N None
/D
user
Deny access to
user.
/s:
sddl
Replace the ACL(s) with those specified in the SDDL string •
(not valid with /e, /g, /r, /p, or /d).
In all the options above "
user
" can be a UserName or a Workgroup (either local or global)
• = Windows 7/2008 or above
You can specify more than one user:permission in a single command. Wildcards can be used to
specify multiple files.
If a UserName or WGname includes spaces then it must be surrounded with quotes e.g.
"Authenticated Users"
If no options are specified CACLS will display the ACLs for the file(s)
Setting Deny permission (/D) will deny access to a user even if they
also belong to a group that
grants access.
Limitations
Cacls cannot display or modify the ACL state of files locked in exclusive use.
Cacls cannot set the following permissions:
change permissions, take ownership,
execute
,
delete
use
XCACLS
to set any of these.
Using CACLS
The CACLS command does not provide a /Y switch to automatically answer 'Y' to the Y/N prompt.
However, you can
pipe
the 'Y' character into the CACLS command using
ECHO
, use the following
syntax:
ECHO Y| CACLS
filename /g
username:
permission
To edit a file you must have the "Change" ACL (or be the file's owner)
To use the CACLS command and change an ACL requires "FULL Control"
File "Ownership" will always override all ACL's - you always have Full Control over files that you
create.
If CACLS is used without the /E switch all existing rights on [pathname] will be replaced, any
attempt to use the /E switch to change a [user:permission] that already exists will raise an error.
To be sure the CALCS command will work without errors use /E /R to remove ACL rights for the
user concerned, then use /E to add the desired rights.
The /T option will only traverse subfolders below
Chia sẻ với bạn bè của bạn: