Modify file access control rights under Windows command line

Source: Internet
Author: User
Tags command line file system modify

With the popularity of Windows Xp/server 2003, more and more users are beginning to choose the NTFS file system, the benefits of NTFS is naturally greatly enhanced the security of the system, under the "Security" tab, we can set the appropriate access control for different levels of users, including full control, modify, read and run, List folder directory, read, write, special permissions, etc., you only need to "allow" and "refuse" simply tick, click the "Advanced" button can also set more special permissions, here will not say more.

In fact, in addition to the graphical user interface for file or folder access control permissions to set up, we can also do this in the command-line mode, which is not in the graphical user interface for some reason to be particularly useful, although the use of some trouble, but can be an emergency.

First, the use of cacls. EXE command

This is a command that can be used under the Windows 2000/xp/server 2003 operating system to display or modify access control tables for files, to specify multiple files using wildcards in commands, or to specify multiple users in a command. The command syntax is as follows:

CACLS filename [/T] [/e] [/C] [/g usererm] [/R user [...]]] [/P Usererm [...]] [/d User [...]]

Filename: Access Control list is displayed (ACL, hereafter)

/T: Change ACLs for specified files in the current directory and all subdirectories

/e: Edit ACLs without replacing

/C: Continue when a denial of access error occurs

/g userer:perm: gives the specified user access, the perm represents different levels of access, its value can be r (read), W (write), C (change, write), F (Full Control), etc.

/R User: Revoke access rights for the specified user, and note that this parameter is only valid when used with "/e".

/P User:perm: Replaces the access rights of the specified user, perm with the same meaning, but increases the "N (none)" option.

/d User: Deny access to the specified user.

Instance one: Viewing access control permissions for a folder

For example, here we want to view access control permissions for the H:emp folder, so just type the following command in the start → Run dialog box or switch to command prompt mode: Cacls h:emp

At this point, we see all user groups and user access control rights for the H:emp folder, the CI indicates that the ACE is inherited by the directory, and the OI indicates that the ace is inherited by the file, and IO indicates that ACI does not apply to the current file or directory, and that the letters at the end of each line represent control rights, such as F for Full Control, c indicates a change, and W represents a write.

If you want to view access control permissions for all files in this folder, including files in subfolders, type Cacls h:emp. Command.

Example two: Modifying access control permissions for a folder

If you want to give local users wzj9999 Full control over the access to all files in the H:emp folder and subfolders, simply type the following command:

Cacls h:emp/t/e/c/g wzj9999:f

"/T" here means modifying ACLs for all files in the folder and subfolders./e "indicates that editing is done without replacing, and"/C "means continuing when an Access Denied error occurs, and"/g wzj9999:f "means giving the local user wzj9999 Full control, where" F " On behalf of full control, if just want to give Read permission, then should be "R".

Example THREE: Revoke access control rights for a user

If you want to revoke the wzj9999 user's access control rights to the H:emp folder and its subfolders, you can type the following command:

cacls h:emp/t/e/c/R wzj9999

If you are simply denying access to a user, you can type the following command:

cacls h:emp/t/e/c/d wzj9999

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.