ICACLS command in Windows
The ICACLS command is a powerful tool in Windows for managing file permissions. With this command, you can set, modify, or troubleshoot access control lists directly from the command prompt. It allows for granular control over who can access or modify files and directories, making it an essential tool for system administrators and advanced users. By using ICACLS, you can view, edit, backup, or restore ACLs, granting or revoking permissions for specific users or groups.
ICACLS Syntax:
Section titled “ICACLS Syntax:”icacls [filename] [/grant [:r]] [user:permission]Windows ICACLS Options:
Section titled “Windows ICACLS Options:”| Option | Description |
|---|---|
| /grant | Grants specified user permissions |
| /deny | Denies specified user permissions |
ICACLS Parameters:
Section titled “ICACLS Parameters:”| Parameter | Description |
|---|---|
| filename | Specifies the file or directory to modify |
| user | Specifies the user to modify permissions for |
| permission | Specifies the permissions to grant or deny |
How to use ICACLS command:
Section titled “How to use ICACLS command:”Grant “Full Control” Permission to a User on a Folder
Section titled “Grant “Full Control” Permission to a User on a Folder”icacls "C:\ExampleFolder" /grant John:(F)Grants the user “John” full control permission on the folder “ExampleFolder”.
Deny Read Permission to a User on a File
Section titled “Deny Read Permission to a User on a File”icacls "C:\ExampleFile.txt" /deny Jane:(R)Denies the user “Jane” read permission on the file “ExampleFile.txt”.
Remove all Permissions for a Group on a Folder and its Subfolders
Section titled “Remove all Permissions for a Group on a Folder and its Subfolders”icacls "D:\Documents" /remove Everyone /tRemoves all permissions for the group “Everyone” on the folder “Documents” and its subfolders.
Backup and Restore Permissions on a Folder
Section titled “Backup and Restore Permissions on a Folder”icacls C:\ExampleFolder /save C:\permissions_backup.txticacls D:\RestoredFolder /restore C:\permissions_backup.txtSaves the permissions of “ExampleFolder” to a file and then restores them on a different folder “RestoredFolder”.
Display ACLs in a Specific Folder and Export to a File
Section titled “Display ACLs in a Specific Folder and Export to a File”icacls "C:\Users\Admin" /c /t > C:\ACLoutput.txtDisplays all ACLs in the folder “Admin” and its subfolders, then exports the output to a file named “ACLoutput.txt”.
Grant Permission to a Group and Propagate to Subfolders Only
Section titled “Grant Permission to a Group and Propagate to Subfolders Only”icacls "E:\SharedFolder" /inheritance:r /grant Managers:(OI)(CI)F /tGrants the group “Managers” full control permission on the folder “SharedFolder” and its subfolders, without inheriting permissions from the parent folder.
Set Audit on a Directory for Success and Failure Events
Section titled “Set Audit on a Directory for Success and Failure Events”icacls "C:\SensitiveData" /setintegritylevel Licacls "C:\SensitiveData" /grant John:(ST, S, F, FA, RA, WA)Sets integrity level on the directory “SensitiveData” and grants specific audit permissions to the user “John” for success and failure events.
Revert to Inherited Permissions on a File
Section titled “Revert to Inherited Permissions on a File”icacls "E:\RestrictedFile.txt" /inheritance:rRemoves explicit permissions on the file “RestrictedFile.txt” and reverts to inherited permissions.
How do I use icacls in CMD?
Section titled “How do I use icacls in CMD?”To use the icacls command in Windows, execute the following command:
icacls --option <value>What is the purpose of icacls in Windows?
Section titled “What is the purpose of icacls in Windows?”To manage file and folder permissions in Windows through the command line interface.
How can I grant specific permissions using icacls?
Section titled “How can I grant specific permissions using icacls?”You can grant permissions to a user or group using the following command:
icacls "C:\example\folder" /grant username:(D)How can I deny permissions using icacls?
Section titled “How can I deny permissions using icacls?”To deny specific permissions to a user, you can use the following command:
icacls "C:\example\folder" /deny username:(D)How can I remove all existing permissions for a user using icacls?
Section titled “How can I remove all existing permissions for a user using icacls?”To remove all existing permissions for a user, you can use the following command:
icacls "C:\example\folder" /remove usernameHow can I view the permissions of a file or folder with icacls?
Section titled “How can I view the permissions of a file or folder with icacls?”You can view the permissions applied to a file or folder using the following command:
icacls "C:\example\folder"How can I backup the permissions of a file or folder using icacls?
Section titled “How can I backup the permissions of a file or folder using icacls?”To backup the permissions of a file or folder, you can use the following command:
icacls "C:\example\folder" /save "C:\example\permissions_backup.txt"How can I restore permissions from a backup file using icacls?
Section titled “How can I restore permissions from a backup file using icacls?”You can restore permissions from a backup file using the following command:
icacls "C:\example\folder" /restore "C:\example\permissions_backup.txt"Applications of the ICACLS Command
Section titled “Applications of the ICACLS Command”- Setting permissions on files and directories
- Viewing current permissions on files and directories
- Changing ownership of files and directories
- Granting or revoking specific permissions to users and groups
- Inheriting or removing inheritance of permissions from parent directories
- Auditing access control lists (ACLs) for files and directories