In
Microsoft Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
,
cacls and its replacement,
icacls, native
command-line
A command-line interpreter or command-line processor uses a command-line interface (CLI) to receive commands from a user in the form of lines of text. This provides a means of setting parameters for the environment, invoking executables and pro ...
utilities capable of displaying and modifying the
security descriptor Security descriptors are data structures of security information for ''securable'' Windows objects, that is objects that can be identified by a unique name. Security descriptors can be associated with any named objects, including files, folders, ...
s on
folders and
files. An
access-control list
In computer security, an access-control list (ACL) is a list of permissions associated with a system resource (object). An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on give ...
is a list of permissions for securable object, such as a file or folder, that controls who can access it. The
cacls command is also available on
ReactOS
ReactOS is a free and open-source operating system for amd64/i686 personal computers intended to be binary-compatible with computer programs and device drivers made for Windows Server 2003 and later versions of Windows. ReactOS has been noted a ...
.
cacls
The ''cacls.exe'' utility is a deprecated command line editor of directory and file
security descriptor Security descriptors are data structures of security information for ''securable'' Windows objects, that is objects that can be identified by a unique name. Security descriptors can be associated with any named objects, including files, folders, ...
s in
Windows NT 3.5
Windows NT 3.5 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was released on September 21, 1994, as the successor to Windows NT 3.1 and the predecessor to Windows NT 3.51.
One ...
and later operating systems of the
Windows NT
Windows NT is a proprietary graphical operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems sc ...
family. Microsoft has produced the following newer utilities, some also subsequently deprecated, that offer enhancements to support changes introduced with version 3.0 of the
NTFS
New Technology File System (NTFS) is a proprietary journaling file system developed by Microsoft. Starting with Windows NT 3.1, it is the default file system of the Windows NT family. It superseded File Allocation Table (FAT) as the preferred fil ...
filesystem:
*''xcacls.exe'' is supported by Windows 2000 and later and adds new features like setting Execute, Delete and Take Ownership permissions
*''xcacls.vbs''
*''fileacl.exe''
*''icacls.exe'' (included in Windows Server 2003 SP2 and later)
*''SubInAcl.exe'' - Resource Kit utility to set and replace permissions on various type of objects including files, services and registry keys
*''
Windows PowerShell
PowerShell is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language. Initially a Windows component only, known as Windows PowerShell, it was made open-sourc ...
'' (Get-Acl and Set-Acl cmdlets)
The
ReactOS
ReactOS is a free and open-source operating system for amd64/i686 personal computers intended to be binary-compatible with computer programs and device drivers made for Windows Server 2003 and later versions of Windows. ReactOS has been noted a ...
version was developed by Thomas Weidenmueller and is licensed under the
GNU Lesser General Public License
The GNU Lesser General Public License (LGPL) is a free-software license published by the Free Software Foundation (FSF). The license allows developers and companies to use and integrate a software component released under the LGPL into their own ...
.
icacls
Stands for Integrity Control Access Control List.
Windows Server 2003
Windows Server 2003 is the sixth version of Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released to manufacturing on March 28, 2003 and generally available on April 24, 2 ...
Service Pack 2 and later include ''icacls'', an in-box command-line utility that can display, modify, backup and restore ACLs for files and folders, as well as to set
integrity levels and ownership in Vista and later versions.
MS-DOS and Windows command line icacls command
/ref> It is not a complete replacement for ''cacls'', however. For example, it does not support Security Descriptor Definition Language
Security Descriptor Definition Language (SDDL) defines the string format that is used to describe a security descriptor as a text string.SetACL
SetACL is a freeware utility for manipulating security descriptors on Microsoft Windows. It used to be available under the GNU Lesser General Public License (LGPL) as a command-line utility and as an ActiveX component, but changed to a freeware ...
* chmod
In Unix and Unix-like operating systems, is the command (computing), command and system call used to change the File-system permissions, access permissions and the #Special modes, special mode flags (the setuid, ''setuid'', ''setgid'', and stick ...
* takeown
Windows Vista contains a range of new technologies and features that are intended to help network administrators and power users better manage their systems. Notable changes include a complete replacement of both the Windows Setup and the Window ...
References
Further reading
*
*
*
*
The Security Descriptor Definition Language of Love (Part 1)
External links
cacls , Microsoft Docs
icacls , Microsoft Docs
{{Windows commands
ReactOS commands
fr:Cacls