iCACLS Vista Command Prompt Tool to Manage ACLs icacls Vista的命令提示符工具来管理的ACL
Prior to Windows Vista, CACLS (Change Access Control Lists) is used to manage to complicated NTFS permissions, complement the Folder Options’ Security tab which offers an easy way to make minor permissions tweaks.之前到Windows Vista , cacls (改变存取控制清单)是用来管理复杂的NTFS权限,补充文件夹选项'安全选项卡提供一种简单的方法来作出轻微的调整权限。 In Windows Vista, CACLS which has drawback of difficult to use to set inherited permissions on a folder is been deprecated and been replaced with iCACLS.在Windows Vista中, cacls ,其中有缺点,很难使用设置继承的权限在一个文件夹是被废弃和被替换icacls 。 iCACLS expands the capabilities of CACLS to be able to display, modify, backup or restore contents of discretionary ACLs for files and directories. icacls扩展的能力, cacls ,以便能够显示,修改,备份或还原的内容,酌情ACL的文件和目录。 iCACLS command line utility also able to show and set mandatory labels of an object for interaction with WIC (Windows Integrity Control) which most noticeable in the Internet Explorer Protected Mode which automatically Low integrity to Internet objects to protect the operating system from malicious web content in Internet Explorer. icacls命令行实用程序也能显示并设置强制性标签对象的互动与WIC的(在Windows的完整性控制) ,其中最明显的在Internet Explorer的保护模式下自动完整性级别低的互联网对象,以保障作业系统免受恶意的网页内容,在Internet Explorer中。
iCACLS syntaxes, parameters or switches list icacls语法,参数或开关名单
ICACLS name /save aclfile [/T] [/C] [/L] [/Q] icacls名称/保存aclfile [ /吨] [ /炭] [ /升] [ / q一起]
store the the acls for the all matching names into aclfile for later use with /restore.存储的ACL为所有相匹配的名字到aclfile供以后使用与/还原。
ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile [/C] [/L] [/Q] icacls目录[ /替代sidold sidnew [...]] /还原aclfile [ /炭] [ /升] [ / q一起]
applies the stored acls to files in directory.适用于存储的ACL的文件在目录中。
ICACLS name /setowner user [/T] [/C] [/L] [/Q] icacls名称/ setowner用户[ /吨] [ /炭] [ /升] [ / q一起]
changes the owner of all matching names.变化的所有者所有相匹配的名字。
ICACLS name /findsid Sid [/T] [/C] [/L] [/Q] icacls名称/ findsid的SID [ /吨] [ /炭] [ /升] [ / q一起]
finds all matching names that contain an ACL explicitly mentioning Sid.发现所有相匹配的名字包含的ACL明确提的SID 。
ICACLS name /verify [/T] [/C] [/L] [/Q] icacls名称/验证[ /吨] [ /炭] [ /升] [ / q一起]
finds all files whose ACL is not in canonical for or whose lengths are inconsistent with ACE counts.发现所有文件的ACL的是不是在为典型或其长度不符合王牌计数。
ICACLS name /reset [/T] [/C] [/L] [/Q] icacls名称/重置[ /吨] [ /炭] [ /升] [ / q一起]
replaces acls with default inherited acls for all matching files取代的ACL与继承的ACL默认为所有匹配的文件
ICACLS name [/grant[:r] Sid:perm[...]] icacls名称[ /金[为: r ]的SID :彼尔姆[...]]
[/deny Sid:perm [...]] [ /否认的SID :彼尔姆[...]]
[/remove[:g|:d]] Sid[...]] [/T] [/C] [/L] [/Q] [ /删除[ :克| : d ]的SID [...]] [ /吨] [ /炭] [ /升] [ / q一起]
[/setintegritylevel Level:policy[...]] [ / setintegritylevel水平:政策[...]]
/grant[:r] Sid:perm grants the specified user access rights. /金[为: r ]的SID :彼尔姆赠款指定的用户访问权限。 With :r, the permissions replace any previouly granted explicit permissions.同为: r ,权限取代任何previouly给予明确的权限。 Without :r, the permissions are added to any previously granted explicit permissions.没有为: r ,权限被添加到任何先前获得的明确权限。
/deny Sid:perm explicitly denies the specified user access rights. /否认的SID :彼尔姆明确否认指定的用户访问权限。 An explicit deny ACE is added for the stated permissions and the same permissions in any explicit grant are removed.一个明确的DENY ACE的补充,是为说明,权限和相同的权限在任何明确的给予都将被删除。
/remove[:[g|d]] Sid removes all occurrences of Sid in the acl. /删除[ : [克号| D ]的SID删除所有发生的SID的ACL 。 With :g, it removes all occurrences of granted rights to that Sid. :克,删除所有发生的理所当然的权利,认为的SID 。 With :d, it removes all occurrences of denied rights to that Sid. :发展,它删除所有发生的否认的权利,认为的SID 。
/setintegritylevel [(CI)(OI)]Level explicitly adds an integrity ACE to all matching files. / setintegritylevel [ ( CI )的(爱) ]水平,明确增加了完整性将ACE所有匹配的文件。 The level is to be specified as one of:水平是被指定为1 :
L[ow]升[低]
M[edium]米[ edium ]
H[igh] h 【室内运动场]
Inheritance options for the integrity ACE may precede the level and are applied only to directories.继承的备选方案的完整性王牌可能先于该水平,并只适用于目录。
Note:注意:
Sids may be in either numerical or friendly name form.小岛屿发展中国家可在任何数值或友好名称形式。 If a numerical form is given, affix a * to the start of the SID.如果一个数值的形式给出,贴上*开始的SID 。
/T indicates that this operation is performed on all matching files/directories below the directories specified in the name. /吨表明,这项行动是履行对所有匹配的文件/目录下面的目录中指定的名称。
/C indicates that this operation will continue on all file errors. /炭表明,这一行动将继续对所有的档案的错误。 Error messages will still be displayed.错误讯息仍然会被显示。
/L indicates that this operation is performed on a symbolic link itself versus its target. /升表示,这项行动是履行对一个符号链接本身银两其目标。
/Q indicates that icacls should supress success messages. / q一起表明, icacls应压制成功的讯息。
ICACLS preserves the canonical ordering of ACE entries: icacls保留了典型订购的ACE项目:
Explicit denials明确否认
Explicit grants明确赠款
Inherited denials继承否认
Inherited grants继承赠款
perm is a permission mask and can be specified in one of two forms:彼尔姆是一个许可,口罩及可以指定在一个有两种形式:
a sequence of simple rights:序列简单的权利:
F - full access f -充分利用
M - modify access米-修改接入
RX - read and execute access接收-读取和执行访问
R - read-only access r -只读访问
W - write-only access瓦特-只写访问
a comma-separated list in parenthesis of specific rights:逗号分隔的列表中括号中的具体权利:
D - delete d -删除
RC - read control钢筋混凝土-读控制
WDAC - write DAC wdac -写发援
WO - write owner太和-写业主
S - synchronize s -同步
AS - access system security -接入系统安全
MA - maximum allowed马-允许的最高值
GR - generic read遗传资源-通用读
GW - generic write毛重-通用收件
GE - generic execute葛-通用执行
GA - generic all遗传算法-通用所有
RD - read data/list directory路-读取数据/名单目录
WD - write data/add file迪士尼公司-写入数据/添加文件
AD - append data/add subdirectory广告-附加数据/添加子目录
REA - read extended attributes的REA -读取扩展属性
WEA - write extended attributes磨损-写入扩展属性
X - execute/traverse x -执行/导线
DC - delete child直流-删除儿童
RA - read attributes在Ra -读取属性
WA - write attributes佤族-写入属性
inheritance rights may precede either form and are applied only to directories:继承权可能会先于任何形式,并只适用于目录:
(OI) - object inherit (爱) -对象继承
(CI) - container inherit ( CI )的-货柜继承
(IO) - inherit only (团) -继承只
(NP) - don’t propagate inherit ( NP )是-不要宣传继承
Examples:例子:
icacls c:\windows\* /save AclFile /T icacls为C : \的Windows \ * /保存aclfile /吨
- Will save the ACLs for all files under c:\windows and its subdirectories to AclFile. -将可节省的A CL的所有文件在C : \ W indows和它的子目录,以a clfile。
icacls c:\windows\ /restore AclFile icacls为C : \的Windows \ /还原aclfile
- Will restore the Acls for every file within AclFile that exists in c:\windows and its subdirectories -将恢复的A CL,每档a clfile存在在C : \ W indows及其子目录
icacls file /grant Administrator:(D,WDAC) icacls文件/授予管理员: (四, wdac )
- Will grant the user Administrator Delete and Write DAC permissions to file -将给予该用户管理员删除和写入发援会的权限文件
icacls file /grant *S-1-1-0:(D,WDAC) icacls文件/批*的S - 1 - 1 - 0 : (四, wdac )
- Will grant the user defined by sid S-1-1-0 Delete and Write DAC permissions to file -将给予该用户所界定的S ID的S - 1 - 1 - 0删除和写入发援会的权限文件
icacls c:\windows\explorer.exe icacls为C : \的Windows \的Explorer.exe
- View the discretionary access list and integrity level -查看酌情访问列表和完整性水平
icacls file /setintegritylevel H icacls文件/ setintegritylevel h
- Modify mandatory integrity level of an object to High -修改强制完整性级别的对象,以高
IMPORTANT : This is a machine translated page which is provided "as is" without warranty. 重要说明 :这是一个机器翻译网页是“按原样”提供的担保。 Machine translation may be difficult to understand.机器翻译可能很难理解。 Please refer to请参阅 original English article英文原版的文章 whenever possible.只要有可能。
Share and contribute or get technical support and help at分享和贡献,或取得技术的支持和帮助,在 My Digital Life Forums 我的数字生活论坛 . 。
Related Articles相关文章
- 10 New Executables and 20 Old Commands in Windows Vista 10个新的可执行文件和20岁的命令在Windows Vista
- Easier Way to Take Ownership and Grant Access Files or Directories in Vista更简单的方式,采取所有权和授予存取文件或目录在Vista
- Delete Undeletable Files in Windows Vista删除undeletable文件在Windows Vista
- Add Open Command Window Here to XP Folder with PowerToy新增开放命令窗口这里XP的文件夹与powertoy
- Reveal and Access to Windows Vista Hidden Context-Sensitive (Right Click) Menu Item - Open Command Prompt Here & Copy as Path揭示和获得Windows Vista的隐藏的上下文敏感的(按一下滑鼠右键)菜单项-打开命令提示符这里&副本为路径
- Run Command Prompt Window as Administrator by Right Click Computer in Vista运行命令提示符窗口,作为管理员的权利,按一下电脑在Vista
- How to Open Elevated Command Prompt with Administrator Privileges in Windows Vista如何打开提升的命令提示符具有管理员权限在Windows Vista
- How to Fully Maximize Command Prompt Window in Vista如何充分发挥命令提示符窗口在Vista
- How to Enable and Turn On Hibernation Feature in Windows Vista如何启用并打开休眠功能在Windows Vista
- How to Disable or Enable Vista User Access Control in Command Prompt如何禁用或启用Vista的使用者存取控制在命令提示符
May 22nd, 2007 02:41 2007年5月22日2时41分
[...] iCacls [...] [ … … ] icacls [ … … ]
October 11th, 2007 01:24 2007年10月11日1时24分
Hello,喂,
Great article by the way, but hoping someone can help me.伟大的文章的方式,但希望有人能帮助我。 I’ve been doing testing and such, and I have the icacls.exe working fairly well, but I have a problem.我一直在做测试等,和我有icacls.exe工作比较好,但我有一个问题。
I’m logged in as a limited user.我登录后,作为一个受限用户。
I use icacls from an elevated command prompt.我使用icacls从一个提升的命令提示符。
I create a test folder in the root directory named “test”.创建一个测试文件夹中的根目录名为“测试” 。
I’m trying to give full control permissions to the “Users” group in windows vista, on that folder.我试着给完全控制权限,以“用户”组在Windows Vista上,该文件夹。
The command I use is this:命令我使用是这样的:
c:\>icacls “Test” /grant Users:(F,WDAC)为C : \ > icacls “测试” /授予用户: (男, wdac )
Now, from my limited user account, if I right-click and go to permissions, security tab and select Users, only the generic “Read & Execute”, “List” and “Read” permissions are checked.现在,从我的受限用户帐户,如果我点击右键并前往权限,安全标签,并选择用户中,只有通用的“读取和执行” , “名单”及“读取”权限检查。 The only noticable difference is that I can click on the “Edit” button to edit the permissions manualy without having to give Admin credentials.唯一显着不同的是,我可以点击“编辑”按钮编辑的权限manualy而不给政府当局的全权证书。
I’ve tried varied combinations of this command but can’t seem to stick those permission on the folder itself.我试过不同组合的这个命令,但似乎无法坚持这些许可对文件夹本身。 If I have a file in the “test” directory and use the /T param the files take the permissions proprely.如果我有一个文件,在“测试”目录和使用/ t参数的档案采取的权限proprely 。
Does anyone know of a way I can set those permissions on a Folder through a script or command-line?没有人知道一个方法,我可以设置这些权限在一个文件夹通过脚本或命令行呢?
Thank you in advance.谢谢你在前进。
November 23rd, 2007 16:03 2007年11月23日16时03分
Hi Jonathan,喜乔纳森,
I think the users group needs F,WDAC permisions on the root too.我认为,用户组的需要,男, wdac permisions对根太。
Good luck,祝您好运,
Ernst恩斯特
November 23rd, 2007 22:58 2007年11月23日22时58分
Thank you for your reply Gaotcreek.感谢您的回复gaotcreek 。
I tried this and it still didn’t work, but it made me try a few other things.我想这和它仍然没有工作,但它使我尝试一些其他的东西。
And I FINALY FOUND OUT HOW TO DO IT!.我终于找到了如何去做! 。 It’s strange, but no combination of ICACLS worked for me, but I found a post that did it.它的奇怪,但没有结合icacls工作的我,但我发现一个帖子没有。 To set folder and file permissions in Vista, you can use CACLS (even though it’s deprecated, it works proprely) and use:设置文件夹和文件的权限在Vista中,您可以使用cacls (即使它的推荐,工程proprely )和使用的规定:
cacls “c:\test” /e /c /g “Users”:F cacls的“ C : \测试”中/英/法的C /克“用户” :女
Maybe someone will find out how to do the same with icacls, or maybe icacls needs a fix.也许有人会找出如何做同样的与icacls ,或也许icacls需要一个修补程序。
Anyways, hope this will help someone else in the future. anyways ,希望这将有助于别人在未来的。