World Library  
Flag as Inappropriate
Email this Article


Article Id: WHEBN0008930340
Reproduction Date:

Title: Cacls  
Author: World Heritage Encyclopedia
Language: English
Subject: ATTRIB, Windows XP editions, Diskcomp, Exe2bin, Ftype
Publisher: World Heritage Encyclopedia


In computing, cacls and its replacement, icacls, are Microsoft Windows native command line utilities capable of displaying and modifying the security descriptors on folders and files. An access control list is a list of permissions for securable object, such as a file or folder, that controls who can access it.


  • cacls 1
  • icacls 2
    • Criticism 2.1
  • See also 3
  • References 4
  • Further reading 5


The cacls.exe utility is a deprecated command line editor of directory and file security descriptors in Windows NT 3.5 and Windows NT. Microsoft has produced the following newer utilities, some also subsequently deprecated, that offer enhancements to support changes introduced with version 3.0 of the NTFS filesystem:

  • xcacls.exe[1][2][3][4] is supported by Windows 2000 and later and adds new features like setting Execute, Delete and Take Ownership permissions
  • xcacls.vbs[5][6]
  • fileacl.exe [7]
  • icacls.exe (included in Windows Server 2003 SP2 and later)[8][9]
  • SubInAcl.exe - Resource Kit utility to set and replace permissions on various type of objects including files, services and registry keys
  • Windows PowerShell (Get-Acl[10] and Set-Acl[11] cmdlets)


Stands for Integrity Control Access Control List. Windows Server 2003 Service Pack 2 and later include icacls, an in-box command-line utility that can display, modify, backup and restore ACLs for files and folders, as well as to set integrity levels and ownership in Vista and later versions. It is not a complete replacement for cacls, however. For example, it does not support Security Descriptor Definition Language (SDDL) syntax directly via command line parameters (only via the /restore option).


All known versions of icacls have a serious bug:[12] on objects with protected ACLs, icacls

  • ignores this protection,
  • resets/destroys the protection and
  • applies/propagates the inheritable permissions from the parent to the object and its children.

See also


  1. ^ "How to use Xcacls.exe to modify NTFS permissions (Revision: 4.5)". Microsoft Support. Microsoft Corporation. 2 March 2007. Retrieved 24 December 2011. 
  2. ^ "Xcacls syntax". Microsoft TechNet. Microsoft Corporation. 28 March 2003. Retrieved 30 October 2012. 
  3. ^ "Windows 2000 Resource Kit Tool: Xcacls.exe". Microsoft Download Center. Microsoft Corporation. 15 May 2002. Retrieved 24 December 2011. 
  4. ^ "Windows XP Service Pack 2 Support Tools". Microsoft Download Center. Microsoft Corporation. 10 August 2004. Retrieved 24 December 2011. 
  5. ^ "How to use Xcacls.vbs to modify NTFS permissions (Revision: 2.4)". Microsoft Support. Microsoft Corporation. 30 October 2006. Retrieved 24 December 2011. 
  6. ^ "Extended Change Access Control List Tool (Xcacls)" (2 July 2004). Microsoft Download Center. Microsoft Corporation. Retrieved 24 December 2011. Xcacls.vbs is an unsupported tool that provides additional capabilities not provided with the supported utility, Xcacls.exe. 
  7. ^ "FILEACL v3.0.1.6".  
  8. ^ "The Icacls.exe utility is available for Windows Server 2003 with Service Pack 2 (Revision: 4.0)". Microsoft Support. Microsoft Corporation. 9 October 2011. Retrieved 24 December 2011. 
  9. ^ "Icacls".  
  10. ^ "Get-Acl". Microsoft TechNet. Microsoft Corporation. 21 April 2010. Retrieved 31 October 2012. 
  11. ^ "Set-Acl". Microsoft TechNet. Microsoft Corporation. 21 April 2010. Retrieved 31 October 2012. 
  13. ^ FILEACL home page

Further reading

  • "Cacls". Microsoft Windows XP Professional Product Documentation. Microsoft Corporation. Retrieved 24 December 2011. 
  • "Xcacls Overview". Microsoft TechNet. Microsoft Corporation. 28 March 2003. Retrieved 24 December 2011. 
  • "DACLs and ACEs". Microsoft Developers Network. Microsoft Corporation. 15 November 2011. Retrieved 24 December 2011. 
  • "CACLS.exe". Retrieved 24 December 2011. 
  • "Microsoft DOS cacls command". Computer Hope. Retrieved 24 December 2011. 
  • Bradley, Tony (2 November 2010). "Introduction to Windows Integrity Control". SecurityFocus.  
  • The Security Descriptor Definition Language of Love (Part 1)
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from World eBook Fair are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.