c/e/t/g everyone:f

Cacls.exe c:\windows\system32\net.exe/c/e/t/g system:f
Cacls.exe c:\windows\system32\dllcache\net.exe/c/e/t/g system:f

Cacls.exe c:\windows\system32\net.exe/c/e/t/g administrator:f
Cacls.exe c:\windows\system32\dllcache\net.exe/c/e/t/g administrator:f


Cacls.exe c:/e/t/g everyone:f #把d盘设置为everyone可以浏览
Cacls.exe d:/e/t/g everyone:f #把d盘设置为everyone可以浏览
Cacls.exe e:/e/t/g everyone:f #把e盘设置为everyone可以浏览
Cacls.exe f:/e/t/g everyone:f #把f盘设置为everyone可以浏览



Second, the use of enhanced tools Xcals.exe

In the Windows 2000 Resource Kit, Microsoft also provides a File Control permission modification tool called Xcacls.exe, which is more powerful than cacls.exe and can set all the file system security options that can be accessed in Windows Explorer from the command line, which we can from [url]http:// www.microsoft.com/windows2000/techinfo/reskit/tools/existing/xcacls-o.asp [/url] Download, can be used after installation.

The syntax and parameters of the Xcacls.exe command are basically the same as the Cacls.exe, but the difference is that it does this by displaying and modifying the access control list (ACL) of the piece. After the "/g" parameter, in addition to maintaining the original perm permissions, the spec (special access permission) option is added, and the "/y" parameter is added, which indicates that a confirmation prompt is forbidden when the user access is replaced, and by default, Cacls.exe is required to be confirmed so that when the Cacls.exe command is called in a batch, the program stops responding and waits for the correct answer to be entered, and the "/y" parameter will cancel the acknowledgment so that we can use the Xcacls.exe command in the batch.

①: View permissions for a file or folder

In the start → Run dialog box or switch to command prompt mode, note that you should add the C:\Program Files\Resource Kit to the system properties → advanced → environment variables → system variables in advance, or set it to the current path by using the CD command. Otherwise you will be prompted not to find the file, and then type the following command:

Xcacls C:\ruery


At this point, we will see the window shown in Figure 2, where you can see all user groups or users access control permissions to the C:\ruery folder, IO indicates that this ACE is not applied to the current object, CI means that the subordinate window will inherit this ace,oi to indicate that the subordinate file inherits the ace. NP means that subordinate objects do not continue to propagate inherited aces, whereas letters at the end of each line represent different levels of permissions.
F means full Control.
C represents the change.
W indicates write.


②: Replace the ACL in the folder without confirming
Xcacls c:\ruery/g administrator:rw/y
The above command will replace the ACLs for all files and folders in the C:\ruery folder, without scanning subfolders, and will not require user confirmation.


③: Giving a user control over a folder
Xcacls h:\temp/g administrator:rwed;rw/e

The above command will give the user ruery read, write, run, and delete permissions on all new files in the C:\ruery folder, but it should be explained that this command only gives the user read and write access to the folder itself, not the files under the subfolders.

For ordinary users, Cals.exe and Xcacls.exe may not be as obvious, which is especially useful in unattended installations of Windows 2000/xp/server 2003, where administrators can set initial access permissions for the folder where the operating system resides When distributing software to a server or workstation, you can also provide single-step protection with Xcacls.exe to prevent users from accidentally deleting a folder or file.

CMD command to transfer permissions to a folder