Windows
  • Introduction
  • General
    • Users
    • SAM database
  • Filesystem
    • NTFS
    • Finding files
  • Services
    • sc
  • Registry
    • reg
  • Registry Editor (GUI)
  • Access control & Permissions
    • icacls
  • User Account Control (UAC)
  • Powershell
    • Get-ChildItem
    • whoami
  • 🔍Active Directory (AD)
    • Domain Controller (DC)
    • Domain Service (AD DS)
      • Security groups
      • Organizational Units (OUs)
      • Security groups vs OUs
    • Authentication methods
      • Kerberos
      • NetNTLM
Powered by GitBook
On this page
  • Display the DACLs of specified input
  • Modify the DACLs
  1. Access control & Permissions

icacls

To display or modify discretionary access control lists (DACLs)

PreviousRegistry Editor (GUI)NextUser Account Control (UAC)

Last updated 3 months ago

Display the DACLs of specified input

C:\> icacls [dir]
C:\> icacls [executable_file].exe

# eg. for directory
C:\> icacls C:\filedir
c:\filedir NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
              BUILTIN\Administrators:(I)(OI)(CI)(F)
              ...

# eg. for executable file
C:\> icacls c:\filedir\exec_file.exe
c:\filedir\exec_file.exe 
             NT AUTHORITY\SYSTEM:(I)(F)
             BUILTIN\Administrators:(I)(F)
             ...

Refer to the icacls documentation link below for information about each of the permission values:

Modify the DACLs

Eg. Grant read-only access (R) to the Everyone group on the bin.exefile.

C:\> icacls bin.exe /grant Everyone:R

Logoicaclsdocsmsft