With the popularity of Windows XP/Server 2003, more and more users are choosing the NTFS file system. The advantage of NTFS is that it greatly enhances the security of the system. Under the "Security" tab, here, we can set access control permissions for different levels of users, including full control, modification, reading and running, listing folder directories, reading, writing, and special permissions, you only need to simply select "allow" and "deny", and click "advanced" to set more special permissions. In fact, in addition to setting access control permissions for files or folders on the graphic user interface, we can also do this in the command line mode, this is especially useful when you cannot enter the graphic user interface for some reason. Although it is troublesome to use, it can be saved. One worker uses the cacls.exe command, which can be used in Windows 2000/XP/Server 2003 operating systems to display or modify the file access control table, in the command, you can use wildcards to specify multiple files or multiple users in the command. Command syntax: Cacls filename [/T] [/E] [/C] [/G usererm] [/R user [...] [/P usererm [...] [/D user [...] filename: display the access control list (hereinafter referred to as ACL)/T: Change the ACL of the specified file in the current directory and all its subdirectories/E: edit the ACL without replacing/C: when an access denial error occurs, continue/G Userer: perm: grant the specified user access permission. Perm indicates different levels of access permissions. The value can be R (read), W (write) C (change, write), F (full control), etc. /R user: revokes the access permission of the specified user. Note that this parameter is only valid when used with "/E. /P user: perm: Replace the access permission of the specified user. perm is the same as the previous one, but the "N (none)" option is added. /D user: denies access from the specified user. Example 1: view the ACL of a folder. For example, we want to view the ACL of the h: \ temp folder, in the "Start> Run" dialog box or switch to the command prompt mode, type the following command: Cacls h: \ temp. Then, we will see all user groups and user pairs h: the access control permission project of the \ temp folder. CI indicates that ACE will be inherited by the Directory, OI indicates that ACE will be inherited by the file, and IO indicates that ACI is not applicable to the current file or directory, the letter at the end of each row indicates the control permission. For example, F indicates full control, C Indicates Change, and W indicates write. If you want to view the access control permissions of all files in the folder (including files in subfolders), you can type the "Cacls h: \ temp." command. Example 2: Modify the ACL of a folder. If you want to grant the local user wzj9999 full control over the access permissions of all files in the h: \ temp folder and subfolders, you only need to enter the following command: cacls h: \ temp/t/e/c/g wzj9999: f "/t" indicates modifying the ACL of folders and all files in subfolders, "/e" indicates that only the edits are done without replacement. "/c" indicates that the operation continues when an access denial error occurs, and "/g wzj9999: f indicates that the local user wzj9999 is granted with full control. "f" indicates full control. If you only want to grant the read permission, it should be "r ". Example 3: revoke the user's access control permission. If you want to revoke the wzj9999 user's access control permission on the h: \ temp folder and Its subfolders, you can enter the following command: cacls h: \ temp/t/e/c/r wzj9999 if only user access is denied, enter the following command: cacls h: \ temp/t/e/c/d wzj99992 enhanced xcals.exe is more powerful in windows. You can use the command line to set all file system security options that can be accessed in windows Resource Manager, we can. The syntax of the xcacls.execommand is basically the same as that of cacls.exe, but the difference is that it performs this operation by displaying and modifying the access control list (acl) of the file. After the "/g" parameter, in addition to retaining the original perm permission, the spec (special access permission) option is added, and the "/deny command is added, the program will stop responding and wait for the correct answer to be entered. After "/yundun" is introduced, this confirmation can be obtained. In this case, we can use the xcacls.exe command in batch processing. Instance 1: view the file or folder permissions in the "Start> Run" dialog box or switch to the command prompt mode. Note that the "c: \ program files \ resource kit is added to "System Properties → advanced → environment variables → system variables", or set it to the current path using the cd command, otherwise, the system will prompt that the file cannot be found, and enter the following command: xcacls h: \ temp. At this time, you can view all user groups or users' access control permissions on the h: \ temp folder, io indicates that this ace should not be used for the current object, ci indicates that the slave window will inherit this ace, oi indicates that the slave file will inherit this ace, and np indicates that the slave object will not continue to spread the inherited ace, the letters at the end of each row indicate different levels of permissions. For example, f indicates full control, c Indicates Change, and w indicates write. Example 2: replace the acl in the folder without confirming that the xcacls h: \ temp/g administrator: rw/y command will replace the acl of all files and folders in the h: \ temp folder, if you do not scan the subfolders, you will not be asked to confirm them. Example 3: grant a user the permission to control the folder xcacls h: \ temp/g wzj9999: rwed; the rw/e command will grant the user wzj9999 to h: the read, write, run, and delete permissions for all newly created files in the \ temp folder. However, it must be noted that this command only grants users the read and write permissions on the folder itself, this does not include files in subfolders. For common users, cals.exeand xcacls.exe may not be very effective, which provides one-step protection in windows 2000/xp/server versions to prevent users from accidentally deleting folders or files.