Home

icacls

icacls is a Windows command-line utility used to display and modify the access control lists (ACLs) on files and directories on NTFS volumes. It was introduced with newer Windows releases and is designed to replace older tools such as cacls and xcacls. icacls provides granular control over permissions, including granting, denying, removing, or replacing access for individual users or groups, and it supports managing inheritance and propagation of permissions to child objects. It can also display and modify ownership and basic auditing settings where supported by the filesystem.

The utility operates on security descriptors that describe who can access a resource and how. Through icacls

Examples of typical usage include granting permissions, such as icacls "C:\Docs" /grant Users:(R) to grant read

you
can
add
or
change
access
rules,
remove
explicit
entries,
or
replace
existing
ACLs
for
a
target
object.
Options
also
cover
inheritance
behavior,
so
permissions
can
apply
to
existing
objects
and
newly
created
descendants.
Common
command-line
options
include
/grant,
/deny,
/remove,
/inheritance,
and
flags
such
as
/t
for
recursive
application,
/c
to
continue
on
errors,
and
/q
for
quieter
output.
In
addition
to
runtime
changes,
icacls
can
export
ACL
configurations
to
a
file
for
backup
or
migration
and
later
restore
them
as
needed.
access;
granting
with
replacement
using
icacls
"C:\Docs"
/grant:r
Users:(F);
and
disabling
inheritance
with
icacls
"C:\Docs"
/inheritance:d.
icacls
is
a
standard
tool
for
system
administrators
and
power
users
managing
NTFS
security
on
Windows.