Académique Documents
Professionnel Documents
Culture Documents
SUMMARY
This step-by-step article describes how to use the Extended Change Access Control List tool
(Xcacls.exe) to modify and to view NTFS permissions for files or folders.
You can use Xcacls.exe to set all file-system security options that are accessible in Windows
Explorer from the command line. Xcacls.exe does this by displaying and modifying the access
control lists (ACLs) of files.
The Xcacls.exe utility is included in the Windows 2000 Resource Kit. The Xcacls.exe utility is also
included in the Windows Server 2003 Support Tools.
The following file is available for download from the Microsoft Download Center:
Xcacls.exe syntax
xcacls file name [/T] [/E] [/C] [/G user:perm;spec] [/R user] [/P user:perm;spec [...]] [/D user
[...]] [/Y]
where file name indicates the name of the file or folder to which the ACL or access control entry
(ACE) is typically applied. All standard wildcard characters can be used.
/T recursively walks through the current folder and all of its subfolders, applying the chosen access
rights to the matching files or folders.
/E edits the ACL instead of replacing it. For example, only the administrator will have access to the
Test.dat file if you run the XCACLS test.dat /G Administrator:F command. All ACEs applied earlier
are lost.
/C causes Xcacls.exe to continue if an "access denied" error message occurs. If /C is not specified,
Xcacls.exe stops on this error.
• Notes
The access options for files (for folders, special file and
•
folder access) are identical. For detailed explanations of
•
these options, see the Windows 2000 operating system
documentation.
All other options, which can also be set in Windows Explorer,
are subsets of all possible combinations of the basic access
•
rights. Because of this, there are no special options for folder
access rights, such as LIST or READ.
/R user revokes all access rights for the specified user.
/P user:perm;spec replaces access rights for user. The rules for specifying perm and spec are the
same as for the /G option. See the "Xcacls.exe examples" section.
/Y disables confirmation when replacing user access rights. By default, CACLS asks for
confirmation. Because of this feature, when CACLS is used in a batch routine, the routine stops
responding until the right answer is entered. The /Y option was introduced to avoid this
confirmation, so that Xcacls.exe can be used in batch mode.
BUILTIN\Power Users:C
BUILTIN\Power Users:(OI)(CI)(IO)C
BUILTIN\Administrators:F
BUILTIN\Administrators:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
BUILTIN\Administrators:F
CREATOR OWNER:(OI)(CI)(IO)F
Xcacls.exe examples
Example 1
Type XCACLS *.* /G administrator:RW /Y at the command prompt, and then press ENTER to replace
the ACL of all files and folders in the current folder without scanning subfolders and without
confirmation.
Example 2
The ACEs that are added to the folder in this example also inherit ACE for new files that are created
in this folder. The command gives TestUser read, write, run, and delete rights on all new files
created in this folder, but only read and write permissions on the folder itself. Type XCACLS *.* /G
TestUser:RWED;RW /E at the command prompt, and then press ENTER.
Example 3
The following example grants read and write permissions on a folder without creating an inherit
entry for new files. Therefore, in this example, new files that are created in this folder receive no
ACE for TestUser. For existing files, an ACE with read permissions is created. Type XCACLS *.* /G
TestUser:R;RW /E at the command prompt, and then press ENTER.
MORE INFORMATION
For more information, click the following article numbers to view the articles in the Microsoft
Knowledge Base:
245015 (http://support.microsoft.com/kb/245015/) How to print folder and file permissions from
one folder
135268 (http://support.microsoft.com/kb/135268/) How to use CACLS.EXE in a batch file
Back to the top
APPLIES TO
• Microsoft Windows 2000 Server
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Professional Edition