Computing
Home
How To
Music
The Band
Tracks
Misc
Links
French Flag Fr

The Icacls command to set Files and Folders Permissions in Windows

Microsoft logo

Icacls is very usefull to script Files and Folders Permissions.

Intro

  • OS : Windows Server 2008 minimum
  • ACL : Access Control List
  • ACE : Access Control Entry is an element in an access control list (ACL)

Commands

Reset ACL

  • Recover access to a file :
PS C:\Users\Administrator>takeown /A /R /F D:\FOLDER
  • Replaces ACLs with default inherited ACLs for all matching files :
    • /T indicates that this operation is performed on all matching files/directories below the directories specified in the name
    • /C indicates that this operation will continue on all file errors.
PS C:\Users\Administrator>icacls D:\FOLDER /reset /T /C

Remove all inherited ACEs

  • Remove all inherited ACEs :
PS C:\Users\Administrator>icacls D:\FOLDER /inheritance:r /T /C
  • Note :
    • /inheritancelevel:e : Enables inheritance
    • /inheritancelevel:d : Disables inheritance and copies the ACEs
    • /inheritancelevel:r : Disables inheritance and removes only inherited ACEs

Set ACLs

  • /grant:r, replace permissions previously granted
  • inheritance rights
    • (OI) object inherit
    • (CI) container inherit
    • (IO) inherit only
    • (NP) don't propagate inherit
    • (I) permission inherited from parent container
  • simple rights
    • (RX,W) read + execute and write only access
    • (RX,D) read + execute and delete access
    • (M) read, execute, write, delete and modify access
    • (F) full access
PS C:\Users\Administrator>icacls "D:\FOLDER" /grant:r "domain.local\users":(OI)(CI)(RX,D) "domain.local\Administrator":(OI)(CI)(F) SYSTEM:(OI)(CI)(F) Administrators:(OI)(CI)(F) /T /C

Remove user

  • Remove all occurrences of Sid in the ACL :
PS C:\Users\Administrator>icacls "c:\$Windows.~BT" /remove:g SYSTEM

Add a user with full rights

  • Grants the specified user access rights :
PS C:\Users\Administrator>icacls "c:\$Windows.~BT" /grant users:(OI)(CI)(F)

Deny rights to a user

  • Explicitly denies the specified user access rights :
PS C:\Users\Administrator>icacls "c:\$WINDOWS.~BT" /deny SYSTEM:(OI)(CI)(F)

Examples

Reset ACL

  • Recover access to a file with takeown tool :
PS C:\Users\Administrator>takeown /A /R /F E:\Common\TEST
before and after comparison of two advanced security settings windows with takeown modifications
  • Replace ACLs with default inherited ACLs for all matching files :
PS C:\Users\Administrator>icacls E:\Common\TEST /reset /T /C
before and after comparison of two advanced security settings windows

Add User

  • Add user with read + execute and delete access :
PS C:\Users\Administrator>icacls E:\Common\TEST /grant s.marsh@std.local:(OI)(CI)(RX,D)
before and after comparison of two security properties windows with read write exectute rights
  • Add user with read + execute and write only access :
PS C:\Users\Administrator>icacls E:\Common\TEST /grant b.stotch@std.local:(OI)(CI)(RX,W)
before and after comparison of two security properties windows with read write only exectute rights

Remove User

  • Remove user :
PS C:\Users\Administrator>icacls E:\Common\TEST /remove s.marsh@std.local
before and after comparison of two security properties windows after a user has been removed

Permissions

  • Replace permissions :
PS C:\Users\Administrator>icacls E:\Common\TEST /grant:r b.stotch@std.local:(OI)(CI)(RX,D)
before and after comparison of two security properties windows after removal write access
  • Denies user access rights :
PS C:\Users\Administrator>icacls E:\Common\TEST /deny b.stotch@std.local:(OI)(CI)(F)
security tab of a folder properties showing a user with permissions denied

Misc

  • Print current permissions :
PS C:\Users\Administrator>icacls E:\Common\TEST
E:\Common\TEST BUILTIN\Administrators:(I)(F)
               CREATOR OWNER:(I)(OI)(CI)(IO)(F)
               NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
               BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
               BUILTIN\Users:(I)(OI)(CI)(RX)
               BUILTIN\Users:(I)(CI)(WD,AD)

Successfully processed 1 files; Failed processing 0 files
windows command showing the output of the icacls command printing current permissions

Save/Restore ACL

  • Save current ACLs to file :
PS C:\Users\Administrator>icacls E:\Common\TEST /save AclFile /T
processed file: E:\Common\TEST
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Anemia.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Anemia.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Anything_That_You_Want.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Anything_That_You_Want.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Asshole.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Asshole.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Breathless.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Breathless.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Denomia.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Denomia.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Easy_Way.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Easy_Way.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Illusions_And_Witnesses.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Illusions_And_Witnesses.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Impro.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Impro.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Insubstantial_As_Me.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Insubstantial_As_Me.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Last_Tango.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Last_Tango.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Queens_&_Princes.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Queens_&_Princes.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Refund_You.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Refund_You.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Something.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Something.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_The_Elements_Of_A_State.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_The_Elements_Of_A_State.ogg
processed file: E:\Common\TEST\tracks.xml
Successfully processed 30 files; Failed processing 0 files
windows command using icacls to save the current permissions of a folder
  • Restore ACLs from file :
PS C:\Users\Administrator>icacls E:\Common\ /restore AclFile
processed file: E:\Common\TEST
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Anemia.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Anemia.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Anything_That_You_Want.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Anything_That_You_Want.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Asshole.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Asshole.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Breathless.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Breathless.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Denomia.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Denomia.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Easy_Way.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Easy_Way.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Illusions_And_Witnesses.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Illusions_And_Witnesses.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Impro.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Impro.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Insubstantial_As_Me.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Insubstantial_As_Me.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Last_Tango.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Last_Tango.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Queens_&_Princes.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Queens_&_Princes.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Refund_You.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Refund_You.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Something.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_Something.ogg
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_The_Elements_Of_A_State.mp3
processed file: E:\Common\TEST\The_Dolphins_-_Demo_-_The_Elements_Of_A_State.ogg
processed file: E:\Common\TEST\tracks.xml
Successfully processed 30 files; Failed processing 0 files
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Contact :