iCACLS Vista Command Prompt Tool to Manage ACLs iCACLS Vista的命令提示符工具來管理的ACL
Prior to Windows Vista, CACLS (Change Access Control Lists) is used to manage to complicated NTFS permissions, complement the Folder Options’ Security tab which offers an easy way to make minor permissions tweaks.之前, Windows Vista中, CACLS (更改訪問控制列表)是用來管理複雜的NTFS權限,補充文件夾選項,安全選項卡提供了一種簡單的方法,使未成年人的權限的調整。 In Windows Vista, CACLS which has drawback of difficult to use to set inherited permissions on a folder is been deprecated and been replaced with iCACLS.在Windows Vista中, CACLS這缺點,難以利用設置繼承的權限的文件夾是不被提倡,被替換成iCACLS 。 iCACLS expands the capabilities of CACLS to be able to display, modify, backup or restore contents of discretionary ACLs for files and directories. iCACLS擴展的能力CACLS能夠顯示,修改,備份或恢復自由裁量內容的ACL的文件和目錄。 iCACLS command line utility also able to show and set mandatory labels of an object for interaction with WIC (Windows Integrity Control) which most noticeable in the Internet Explorer Protected Mode which automatically Low integrity to Internet objects to protect the operating system from malicious web content in Internet Explorer. iCACLS命令行實用程序還可以顯示和設置強制性標籤的對象進行互動與WIC (僅限Windows完整性控制) ,其中最引人注目的Internet Explorer保護模式,可自動低完整的Internet對象,以保護操作系統免受惡意的網頁內容Internet Explorer中。
iCACLS syntaxes, parameters or switches list iCACLS語法,參數或開關名單
ICACLS name /save aclfile [/T] [/C] [/L] [/Q] ICACLS名稱/保存aclfile [ /噸] [ /炭] [ / L的] [ / Q地]
store the the acls for the all matching names into aclfile for later use with /restore.儲存的ACL的所有匹配到aclfile名稱供以後使用/恢復。
ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile [/C] [/L] [/Q] ICACLS目錄[ /替代SidOld SidNew [...]] /恢復aclfile [ /炭] [ / L的] [ / Q地]
applies the stored acls to files in directory.適用於儲存的ACL檔案目錄。
ICACLS name /setowner user [/T] [/C] [/L] [/Q] ICACLS名稱/ setowner用戶[ /噸] [ /炭] [ / L的] [ / Q地]
changes the owner of all matching names.變化的所有者所有匹配的名字。
ICACLS name /findsid Sid [/T] [/C] [/L] [/Q] ICACLS名稱/ findsid希德[ /噸] [ /炭] [ / L的] [ / Q地]
finds all matching names that contain an ACL explicitly mentioning Sid.找到相匹配的名字都包含的ACL明確提到希德。
ICACLS name /verify [/T] [/C] [/L] [/Q] ICACLS名稱/驗證[ /噸] [ /炭] [ / L的] [ / Q地]
finds all files whose ACL is not in canonical for or whose lengths are inconsistent with ACE counts.認為所有的檔案的韌帶不規範或其長度不符合血管緊張素轉換酶罪狀。
ICACLS name /reset [/T] [/C] [/L] [/Q] ICACLS名稱/重置[ /噸] [ /炭] [ / L的] [ / Q地]
replaces acls with default inherited acls for all matching files取代默認的ACL繼承的ACL匹配的所有文件
ICACLS name [/grant[:r] Sid:perm[...]] ICACLS名稱[ /授予[ :燃機]希德:燙髮[...]]
[/deny Sid:perm [...]] [ /否認希德:燙髮[...]]
[/remove[:g|:d]] Sid[...]] [/T] [/C] [/L] [/Q] [ /刪除[ :克| :搭扣] ]希德[...]] [ /噸] [ /炭] [ / L的] [ / Q地]
[/setintegritylevel Level:policy[...]] [ / setintegritylevel級別:政策[...]]
/grant[:r] Sid:perm grants the specified user access rights. /授予[ :燃機]希德:燙髮贈款指定的用戶訪問權限。 With :r, the permissions replace any previouly granted explicit permissions.隨著:丁權限取代任何previouly明確賦予的權限。 Without :r, the permissions are added to any previously granted explicit permissions.無:得的權限被添加到任何先前明確賦予的權限。
/deny Sid:perm explicitly denies the specified user access rights. /否認希德:燙髮明確否認指定的用戶訪問權限。 An explicit deny ACE is added for the stated permissions and the same permissions in any explicit grant are removed.一個明確的否認ACE是增加規定的權限和相同的權限在任何明確的補助金將被刪除。
/remove[:[g|d]] Sid removes all occurrences of Sid in the acl. /刪除[ : [克|天] ]希德刪除所有發生在希德的ACL 。 With :g, it removes all occurrences of granted rights to that Sid.隨著:克,它刪除所有出現的授予權利的希德。 With :d, it removes all occurrences of denied rights to that Sid.隨著:天,它刪除所有出現的否認權利的希德。
/setintegritylevel [(CI)(OI)]Level explicitly adds an integrity ACE to all matching files. / setintegritylevel [ ( CI )的(脆骨病) ]級明確增加了血管緊張素轉換酶完整匹配所有檔案的。 The level is to be specified as one of:該級別是被指定為之一:
L[ow] L [現在]
M[edium] M [ edium ]
H[igh] H號[高]
Inheritance options for the integrity ACE may precede the level and are applied only to directories.繼承選擇血管緊張素轉換酶的完整性可以先水平,並只適用於目錄。
Note:請注意:
Sids may be in either numerical or friendly name form.小島嶼發展中國家可在任何數值或友好名稱的形式。 If a numerical form is given, affix a * to the start of the SID.如果一個數值的形式給出,貼上*在開始的SID 。
/T indicates that this operation is performed on all matching files/directories below the directories specified in the name. /噸表明,這一行動是對所有進行匹配文件/目錄下面的目錄中指定的名稱。
/C indicates that this operation will continue on all file errors. /炭表明,這一行動將繼續對所有文件的錯誤。 Error messages will still be displayed.錯誤信息仍然會顯示出來。
/L indicates that this operation is performed on a symbolic link itself versus its target. / L的表示,這次行動是履行一個符號鏈接本身與它的目標。
/Q indicates that icacls should supress success messages. / Q地表明,不應壓制icacls成功訊息。
ICACLS preserves the canonical ordering of ACE entries: ICACLS維護規範有序的ACE條目:
Explicit denials明確否認
Explicit grants明確贈款
Inherited denials繼承否認
Inherited grants繼承贈款
perm is a permission mask and can be specified in one of two forms:燙髮是一個允許面具,可以指定有兩種形式:
a sequence of simple rights:一系列簡單的權利:
F - full access F -充分利用
M - modify access M -修改接入
RX - read and execute access接收-讀取和執行訪問
R - read-only access燃機-只讀訪問
W - write-only access全體委員會-只寫訪問
a comma-separated list in parenthesis of specific rights:以逗號分隔的列表括號中的具體權利:
D - delete數d -刪除
RC - read control鋼筋混凝土-讀取控制
WDAC - write DAC WDAC -寫數模轉換器
WO - write owner沃-寫老闆
S - synchronize語-同步
AS - access system security作為-接入系統安全
MA - maximum allowed馬-允許的最大
GR - generic read希-通用閱讀
GW - generic write毛重-通用寫入
GE - generic execute通用電氣公司-通用執行
GA - generic all遺傳算法-通用所有
RD - read data/list directory路-讀取數據/名單目錄
WD - write data/add file西部-寫數據/添加文件
AD - append data/add subdirectory廣告-附加數據/添加子目錄
REA - read extended attributes關節炎-讀擴展屬性
WEA - write extended attributes福音-寫擴展屬性
X - execute/traverse器-執行/導線
DC - delete child直流-刪除兒童
RA - read attributes類風濕性關節炎-讀屬性
WA - write attributes西澳-寫屬性
inheritance rights may precede either form and are applied only to directories:繼承權或者可能先於形式,並只適用於目錄:
(OI) - object inherit (脆骨病) -對象繼承
(CI) - container inherit ( CI )的-容器繼承
(IO) - inherit only (輸入輸出) -繼承只
(NP) - don’t propagate inherit ( NP方案) -不宣傳繼承
Examples:例如:
icacls c:\windows\* /save AclFile /T icacls ç : \窗戶\ * /保存AclFile /噸
- Will save the ACLs for all files under c:\windows and its subdirectories to AclFile. -將節省的A CL的所有文件C :下\ W indows和它的子目錄到A clFile。
icacls c:\windows\ /restore AclFile icacls ç : \窗戶\ /恢復AclFile
- Will restore the Acls for every file within AclFile that exists in c:\windows and its subdirectories -將恢復的A CL,每檔內A clFile存在在c : \ W indows和它的子目錄
icacls file /grant Administrator:(D,WDAC) icacls文件/授予署長: (丁, WDAC )
- Will grant the user Administrator Delete and Write DAC permissions to file -將授予用戶和管理員刪除收件發展援助委員會的權限文件
icacls file /grant *S-1-1-0:(D,WDAC) icacls檔案/補助金*的S - 1 - 1 - 0 : (丁, WDAC )
- Will grant the user defined by sid S-1-1-0 Delete and Write DAC permissions to file -將授予用戶定義的希德的S - 1 - 1 - 0刪除收件發展援助委員會的權限文件
icacls c:\windows\explorer.exe icacls ç : \窗戶\ Explorer.exe的
- View the discretionary access list and integrity level -檢視的自由裁量訪問列表和完整性級別
icacls file /setintegritylevel H icacls文件/ setintegritylevel H
- Modify mandatory integrity level of an object to High -修改強制完整性級別的對象以高
IMPORTANT : This is a machine translated page which is provided "as is" without warranty. 重要說明:這是一台機器翻譯網頁這是“原樣”提供,無保修。 Machine translation may be difficult to understand.機器翻譯可能很難理解。 Please refer to請參閱 original English article英文原文的文章 whenever possible.只要有可能。
Share and contribute or get technical support and help at共享和貢獻或獲得技術支持和幫助 My Digital Life Forums 我的數字生活論壇 . 。
Related Articles相關文章
- How to Fully Maximize Command Prompt Window in Vista如何充分發揮命令提示符窗口在Vista
- Run Command Prompt Window as Administrator by Right Click Computer in Vista運行命令提示符窗口作為管理員右鍵點擊電腦在Vista
- How to Open Elevated Command Prompt with Administrator Privileges in Windows Vista如何打開命令提示符升高具有管理員權限的Windows Vista中
- How to Disable or Enable Vista User Access Control in Command Prompt如何禁用或啟用Vista的用戶訪問控制命令提示符
- Create and Put an Elevated Command Prompt on Windows Vista Desktop or Start Menu建立並提升的命令提示符在Windows Vista桌面或開始菜單
- Open Elevated Command Prompt Window Here as Administrator at Current Folder Directly in Vista Windows Explorer開放高架命令提示窗口這裡作為管理員在當前文件夾直接在Vista中Windows檔案總管
- Reveal and Access to Windows Vista Hidden Context-Sensitive (Right Click) Menu Item - Open Command Prompt Here & Copy as Path揭示和獲得Windows Vista中隱藏的上下文敏感(右點擊)菜單項-打開命令提示符在這裡與複製的路徑
- Delete Browsing History for IE7 By Using Command Prompt刪除瀏覽歷史, IE7的使用命令提示符
- Comprehensive List of Command Prompt Keyboard Accelerators (Shortcut Keys)綜合名單命令提示符鍵盤加速器(快捷鍵)
- Manage Multiple Sets of Folders via Microsoft’s Free Synchronization Tool SyncToy V2.0管理多套文件夾通過微軟的免費的同步工具SyncToy 2.0
May 22nd, 2007 02:41 2007年5月22日2時41分
[...] iCacls [...] [...] iCacls [...]
October 11th, 2007 01:24 07年10月11號1點24分
Hello,餵,
Great article by the way, but hoping someone can help me.大條的方式,但希望有人能幫助我。 I’ve been doing testing and such, and I have the icacls.exe working fairly well, but I have a problem.我一直在做測試,這樣,和我icacls.exe運作良好,但我有一個問題。
I’m logged in as a limited user.我記錄在有限的用戶。
I use icacls from an elevated command prompt.我使用icacls從提升的命令提示符。
I create a test folder in the root directory named “test”.創建一個測試文件夾中的根目錄命名為“測試” 。
I’m trying to give full control permissions to the “Users” group in windows vista, on that folder.我想給完全控制權限“用戶”組在Windows Vista中,在該文件夾。
The command I use is this:該命令我使用的是:
c:\>icacls “Test” /grant Users:(F,WDAC) ç : \ “ icacls ”測試“ /授予用戶: (男, WDAC )
Now, from my limited user account, if I right-click and go to permissions, security tab and select Users, only the generic “Read & Execute”, “List” and “Read” permissions are checked.現在,從我有限的用戶帳戶,如果我點擊右鍵並進入權限,安全標籤,並選擇用戶,只有通用的“讀取和執行” , “名單”和“讀取”權限進行檢查。 The only noticable difference is that I can click on the “Edit” button to edit the permissions manualy without having to give Admin credentials.唯一的明顯區別是,我可以點擊“編輯”按鈕,修改的權限manualy而不給管理員證書。
I’ve tried varied combinations of this command but can’t seem to stick those permission on the folder itself.我試過不同的組合,此命令,但似乎無法堅持這些權限的文件夾本身。 If I have a file in the “test” directory and use the /T param the files take the permissions proprely.如果我有一個文件中的“測試”的目錄,並使用/ t參數文件的權限proprely 。
Does anyone know of a way I can set those permissions on a Folder through a script or command-line?有誰知道的,我可以設置這些權限的文件夾上通過一個腳本或命令行?
Thank you in advance.謝謝你了。
November 23rd, 2007 16:03 2007年11月23日16:03
Hi Jonathan,您好喬納森,
I think the users group needs F,WDAC permisions on the root too.我認為,用戶組需要男, WDAC permisions根也。
Good luck,祝您好運,
Ernst恩斯特
November 23rd, 2007 22:58 2007年11月23日22:58
Thank you for your reply Gaotcreek.非常感謝您的回复Gaotcreek 。
I tried this and it still didn’t work, but it made me try a few other things.我嘗試這一點,但仍然沒有奏效,但是它讓我嘗試一些其他的事情。
And I FINALY FOUND OUT HOW TO DO IT!.我終於找到了如何做到這一點! 。 It’s strange, but no combination of ICACLS worked for me, but I found a post that did it.很奇怪,但沒有ICACLS相結合的工作,但我發現一個帖子沒有。 To set folder and file permissions in Vista, you can use CACLS (even though it’s deprecated, it works proprely) and use:要設置文件夾和文件的權限在Vista中,您可以使用CACLS (即使它推薦,它proprely )和使用:
cacls “c:\test” /e /c /g “Users”:F cacls的“ C : \測試” /電子/三/克“用戶” :女
Maybe someone will find out how to do the same with icacls, or maybe icacls needs a fix.也許有人會找出如何做同樣的icacls ,或者icacls需要修補程序。
Anyways, hope this will help someone else in the future.反正,希望這將有助於別人的未來。
October 18th, 2008 10:52 2008年10月18號10:52
[...] kinds of different combinations of the commands that, atleast to me, make sense. [...]種不同組合的命令說,至少對我來說,有意義的。 I found this site,我發現這個網站, http://www.mydigitallife.info/2007/0…o-manage-acls/ http://www.mydigitallife.info/2007/0 ...鄰管理的ACL / . 。 The file I changed permissions on is C:WindowsSystem32mapisvc.inf.該文件我改變的權限是C : WindowsSystem32mapisvc.inf 。 I believe that the [...]我認為, [...]