NT 4.0 Permissions Examples

 

GUI Tool

Right Click on any file or folder on NTFS partition, select Properties, Security tab, Permissions button

 

Folder or Directory Permissions – List of Current ACLs

• Select an existing group, then click the Type Of Access dropdown control to change permissions for a group already assigned.
• Select an existing group, then click the Remove button to remove a group or user’s permissions.
• Click the Add button to add a Group for new permissions. 

 

The Add Dialog

 

 

 

Remember, No Access overrides all other permissions assigned.

 

CACLS

cacls.exe is a command line utility included in Windows NT and Win2K.  It enables you to view / set NTFS permissions from a command prompt.  One of its big advantages is that it can make changes to existing permissions without overwriting the entire ACL (through the use of the /e flag). 

 

Below is the output of the cacls /? help information and some examples.

CACLS filename [/T] [/E] [/C] [/G user:perm] [/R user [...]]

               [/P user:perm [...]] [/D user [...]]

 

   filename      Displays ACLs.

   /T            Changes ACLs of specified files in

                 the current directory and all subdirectories.

   /E            Edit ACL instead of replacing it.

   /C            Continue on access denied errors.

   /G user:perm  Grant specified user access rights.

                 Perm can be:

R  Read

C  Change (write)

F  Full control

   /R user  Revoke specified user's access rights (only valid with /E).

   /P user:perm  Replace specified user's access rights.

                 Perm can be: N  None

                              R  Read

                              C  Change (write)

                              F  Full control

   /D user       Deny specified user access. (e.g. No Access)

Wildcards can be used to specify more that one file in a command.

You can specify more than one user in a command.

 

Examples:

cacls c:\ /t /e /g “Administrators”:f “System”:f /r Everyone

Removes the Everyone group from the C drive and all subfolders, adds full control for Administrators group and the System.  Any other existing permissions will remain because it was invoked with the /e switch to only edit existing permissions.

 

cacls c:\ /g “Administrators”:f

Replacing existing ACLs on the C:\ root folder (only) and grants full control to the Administrators group.  All previous permissions will be replaced.