Windows Tools

XcAcls Examples

Overview | Syntax | Examples | Related Tools Open Command Prompt

Example 1: Replace ACLs of All Files and Directories in the Current Directory

You want to replace the existing ACLs of all files and directories in the current directory with read and write access for the administrator, suppressing confirmation. Type the following at the command line:

xcacls *.* /g administrator:rw /y

Notice that you are not asked to confirm the change. You see output similar to the following:

processed file:  C:\data\compressed.txt
processed file:  C:\data\deptdata.txt
processed file:  C:\data\dirafter.txt
processed file:  C:\data\temp.txt
processed file:  C:\data\uncompressed.txt
processed file:  C:\data\userdata.txt

You can check to see that the command was executed by typing the following at the command line:

xcacls *.*

You see output similar to the following, confirming that the access rights have been set for the administrator:

C:\data\compressed.txt MYCOMPUTER\Administrator:(special access:)

										 READ_CONTROL
										 SYNCHRONIZE
										 FILE_GENERIC_READ
										 FILE_GENERIC_WRITE
										 FILE_GENERIC_EXECUTE
										 FILE_READ_DATA
										 FILE_WRITE_DATA
										 FILE_APPEND_DATA
										 FILE_READ_EA
										 FILE_WRITE_EA
										 FILE_EXECUTE
										 FILE_READ_ATTRIBUTES
										 FILE_WRITE_ATTRIBUTES
 

C:\data\deptdata.txt MYCOMPUTER\Administrator:(special access:)

										 READ_CONTROL
										 SYNCHRONIZE
										 FILE_GENERIC_READ
										 FILE_GENERIC_WRITE
										 FILE_GENERIC_EXECUTE
										 FILE_READ_DATA
										 FILE_WRITE_DATA
										 FILE_APPEND_DATA
										 FILE_READ_EA
										 FILE_WRITE_EA
										 FILE_EXECUTE
										 FILE_READ_ATTRIBUTES
										 FILE_WRITE_ATTRIBUTES
 

C:\data\dirafter.txt MYCOMPUTER\Administrator:(special access:)

										 READ_CONTROL
										 SYNCHRONIZE
										 FILE_GENERIC_READ
										 FILE_GENERIC_WRITE
										 FILE_GENERIC_EXECUTE
										 FILE_READ_DATA
										 FILE_WRITE_DATA
										 FILE_APPEND_DATA
										 FILE_READ_EA
										 FILE_WRITE_EA
										 FILE_EXECUTE
										 FILE_READ_ATTRIBUTES
										 FILE_WRITE_ATTRIBUTES
 

C:\data\temp.txt MYCOMPUTER\Administrator:(special access:)

									 READ_CONTROL
									 SYNCHRONIZE
									 FILE_GENERIC_READ
									 FILE_GENERIC_WRITE
									 FILE_GENERIC_EXECUTE
									 FILE_READ_DATA
									 FILE_WRITE_DATA
									 FILE_APPEND_DATA
									 FILE_READ_EA
									 FILE_WRITE_EA
									 FILE_EXECUTE
									 FILE_READ_ATTRIBUTES
									 FILE_WRITE_ATTRIBUTES
 

C:\data\uncompressed.txt MYCOMPUTER\Administrator:(special access:)

											 READ_CONTROL
											 SYNCHRONIZE
											 FILE_GENERIC_READ
											 FILE_GENERIC_WRITE
											 FILE_GENERIC_EXECUTE
											 FILE_READ_DATA
											 FILE_WRITE_DATA
											 FILE_APPEND_DATA
											 FILE_READ_EA
											 FILE_WRITE_EA
											 FILE_EXECUTE
											 FILE_READ_ATTRIBUTES
											 FILE_WRITE_ATTRIBUTES
 

C:\data\userdata.txt MYCOMPUTER\Administrator:(special access:)

										 READ_CONTROL
										 SYNCHRONIZE
										 FILE_GENERIC_READ
										 FILE_GENERIC_WRITE
										 FILE_GENERIC_EXECUTE
										 FILE_READ_DATA
										 FILE_WRITE_DATA
										 FILE_APPEND_DATA
										 FILE_READ_EA
										 FILE_WRITE_EA
										 FILE_EXECUTE
										 FILE_READ_ATTRIBUTES
										 FILE_WRITE_ATTRIBUTES

Example 2: Edit the ACLs of the Current Directory

You want to give TestUser read, write, run, and delete rights on all new files created in this directory, but only read and write permissions on the directory itself. Type the following at the command line:

xcacls *.* /g TestUser:rwed;rw /e

You see output similar to the following:

processed file:  C:\test\compressed.txt
processed file:  C:\test\deptdata.txt
processed file:  C:\test\dirafter.txt
processed file:  C:\test\temp.txt
processed file:  C:\test\uncompressed.txt
processed file:  C:\test\userdata.txt
C:\data\compressed.txt Everyone:(special access:)
								READ_CONTROL
								SYNCHRONIZE
								FILE_GENERIC_READ
								FILE_GENERIC_WRITE
								FILE_GENERIC_EXECUTE
								FILE_READ_DATA
								FILE_WRITE_DATA
								FILE_APPEND_DATA
								FILE_READ_EA
								FILE_WRITE_EA
								FILE_EXECUTE
								FILE_READ_ATTRIBUTES
								FILE_WRITE_ATTRIBUTES

					 MYCOMPUTER\TestUser:C

C:\data\deptdata.txt Everyone:(special access:)
							READ_CONTROL
							SYNCHRONIZE
							FILE_GENERIC_READ
							FILE_GENERIC_WRITE
							FILE_GENERIC_EXECUTE
							FILE_READ_DATA
							FILE_WRITE_DATA
							FILE_APPEND_DATA
							FILE_READ_EA
							FILE_WRITE_EA
							FILE_EXECUTE
							FILE_READ_ATTRIBUTES
							FILE_WRITE_ATTRIBUTES

					 MYCOMPUTER\TestUser:C

C:\data\dirafter.txt Everyone:(special access:)
							READ_CONTROL
							SYNCHRONIZE
							FILE_GENERIC_READ
							FILE_GENERIC_WRITE
							FILE_GENERIC_EXECUTE
							FILE_READ_DATA
							FILE_WRITE_DATA
							FILE_APPEND_DATA
							FILE_READ_EA
							FILE_WRITE_EA
							FILE_EXECUTE
							FILE_READ_ATTRIBUTES
							FILE_WRITE_ATTRIBUTES

					 MYCOMPUTER\TestUser:C

C:\data\temp.txt Everyone:(special access:)
						READ_CONTROL
						SYNCHRONIZE
						FILE_GENERIC_READ
						FILE_GENERIC_WRITE
						FILE_GENERIC_EXECUTE
						FILE_READ_DATA
						FILE_WRITE_DATA
						FILE_APPEND_DATA
						FILE_READ_EA
						FILE_WRITE_EA
						FILE_EXECUTE
						FILE_READ_ATTRIBUTES
						FILE_WRITE_ATTRIBUTES

				 MYCOMPUTER\TestUser:C

C:\data\uncompressed.txt Everyone:(special access:)
								READ_CONTROL
								SYNCHRONIZE
								FILE_GENERIC_READ
								FILE_GENERIC_WRITE
								FILE_GENERIC_EXECUTE
								FILE_READ_DATA
								FILE_WRITE_DATA
								FILE_APPEND_DATA
								FILE_READ_EA
								FILE_WRITE_EA
								FILE_EXECUTE
								FILE_READ_ATTRIBUTES
								FILE_WRITE_ATTRIBUTES

						 MYCOMPUTER\TestUser:C

C:\data\userdata.txt Everyone:(special access:)
							READ_CONTROL
							SYNCHRONIZE
							FILE_GENERIC_READ
							FILE_GENERIC_WRITE
							FILE_GENERIC_EXECUTE
							FILE_READ_DATA
							FILE_WRITE_DATA
							FILE_APPEND_DATA
							FILE_READ_EA
							FILE_WRITE_EA
							FILE_EXECUTE
							FILE_READ_ATTRIBUTES
							FILE_WRITE_ATTRIBUTES

					 MYCOMPUTER\TestUser:C

The command edited the ACL of a file or a directory, but its effect on a directory was different. The ACE added to the directory is also an inherit ACE for new files created in this directory.

Example 3: Edit Permissions on a Directory Without Creating an Inherit for New Files

You want to grant read and write permissions on a directory for TestUser. You do not want to create an inherit entry for new files, but grant only read access to existing files. Type the following at the command line:

xcacls *.* /g TestUser:r;trw /e

You see output similar to the following:

C:\data\compressed.txt Everyone:(special access:)
								READ_CONTROL
								SYNCHRONIZE
								FILE_GENERIC_READ
								FILE_GENERIC_WRITE
								FILE_GENERIC_EXECUTE
								FILE_READ_DATA
								FILE_WRITE_DATA
								FILE_APPEND_DATA
								FILE_READ_EA
								FILE_WRITE_EA
								FILE_EXECUTE
								FILE_READ_ATTRIBUTES
								FILE_WRITE_ATTRIBUTES

					 MYCOMPUTER\TestUser:C

C:\data\deptdata.txt Everyone:(special access:)
							READ_CONTROL
							SYNCHRONIZE
							FILE_GENERIC_READ
							FILE_GENERIC_WRITE
							FILE_GENERIC_EXECUTE
							FILE_READ_DATA
							FILE_WRITE_DATA
							FILE_APPEND_DATA
							FILE_READ_EA
							FILE_WRITE_EA
							FILE_EXECUTE
							FILE_READ_ATTRIBUTES
							FILE_WRITE_ATTRIBUTES

					 MYCOMPUTER\TestUser:C

C:\data\dirafter.txt Everyone:(special access:)
							READ_CONTROL
							SYNCHRONIZE
							FILE_GENERIC_READ
							FILE_GENERIC_WRITE
							FILE_GENERIC_EXECUTE
							FILE_READ_DATA
							FILE_WRITE_DATA
							FILE_APPEND_DATA
							FILE_READ_EA
							FILE_WRITE_EA
							FILE_EXECUTE
							FILE_READ_ATTRIBUTES
							FILE_WRITE_ATTRIBUTES

					 MYCOMPUTER\TestUser:C

C:\data\temp.txt Everyone:(special access:)
						READ_CONTROL
						SYNCHRONIZE
						FILE_GENERIC_READ
						FILE_GENERIC_WRITE
						FILE_GENERIC_EXECUTE
						FILE_READ_DATA
						FILE_WRITE_DATA
						FILE_APPEND_DATA
						FILE_READ_EA
						FILE_WRITE_EA
						FILE_EXECUTE
						FILE_READ_ATTRIBUTES
						FILE_WRITE_ATTRIBUTES

				 MYCOMPUTER\TestUser:C

C:\data\uncompressed.txt Everyone:(special access:)
								READ_CONTROL
								SYNCHRONIZE
								FILE_GENERIC_READ
								FILE_GENERIC_WRITE
								FILE_GENERIC_EXECUTE
								FILE_READ_DATA
								FILE_WRITE_DATA
								FILE_APPEND_DATA
								FILE_READ_EA
								FILE_WRITE_EA
								FILE_EXECUTE
								FILE_READ_ATTRIBUTES
								FILE_WRITE_ATTRIBUTES

						 MYCOMPUTER\TestUser:C

C:\data\userdata.txt Everyone:(special access:)
							READ_CONTROL
							SYNCHRONIZE
							FILE_GENERIC_READ
							FILE_GENERIC_WRITE
							FILE_GENERIC_EXECUTE
							FILE_READ_DATA
							FILE_WRITE_DATA
							FILE_APPEND_DATA
							FILE_READ_EA
							FILE_WRITE_EA
							FILE_EXECUTE
							FILE_READ_ATTRIBUTES
							FILE_WRITE_ATTRIBUTES

					 MYCOMPUTER\TestUser:C