You can use the cacls utility to display or modify access control lists (ACL) of files or folders. A description of the command options follows the syntax. This is the format of the command:
Option | Description |
filename or folder name | Displays ACLs. |
/t | Changes ACLs of specified files in the current folder and all subfolders. |
/e | Edit ACL instead of replacing it. |
/c | Continue on access denied errors. |
/g user:perm | Grant specified user access rights, where perm can be: |
/r user | Revoke specified user's access rights (only valid with /e). |
/p user:perm | Replace specified user's access rights, where perm can be: |
/d user | Deny access to the specified user. |
Wildcards can be used to specify more than one file in a command. You can specify more than one user in a command also.
If you already have permissions set for multiple users on a folder or file and do not use the /e option, all user permissions are removed except for the user and permissions specified on the command line. You should use the following syntax when modifying user permissions to include read, change, and full control respectively:
The cacls utility does not provide a /y option that answers automatically with Y for Yes to the ARE YOU SURE? Y/N prompt. However, you can use the echo command to pipe the character Y as input to the prompt when you are running cacls in a batch file. Use the following syntax to automatically answer Y:
Note
Do not enter a space between the y and the pipe symbol (|). If you do, cacls fails to make the permission change.