Extended Change Access Control List tool

You can use Xcacls.vbs from the command line to set all the file system security options that are accessible in Microsoft Windows Explorer. Xcacls.vbs displays and modifies the access control lists (ACLs) of files.

Download

XCACLS filename [/E] [/G user:perm;spec] [...] [/R user [...]] [/F] [/S] [/T] [/P user:perm;spec [...]] [/D user:perm;spec] [...] [/O user] [/I ENABLE/COPY/REMOVE] /N [/L filename] [/Q] [/DEBUG] filename [Required]

F [Used with Directory or Wildcard] This will change all files under the inputted directory but will NOT traverse subdirectories unless /T is also present. If filename is a directory, and /F is not used, no files will be touched.
/S [Used with Directory or Wildcard] This will change all subfolders under the inputted directory but will NOT traverse subdirectories unless /T is also present.
/T [Used only with a Directory] Traverses each subdirectory and makes the same changes. This switch will traverse directories only if the filename is a directory or is using wildcard characters.
/E Edit ACL instead of replacing it.
/G user:GUI Grant security permissions similar to Windows GUI standard (non-advanced) choices.
/G user:Perm;Spec Grant specified user access rights. (/G adds to existing rights for user)

R user Revoke specified user's access rights. (Will remove any Allowed or Denied ACL's for user.)
/P user:GUI Replace security permissions similar to standard choices.
/P user:perm;spec Replace specified user's access rights. For access right specification see /G option.
/D user:GUI Deny security permissions similar to standard choices.
/D user:perm;spec Deny specified user access rights. For access right specification see /G option. (/D adds to existing rights for user.)
/O user Change the Ownership to this user or group.
/I switch Inheritance flag. If omitted, the default is to not touch Inherited ACL's.
L filename Filename for Logging. This can include a path name if the file is not under the current directory.
/Q Turn on Quiet mode. By default, it is off.
/DEBUG Turn on Debug mode. By default, it is off.
/SERVER servername Enter a remote server to run script against.
/USER username Enter Username to impersonate for Remote Connections (requires PASS switch). Will be ignored if it is for a Local Connection.
/PASS password Enter Password to go with USER switch (requires USER switch).

No comments:

Recent Posts