Cacls

Last updated

In Microsoft Windows, cacls and its replacement, icacls, native command-line utilities capable of displaying and modifying the security descriptors on folders and files. [1] [2] An access-control list is a list of permissions for securable object, such as a file or folder, that controls who can access it. The cacls command is also available on ReactOS.

Contents

cacls

cacls
Developer(s) Microsoft, Thomas Weidenmueller
Initial release1994, 2829 years ago
Operating system Microsoft Windows, ReactOS
Type Command
License Windows: Proprietary commercial software
ReactOS: GNU Lesser General Public License
Website docs.microsoft.com/en-us/windows-server/administration/windows-commands/cacls

The cacls.exe utility is a deprecated command line editor of directory and file security descriptors in Windows NT 3.5 and later operating systems of the Windows NT family. [3] Microsoft has produced the following newer utilities, some also subsequently deprecated, that offer enhancements to support changes introduced with version 3.0 of the NTFS filesystem:

The ReactOS version was developed by Thomas Weidenmueller and is licensed under the GNU Lesser General Public License. [15]

icacls

icacls
Developer(s) Microsoft
Initial release2007, 1516 years ago
Operating system Microsoft Windows
Type Command
License Proprietary commercial software
Website docs.microsoft.com/en-us/windows-server/administration/windows-commands/icacls

Stands for Integrity Control Access Control List.[ citation needed ] Windows Server 2003 Service Pack 2 and later include icacls, an in-box command-line utility that can display, modify, backup and restore ACLs for files and folders, as well as to set integrity levels and ownership in Vista and later versions. [16] It is not a complete replacement for cacls, however. For example, it does not support Security Descriptor Definition Language (SDDL) syntax directly via command line parameters (only via the /restore option).

See also

Related Research Articles

VBScript is an Active Scripting language developed by Microsoft that is modeled on Visual Basic. It allows Microsoft Windows system administrators to generate powerful tools for managing computers without error handling and with subroutines and other advanced programming constructs. It can give the user complete control over many aspects of their computing environment.

<span class="mw-page-title-main">Windows 2000</span> Fifth major release of Windows NT, released in 2000

Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and designed for businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was officially released to retail on February 17, 2000 and September 26, 2000 for Windows 2000 Datacenter Server. It was Microsoft's business operating system until the introduction of Windows XP Professional in 2001.

New Technology File System (NTFS) is a proprietary journaling file system developed by Microsoft. Starting with Windows NT 3.1, it is the default file system of the Windows NT family. It superseded File Allocation Table (FAT) as the preferred filesystem on Windows and is supported in Linux and BSD as well. NTFS reading and writing support is provided using a free and open-source kernel implementation known as NTFS3 in Linux and the NTFS-3G driver in BSD. By using the convert command, Windows can convert FAT32/16/12 into NTFS without the need to rewrite all files. NTFS uses several files typically hidden from the user to store metadata about other files stored on the drive which can help improve speed and performance when reading data. Unlike FAT and High Performance File System (HPFS), NTFS supports access control lists (ACLs), filesystem encryption, transparent compression, sparse files and file system journaling. NTFS also supports shadow copy to allow backups of a system while it is running, but the functionality of the shadow copies varies between different versions of Windows.

In computer security, an access-control list (ACL) is a list of permissions associated with a system resource. An ACL specifies which users or system processes are granted access to resources, as well as what operations are allowed on given resourcess. Each entry in a typical ACL specifies a subject and an operation. For instance,

Cabinet is an archive-file format for Microsoft Windows that supports lossless data compression and embedded digital certificates used for maintaining archive integrity. Cabinet files have .cab filename extensions and are recognized by their first four bytes MSCF. Cabinet files were known originally as Diamond files.

<span class="mw-page-title-main">Windows Registry</span> Database for Microsoft Windows

The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and user interfaces can all use the registry. The registry also allows access to counters for profiling system performance.

<span class="mw-page-title-main">Microsoft ScanDisk</span> Disk diagnostic utility for MS-DOS and Windows 9x

Microsoft ScanDisk is a diagnostic utility program included in MS-DOS and Windows 9x. It checks and repairs file systems errors on a disk drive, while the system starts.

<span class="mw-page-title-main">Windows File Manager</span> File manager bundled with Microsoft Windows in the 1990s

File Manager is a file manager program bundled with releases of OS/2 and Microsoft Windows between 1988 and 1999 and available from 6 April 2018 as an optional download for all modern releases of Windows, including Windows 10.

System File Checker (SFC) is a utility in Microsoft Windows that allows users to scan for and restore corrupted Windows system files.

As the next version of Windows NT after Windows 2000, as well as the successor to Windows Me, Windows XP introduced many new features but it also removed some others.

Robocopy is a command-line file transfer utility for Microsoft Windows. Robocopy is functionally more comprehensive than the COPY command and XCOPY, but replaces neither. Created by Kevin Allen and first released as part of the Windows NT 4.0 Resource Kit, it has been a standard feature of Windows since Windows Vista and Windows Server 2008.

<span class="mw-page-title-main">Microsoft PowerToys</span> Set of freeware system utilities developed by Microsoft

Microsoft PowerToys is a set of freeware system utilities designed for power users developed by Microsoft for use on the Windows operating system. These programs add or change features to maximize productivity or add more customization. PowerToys are available for Windows 95, Windows XP, Windows 10 and Windows 11. The PowerToys for Windows 10 and Windows 11 are free and open-source software licensed under the MIT License and hosted on GitHub.

Windows Support Tools is a suite of management, administration and troubleshooting tools for Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2003 R2 from Microsoft.

Windows Vista contains a range of new technologies and features that are intended to help network administrators and power users better manage their systems. Notable changes include a complete replacement of both the Windows Setup and the Windows startup processes, completely rewritten deployment mechanisms, new diagnostic and health monitoring tools such as random access memory diagnostic program, support for per-application Remote Desktop sessions, a completely new Task Scheduler, and a range of new Group Policy settings covering many of the features new to Windows Vista. Subsystem for UNIX Applications, which provides a POSIX-compatible environment is also introduced.

<span class="mw-page-title-main">Windows Task Scheduler</span> Computer application of Microsoft Windows

Task Scheduler is a job scheduler in Microsoft Windows that launches computer programs or scripts at pre-defined times or after specified time intervals. Microsoft introduced this component in the Microsoft Plus! for Windows 95 as System Agent. Its core component is an eponymous Windows service. The Windows Task Scheduler infrastructure is the basis for the Windows PowerShell scheduled jobs feature introduced with PowerShell v3.

Windows Resource Protection is a feature first introduced in Windows Vista and Windows Server 2008. It is available in all subsequent Windows operating systems, and replaces Windows File Protection. Windows Resource Protection prevents the replacement of critical system files, registry keys and folders. Protecting these resources prevents system crashes. The way it protects resources differs entirely from the method used by Windows File Protection.

Security descriptors are data structures of security information for securable Windows objects, that is objects that can be identified by a unique name. Security descriptors can be associated with any named objects, including files, folders, shares, registry keys, processes, threads, named pipes, services, job objects and other resources.

SetACL is a freeware utility for manipulating security descriptors on Microsoft Windows. It used to be available under the GNU Lesser General Public License (LGPL) as a command-line utility and as an ActiveX component, but changed to a freeware license in version 3.0.0.0.

In computing, convert is a command-line utility included in the Windows NT operating system line. It is used to convert volumes using the FAT file systems to NTFS.

References

  1. "Microsoft DOS cacls command". Computer Hope. Retrieved 24 December 2011.
  2. "CACLS.exe". SS64.com. Retrieved 24 December 2011.
  3. "MS-DOS and Windows command line calcs command".
  4. "How to use Xcacls.exe to modify NTFS permissions (Revision: 4.5)". Microsoft Support. Microsoft Corporation. 2 March 2007. Retrieved 24 December 2011.
  5. "Xcacls syntax". Microsoft TechNet. Microsoft Corporation. 28 March 2003. Retrieved 30 October 2012.
  6. "Windows 2000 Resource Kit Tool: Xcacls.exe". Microsoft Download Center. Microsoft Corporation. 15 May 2002. Retrieved 24 December 2011.
  7. "Windows XP Service Pack 2 Support Tools". Microsoft Download Center. Microsoft Corporation. 10 August 2004. Retrieved 24 December 2011.
  8. "How to use Xcacls.vbs to modify NTFS permissions (Revision: 2.4)". Microsoft Support. Microsoft Corporation. 30 October 2006. Retrieved 24 December 2011.
  9. "Extended Change Access Control List Tool (Xcacls)" (2 July 2004). Microsoft Download Center. Microsoft Corporation. Retrieved 24 December 2011. Xcacls.vbs is an unsupported tool that provides additional capabilities not provided with the supported utility, Xcacls.exe.
  10. "FILEACL v3.0.1.6". Microsoft. 2004-03-23. Archived from the original on March 22, 2009.
  11. "The Icacls.exe utility is available for Windows Server 2003 with Service Pack 2 (Revision: 4.0)". Microsoft Support. Microsoft Corporation. 9 October 2011. Retrieved 24 December 2011.
  12. "Icacls". Microsoft TechNet . Microsoft Corporation. 28 September 2007. Retrieved 24 December 2011.
  13. "Get-Acl". Microsoft TechNet. Microsoft Corporation. 21 April 2010. Retrieved 31 October 2012.
  14. "Set-Acl". Microsoft TechNet. Microsoft Corporation. 21 April 2010. Retrieved 31 October 2012.
  15. cacls.c on GitHub
  16. MS-DOS and Windows command line icacls command

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.