CACLS and iCACLS

Set file and folder permission with the command line or a batch file script.

Undocumented CACLS: Group Permissions Capabilities http://support.microsoft.com/kb/162786

BAT script example: http://social.technet.microsoft.com/Forums/windowsserver/en-US/ebbf5897-4f1d-4bf9-b6b3-5f7d77dac023/remove-inherited-ntfs-permissions-on-835-sub-folders?forum=winservergen

1 set zLog=SetPerms.log
2 if exist %zLog% del %zlog% >NUL
3 REM for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && cacls "%%i" /T /e /g "Administrators":F >>%zLog% && echo **********Admin_NTFS_Set>>%Zlog%
4 REM for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && cacls "%%i" /T /e /g "%userdomain%\Domain Admins":F >>%zLog% && echo **********Admin_NTFS_Set>>%Zlog%
5 for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && cacls "%%i" /T /E /R "%userdomain%\michaelb" >>%zLog% && echo **********Admin_NTFS_Set>>%Zlog%

  • Line #1 Sets the variable 'zLog' and assignes a name to a results log
  • Line #2 Checks for en existing results log and deletes it
  • Line #3 Grants full access permissions to the local machine administrators
  • Line #4 Grants full access permissions to the domain administrators
  • Line #5 Revokes ALL permissions for a user, in the example the userr is domain user 'michaelb'
Last modified:: 2016/03/19 16:03