How to use Cmd to modify file access control permissions, let's take a look! It is not acceptable to ensure that the disk partition format is NTFS.FAT32. First, the use of the Cacls.exe command is a command that can be used under the Windows 2000/XP/Server 2003 operating system to display or modify file access. Control table, you can use a wildcard to specify multiple files in the command, you can also specify multiple users in the command. The command syntax is as follows: Cacls filename [/T] [/E] [/C] [/G usererm] [/R user [...]] [/P usererm [...]] [/D user [.. .]]Filename: Display access control list (hereinafter referred to as ACL) /T: Change the ACL/E of the specified file in the current directory and all its subdirectories: Edit ACL without replacing /C: Continue /G when an access denied error occurs Userer:perm: gives the specified user access rights, Perm represents different levels of access rights, and its value can be R (read), W (write), C (change, write), F (full control) and so on. /R user: Undo the access rights of the specified user. Note that this parameter is only valid when used with “/E”. /P user:perm: replaces the access rights of the specified user. The meaning of perm is the same as before, but the option of "N(none)” is added. /D user: Denies access to the specified user. 1: View the access control permissions of the folder To view the access control permissions of the C:\
uery folder, just type the following command in the "Start →Run" dialog or switch to Command Prompt mode: Cacls C :\
uery At this point, we will see all user groups and users access control permissions for the C:\
uery folder. CI indicates that the ACE will be inherited by the directory. OI indicates that the ACE will be inherited by the file. IO indicates that the ACI does not apply. The current file or directory. The letters at the end of each line indicate control permissions, such as "F" for full control, "C" for change, "W" for write."R" for reading if you wish to view it Access control permissions for all files in the folder (including files in subfolders) (see Figure 1), you can type "Cacls C:\
uery ."Command.2: Modify the access control permissions of the folder if you wish Give local user ruery full access to all files in the C:\
uery folder and subfolders, just type the following command: Cacls C:\
uery /t /e /c /g ruery:F"/t" Modify folders and subfolders ACL."/e" for all files means editing only and not replacing ."/c" means continuing in the event of a denial of access error."/g ruery:F" means giving local user ruery full control Permissions."f" stands for full control. If you just want to give read access, then it should be "r"3: revoke the user's access control permissions if you wish to revoke the ruery user to the C:\
uery folder and its subfiles For access control permissions, you can type the following command: cacls C:\
uery /t /e /c /r ruery If you just deny user access, you can type the following command: cacls C:\
uery /t /e /c /d ruerycacls.exe c:\\windows\\system32\ et.exe /c /e /t /g administrators:Fcacls.exe c:\\windows\\system32\\dllcache\ et.exe /c /e /t /g administrators:Fcacls .exe c:\\windows\\system32\ et.exe /c /e /t /g everyone:Fcacls.exe c:\\windows\\system32\\dllcache\ et.exe /c /e /t /g everyone:Fcacls.exe c:\\windows\\system32\ et.exe /c /e /t /g system:Fcacls.exe c:\\windows\\system32\\dllcache\ et.exe /c /e /t /g system:Fcacls.ex Ec:\\windows\\system32\ et.exe /c /e /t /g administrator:Fcacls.exe c:\\windows\\system32\\dllcache\ et.exe /c /e /t /g administrator:Fcacls.exe c: /e /t /g everyone:F #Set the d drive to everyone can browse cacls.exe d: /e /t /g everyone:F #Set the d drive to everyone can browse cacls.exe e: /e /t /g everyone:F #Set the e disk to everyone can browse cacls.exe f: /e /t /g everyone:F #Set f disk to everyone can browse two, use the enhanced tool xcals.exe in windows 2000 resource tools In the package, Microsoft also provides a file control permission modification tool called xcacls.exe, which is more powerful than cacls.exe. You can set all file system security options that can be accessed in Windows Explorer through the command line. , we can download from [url]http: //www.microsoft.com/windows2000/techinfo/reskit/tools/existing/xcacls-o.asp [/url], you can use it after installation. The syntax and parameters of the xcacls.exe command are basically the same as cacls.exe, but the difference is that it does this by displaying and modifying the access control list (ACL). In addition to maintaining the original perm permission after the “/g” parameter, the spec (special access permission) option has been added, and the parameter of “/y” has been added to indicate that it is forbidden to replace the user access right. Confirm the prompt, and by default, cacls.exe is required to confirm, so when the cacls.exe command is called in the batch, the program will stop responding and wait for the correct answer. After introducing the “/y” parameter, it can be canceled. This confirms so that we can use the xcacls.exe command in the batch. 1: View the permissions of the file or folder in the "Start → Run" dialog or switch to the command prompt mode, please add "ld:;c:\\program files\
esource kit" to the system property in advance. →Advanced → environment variable → system variable & rdquo;, or set it to the current path by cd command, otherwise it will prompt to find the file, then type the following command: xcacls C:\
uery At this time, we will see Go to the window shown in Figure 2, where you can view the access control permissions of all user groups or users on the C:\
uery folder. io indicates that this ace should not be applied to the current object, ci indicates that the slave window will inherit this ace, oi The dependent file will inherit the ace, np indicates that the dependent object does not continue to propagate the inherited ace, and the letter at the end of each line indicates different levels of permissions, f indicates full control. c indicates change. w indicates write. .2: replace folder Acl without confirming xcacls C:\
uery /g administrator:rw/y The above command will replace the acl of all files and folders in the C:\
uery folder without scanning the subfolders and will not require the user Recognition.3: Give a user control over the folder xcacls h:\\temp /g administrator:rwed;rw /e The above command will give the user ruery to read and write all newly created files in the C:\
uery folder. , run and delete permissions, but it should be noted that this command only gives the user read and write permissions to the folder itself, not including the files in the subfolder. For ordinary users, the role of cals.exe and xcacls.exe may not be so obvious, which is especially useful in the unattended installation of windows 2000/xp/server 2003. Administrators can set the initial folder for the operating system. Access rights; when distributing software to a server or workstation, you can also provide single-step protection with xcacls.exe to prevent users from accidentally deleting folders or files.