icacls

To display or modify discretionary access control lists (DACLs)

Display the DACLs of specified input

C:\> icacls [dir]
C:\> icacls [executable_file].exe

# eg. for directory
C:\> icacls C:\filedir
c:\filedir NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
              BUILTIN\Administrators:(I)(OI)(CI)(F)
              ...

# eg. for executable file
C:\> icacls c:\filedir\exec_file.exe
c:\filedir\exec_file.exe 
             NT AUTHORITY\SYSTEM:(I)(F)
             BUILTIN\Administrators:(I)(F)
             ...

Refer to the icacls documentation link below for information about each of the permission values:

icaclsdocsmsft

Modify the DACLs

Eg. Grant read-only access (R) to the Everyone group on the bin.exefile.

C:\> icacls bin.exe /grant Everyone:R

PreviousRegistry Editor (GUI)NextUser Account Control (UAC)

Last updated 6 months ago