Cacls command examples

by admin on December 28, 2011

Cacls command can be used to display or modify access control list(ACLs) of files. Below you can find few examples of cacls command for various scenarios.

Find the access permissions of a file

We can run the below command to print the access permissions of a file.

cacls filename

Example:

c:\>cacls data.txt
c:\data.txt NT AUTHORITY\SYSTEM:F
            BUILTIN\Administrators:F
            WINCMD-PC\John:F
c:\>

Change access permissions of a file

There are two ways you can modify the access permissions of a file. The first method is to replace the existing access permissions where as the second one is to edit the existing permissions.

Replace existing access permissions:

We can use /P switch to replace the existing permissions. The syntax of this command is as below:

cacls filename /P user1:permissions  user2:permissions user3:permissions [user4:permissions ........]

The existing permissions will be replaced with the ones specified in the above command. To illustrate the use of this /P switch, let’s modify the access permissions of the file data.txt shown in the above example.

c:\>cacls data.txt
c:\data.txt WINCMD-PC\John:F
           NT AUTHORITY\SYSTEM:F
           BUILTIN\Administrators:F

c:\>cacls data.txt /P BUILTIN\Administrators:R
Are you sure (Y/N)?y
processed file: c:\data.txt

c:\>cacls data.txt
c:\data.txt BUILTIN\Administrators:R

As you can see, we have not specified anything about the user John with the /P switch. Since the /P flag replaces the permissions, after executing the command, data.txt will not have any access permissions for the user John.

Edit access permissions for a user:

The second method allows to modify access permissions for a user without impacting other users permissions. We can use /E switch for this.

For example, in the above case, let’s give user John only read permission and keep the same permissions for other users. The command for this is:

c:\>cacls files.txt
c:\files.txt NT AUTHORITY\SYSTEM:F
             BUILTIN\Administrators:F
             WINCMD-PC\John:F
c:\>cacls files.txt /E /P WINCMD-PC\John:R
processed file: c:\files.txt
c:\>cacls files.txt
c:\files.txt NT AUTHORITY\SYSTEM:F
             BUILTIN\Administrators:F
             WINCMD-PC\John:R

{ 1 comment… read it below or add one }

Arman May 15, 2014 at 10:30 am

Hi…
system files in win7 no changes.
display error “access denied”.
cacls no working.
how do work for change folder permission in drive c:// AND system32???
Thank you

Reply

Leave a Comment

HTML tags are not allowed.

Previous post:

Next post: