Xcacls Examples

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

XcAcls Examples

Example 1: Replace ACLs of All Files and Directories in the Current Directory

You want to replace the existing ACLs of all files and directories in the current directory with Read and Write access for the administrator, suppressing confirmation. Type the following at the command line:

xcacls *.* /g administrator:rw /y

Notice that you are not asked to confirm the change. You see output similar to the following:

processed file:  C:\data\compressed.txt
processed file:  C:\data\deptdata.txt
processed file:  C:\data\dirafter.txt
processed file:  C:\data\temp.txt
processed file:  C:\data\uncompressed.txt
processed file:  C:\data\userdata.txt

You can check to see that the command was executed by typing the following at the command line:

xcacls *.*

You see output similar to the following, confirming that the access rights have been set for the administrator:

C:\data\compressed.txt MYCOMPUTER\Administrator:(special access:)

                                           READ_CONTROL
                                           SYNCHRONIZE
                                           FILE_GENERIC_READ
                                           FILE_GENERIC_WRITE
                                           FILE_GENERIC_EXECUTE
                                           FILE_READ_DATA
                                           FILE_WRITE_DATA
                                           FILE_APPEND_DATA
                                           FILE_READ_EA
                                           FILE_WRITE_EA
                                           FILE_EXECUTE
                                           FILE_READ_ATTRIBUTES
                                           FILE_WRITE_ATTRIBUTES
 

C:\data\deptdata.txt MYCOMPUTER\Administrator:(special access:)

                                         READ_CONTROL
                                         SYNCHRONIZE
                                         FILE_GENERIC_READ
                                         FILE_GENERIC_WRITE
                                         FILE_GENERIC_EXECUTE
                                         FILE_READ_DATA
                                         FILE_WRITE_DATA
                                         FILE_APPEND_DATA
                                         FILE_READ_EA
                                         FILE_WRITE_EA
                                         FILE_EXECUTE
                                         FILE_READ_ATTRIBUTES
                                         FILE_WRITE_ATTRIBUTES
 

C:\data\dirafter.txt MYCOMPUTER\Administrator:(special access:)

                                         READ_CONTROL
                                         SYNCHRONIZE
                                         FILE_GENERIC_READ
                                         FILE_GENERIC_WRITE
                                         FILE_GENERIC_EXECUTE
                                         FILE_READ_DATA
                                         FILE_WRITE_DATA
                                         FILE_APPEND_DATA
                                         FILE_READ_EA
                                         FILE_WRITE_EA
                                         FILE_EXECUTE
                                         FILE_READ_ATTRIBUTES
                                         FILE_WRITE_ATTRIBUTES
 

C:\data\temp.txt MYCOMPUTER\Administrator:(special access:)

                                     READ_CONTROL
                                     SYNCHRONIZE
                                     FILE_GENERIC_READ
                                     FILE_GENERIC_WRITE
                                     FILE_GENERIC_EXECUTE
                                     FILE_READ_DATA
                                     FILE_WRITE_DATA
                                     FILE_APPEND_DATA
                                     FILE_READ_EA
                                     FILE_WRITE_EA
                                     FILE_EXECUTE
                                     FILE_READ_ATTRIBUTES
                                     FILE_WRITE_ATTRIBUTES
 

C:\data\uncompressed.txt MYCOMPUTER\Administrator:(special access:)

                                             READ_CONTROL
                                             SYNCHRONIZE
                                             FILE_GENERIC_READ
                                             FILE_GENERIC_WRITE
                                             FILE_GENERIC_EXECUTE
                                             FILE_READ_DATA
                                             FILE_WRITE_DATA
                                             FILE_APPEND_DATA
                                             FILE_READ_EA
                                             FILE_WRITE_EA
                                             FILE_EXECUTE
                                             FILE_READ_ATTRIBUTES
                                             FILE_WRITE_ATTRIBUTES
 

C:\data\userdata.txt MYCOMPUTER\Administrator:(special access:)

                                         READ_CONTROL
                                         SYNCHRONIZE
                                         FILE_GENERIC_READ
                                         FILE_GENERIC_WRITE
                                         FILE_GENERIC_EXECUTE
                                         FILE_READ_DATA
                                         FILE_WRITE_DATA
                                         FILE_APPEND_DATA
                                         FILE_READ_EA
                                         FILE_WRITE_EA
                                         FILE_EXECUTE
                                         FILE_READ_ATTRIBUTES
                                         FILE_WRITE_ATTRIBUTES

Example 2: Edit the ACLs of the Current Directory

You want to give TestUser Read, Write, Run, and Delete rights on all new files created in this directory, but only Read and Write permissions on the directory itself. Type the following at the command line:

xcacls *.* /g TestUser:rwed;rw /e

You see output similar to the following:

processed file:  C:\test\compressed.txt
processed file:  C:\test\deptdata.txt
processed file:  C:\test\dirafter.txt
processed file:  C:\test\temp.txt
processed file:  C:\test\uncompressed.txt
processed file:  C:\test\userdata.txt
C:\data\compressed.txt Everyone:(special access:)
                                READ_CONTROL
                                SYNCHRONIZE
                                FILE_GENERIC_READ
                                FILE_GENERIC_WRITE
                                FILE_GENERIC_EXECUTE
                                FILE_READ_DATA
                                FILE_WRITE_DATA
                                FILE_APPEND_DATA
                                FILE_READ_EA
                                FILE_WRITE_EA
                                FILE_EXECUTE
                                FILE_READ_ATTRIBUTES
                                FILE_WRITE_ATTRIBUTES

                       MYCOMPUTER\TestUser:C

C:\data\deptdata.txt Everyone:(special access:)
                              READ_CONTROL
                              SYNCHRONIZE
                              FILE_GENERIC_READ
                              FILE_GENERIC_WRITE
                              FILE_GENERIC_EXECUTE
                              FILE_READ_DATA
                              FILE_WRITE_DATA
                              FILE_APPEND_DATA
                              FILE_READ_EA
                              FILE_WRITE_EA
                              FILE_EXECUTE
                              FILE_READ_ATTRIBUTES
                              FILE_WRITE_ATTRIBUTES

                     MYCOMPUTER\TestUser:C

C:\data\dirafter.txt Everyone:(special access:)
                              READ_CONTROL
                              SYNCHRONIZE
                              FILE_GENERIC_READ
                              FILE_GENERIC_WRITE
                              FILE_GENERIC_EXECUTE
                              FILE_READ_DATA
                              FILE_WRITE_DATA
                              FILE_APPEND_DATA
                              FILE_READ_EA
                              FILE_WRITE_EA
                              FILE_EXECUTE
                              FILE_READ_ATTRIBUTES
                              FILE_WRITE_ATTRIBUTES

                     MYCOMPUTER\TestUser:C

C:\data\temp.txt Everyone:(special access:)
                          READ_CONTROL
                          SYNCHRONIZE
                          FILE_GENERIC_READ
                          FILE_GENERIC_WRITE
                          FILE_GENERIC_EXECUTE
                          FILE_READ_DATA
                          FILE_WRITE_DATA
                          FILE_APPEND_DATA
                          FILE_READ_EA
                          FILE_WRITE_EA
                          FILE_EXECUTE
                          FILE_READ_ATTRIBUTES
                          FILE_WRITE_ATTRIBUTES

                 MYCOMPUTER\TestUser:C

C:\data\uncompressed.txt Everyone:(special access:)
                                  READ_CONTROL
                                  SYNCHRONIZE
                                  FILE_GENERIC_READ
                                  FILE_GENERIC_WRITE
                                  FILE_GENERIC_EXECUTE
                                  FILE_READ_DATA
                                  FILE_WRITE_DATA
                                  FILE_APPEND_DATA
                                  FILE_READ_EA
                                  FILE_WRITE_EA
                                  FILE_EXECUTE
                                  FILE_READ_ATTRIBUTES
                                  FILE_WRITE_ATTRIBUTES

                         MYCOMPUTER\TestUser:C

C:\data\userdata.txt Everyone:(special access:)
                              READ_CONTROL
                              SYNCHRONIZE
                              FILE_GENERIC_READ
                              FILE_GENERIC_WRITE
                              FILE_GENERIC_EXECUTE
                              FILE_READ_DATA
                              FILE_WRITE_DATA
                              FILE_APPEND_DATA
                              FILE_READ_EA
                              FILE_WRITE_EA
                              FILE_EXECUTE
                              FILE_READ_ATTRIBUTES
                              FILE_WRITE_ATTRIBUTES

                     MYCOMPUTER\TestUser:C

The command edited the ACL of a file or a directory, but its effect on a directory was different. The ACE added to the directory is also an inherit ACE for new files created in this directory.

Example 3: Edit Permissions on a Directory Without Creating an Inherit for New Files

You want to grant Read and Write permissions on a directory for TestUser. You do not want to create an inherit entry for new files, but grant only Read access to existing files. Type the following at the command line:

xcacls *.* /g TestUser:r;trw /e

You see output similar to the following:

C:\data\compressed.txt Everyone:(special access:)
                                READ_CONTROL
                                SYNCHRONIZE
                                FILE_GENERIC_READ
                                FILE_GENERIC_WRITE
                                FILE_GENERIC_EXECUTE
                                FILE_READ_DATA
                                FILE_WRITE_DATA
                                FILE_APPEND_DATA
                                FILE_READ_EA
                                FILE_WRITE_EA
                                FILE_EXECUTE
                                FILE_READ_ATTRIBUTES
                                FILE_WRITE_ATTRIBUTES

                       MYCOMPUTER\TestUser:C

C:\data\deptdata.txt Everyone:(special access:)
                              READ_CONTROL
                              SYNCHRONIZE
                              FILE_GENERIC_READ
                              FILE_GENERIC_WRITE
                              FILE_GENERIC_EXECUTE
                              FILE_READ_DATA
                              FILE_WRITE_DATA
                              FILE_APPEND_DATA
                              FILE_READ_EA
                              FILE_WRITE_EA
                              FILE_EXECUTE
                              FILE_READ_ATTRIBUTES
                              FILE_WRITE_ATTRIBUTES

                     MYCOMPUTER\TestUser:C

C:\data\dirafter.txt Everyone:(special access:)
                              READ_CONTROL
                              SYNCHRONIZE
                              FILE_GENERIC_READ
                              FILE_GENERIC_WRITE
                              FILE_GENERIC_EXECUTE
                              FILE_READ_DATA
                              FILE_WRITE_DATA
                              FILE_APPEND_DATA
                              FILE_READ_EA
                              FILE_WRITE_EA
                              FILE_EXECUTE
                              FILE_READ_ATTRIBUTES
                              FILE_WRITE_ATTRIBUTES

                     MYCOMPUTER\TestUser:C

C:\data\temp.txt Everyone:(special access:)
                          READ_CONTROL
                          SYNCHRONIZE
                          FILE_GENERIC_READ
                          FILE_GENERIC_WRITE
                          FILE_GENERIC_EXECUTE
                          FILE_READ_DATA
                          FILE_WRITE_DATA
                          FILE_APPEND_DATA
                          FILE_READ_EA
                          FILE_WRITE_EA
                          FILE_EXECUTE
                          FILE_READ_ATTRIBUTES
                          FILE_WRITE_ATTRIBUTES

                 MYCOMPUTER\TestUser:C

C:\data\uncompressed.txt Everyone:(special access:)
                                  READ_CONTROL
                                  SYNCHRONIZE
                                  FILE_GENERIC_READ
                                  FILE_GENERIC_WRITE
                                  FILE_GENERIC_EXECUTE
                                  FILE_READ_DATA
                                  FILE_WRITE_DATA
                                  FILE_APPEND_DATA
                                  FILE_READ_EA
                                  FILE_WRITE_EA
                                  FILE_EXECUTE
                                  FILE_READ_ATTRIBUTES
                                  FILE_WRITE_ATTRIBUTES

                         MYCOMPUTER\TestUser:C

C:\data\userdata.txt Everyone:(special access:)
                              READ_CONTROL
                              SYNCHRONIZE
                              FILE_GENERIC_READ
                              FILE_GENERIC_WRITE
                              FILE_GENERIC_EXECUTE
                              FILE_READ_DATA
                              FILE_WRITE_DATA
                              FILE_APPEND_DATA
                              FILE_READ_EA
                              FILE_WRITE_EA
                              FILE_EXECUTE
                              FILE_READ_ATTRIBUTES
                              FILE_WRITE_ATTRIBUTES

                     MYCOMPUTER\TestUser:C

See Also

Concepts

Xcacls Overview
Xcacls Syntax
Alphabetical List of Tools
Topchk.cmd
Rsdir Overview
Rsdiag Overview
Iologsum Overview
Health_chk Overview
Ftonline Overview
Filever Overview
Efsinfo Overview
Dmdiag Overview
Dskprobe Overview
Diruse Overview
Dfsutil Overview
Connstat Overview
Cabarc Overview
Bitsadmin Overview
Sidwkr.dll
Sidwalker Security Administration Tools
Sidwalk Overview
Showaccs Overview
Sdcheck Overview
Ktpass Overview
Ksetup Overview
Getsid Overview
Addiag.exe