Home NT Commands
NT Syntax

XCACLS.exe (Server Resource Kit)

Display or modify Access Control Lists (ACLs) for files and folders.
Unlike cacls.exe, xcacls can apply 'Special Access' rights

syntax
      XCACLS filename [options]

      XCACLS filename

key
   If no options are specified XCACLS will display the ACLs for the file(s)

   options can be any combination of:

   /T       Traverse all subfolders and change all matching files found. 

   /E       Edit ACL instead of replacing it. 

   /R user  Revoke specified user's access rights.

   /D user  Deny specified user access, this will over-ride 
            all other permissions the user has.

   /C       Continue on access denied errors. 
   /Y       Replace user's rights without verify

   /P user:permision;FolderSpec 
       Replace user's rights. see /G option below 

   /G user:permision;FolderSpec
       Grant specified user access rights, permision can be: 
         :r  Read 
         :c  Change (write) 
         :f  Full control 
         :p  Change Permissions (Special access)
         :o  Take Ownership (Special access)
         :x  EXecute (Special access)
         :e  REad (Special access)
         :w  Write (Special access)
         :d  Delete (Special access)

FolderSpec is a permission applied to a folder.
Folder permissions are inherited by new files added to the folder.
If FolderSpec is not specified then permission will apply to
both files and folders.

FolderSpec: T@ where @ is one of the rights above, when this is specified new files will not inherit folder permissions. At least one folder access right must follow T Entries between ';' and T will be ignored.

Wildcards can be used to specify more that one file in a command. You can specify more than one user in a command. You can combine access rights.

For example:

Allow guests the right to read and execute in myFolder
XCACLS myFolder /E /G guests:rx

Allow guests the Full Control permission in myFolder and all subfolders
XCACLS myFolder /T /E /G guests:f

This will grant guests only read access to all files in and below myFolder,
new folders created will be Read Access only, new files will not inherit any rights.
XCACLS myFolder /T /P guests:R;Tr

This will grant guests only execute access to all files in and below myFolder
XCACLS myFolder /T /P guests:x

"I spent most of the eighties, most of my life, riding around in somebody else's car, in possession of, or ingested of, something illegal, on my way from something illegal to something illegal with many illegal things happening all around me" - Iggy Pop

Related Commands:

CACLS - Display or modify Access Control Lists (ACLs) for files and folders
PERMS - Show permissions for a user
SHOWACL - Show file Access Control Lists (win 2000)
SUBINACL - Change an ACL's user/domain (use when the file owner has moved to a new domain)
ATTRIB - Display or change file attributes
NT Permissions explained

Q245031 - Change Registry Permissions from the command line
SetAcl - 3rd party util
chown - changeowner, 3rd party util

Equivalent Linux BASH commands:

chmod - Change access permissions
chown - Change file owner and group

Simon Sheppard
 SS64.com