???? ID: 318754 - ????? ???????: 04 ?????? 2010 - ??????: 2.0

How to use Xcacls.exe to modify NTFS permissions

???? ?????? ???????????? ?????? ???????? KB ?? ???????? ????? ?? ??? ???? ????? ????
?? ???????? ?? ?????? ??? ?? ?? ???? ???? ???? ??.
?????? ??????This article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.
?????
This article applies to Windows 2000.Support for Windows 2000 ends on July 13, 2010.TheWindows 2000 ???-??-?????? ?????? ?????? (http://support.microsoft.com/win2000) Windows 2000 ?? ???? ????????? ?????? ?? ????? ????? ?? ??? ??? ??????? ????? ??? ???? ??????? ?? ??? ?????Microsoft ?????? Lifecycle ???? (http://support.microsoft.com/lifecycle/) .
?????
This article applies to Windows 2000.Support for Windows 2000 ends on July 13, 2010.TheWindows 2000 ???-??-?????? ?????? ?????? (http://support.microsoft.com/win2000) Windows 2000 ?? ???? ????????? ?????? ?? ????? ????? ?? ??? ??? ??????? ????? ??? ???? ??????? ?? ??? ?????Microsoft ?????? Lifecycle ???? (http://support.microsoft.com/lifecycle/) .

?? ????? ??

??? ?? ??????? ???? | ??? ?? ??????? ????

??????

?? ??? ?? ??? ???? ????? ???? ?? ?? ??????? ?? ????????? ?? ??? NTFS ????????? ????? ?? ??? ?? ??????? ???? ?? ??? ??????? ???????? Access ???????? ???? ????? (Xcacls.exe) ?? ????? ???? ?????

??? ????? ?????? ??????? ?????? ?? ????? ????? ?? Windows Explorer ??? ???? ?????? ?? ??? ???? ?? ??? ?? Xcacls.exe ?? ????? ?? ???? ???? Xcacls.exe ?? ????????? ???? ?? ????? ???????? ???? (ACLs) ??????? ?? ??????? ???? ???

Xcacls.exe Windows 2000 Professional ?? Windows 2000 ????? ?? ????????? ??????? ??? ????? ??? ?? ?????? ??? ?? ????? ?? ????? ??, ?????? ?? ????????? ?????? ?? ???????? ?????? ?? ????? ????????? ?? ??? ??? ?? ???? ???? ?? ?? ????? ?? ???????????? ???? ?? ??? ?????????? ?? ?????? ????, Xcacls.exe ?? ???????? ??????? ?? ?????????? ?????? ??????? ?? ???? ???? ?? one-step ??????? ???

Xcacls.exe ?????? ?? Windows 2000 ?????? ??? ??? ????? ??? Xcacls.exe ?????? ?? Windows Server 2003 ?????? ????? ??? ?? ????? ???

????? ????? Microsoft ??????? ?????? ?? ??????? ?? ??? ?????? ??::

?? ??? ?? ??????? ?????? ??? ?? ??????? ????
??????? ????
XCacls_Installer.exe ?????? ?? ??????? ????? (http://www.microsoft.com/downloads/details.aspx?FamilyID=0ad33a24-0616-473c-b103-c35bc2820bda&DisplayLang=en)
????? ?? ???? ????

Xcacls.exe ????????

xcacls????? ???[/T] [/E] [/C] [/G??????????: perm; spec] [/R ??????????] [/P??????????: perm; spec[...]] [/D??????????[...]] [/Y]
????????? ???????? ?? ??????? ?? ??? ?? ACL ?? ????? ???????? ????????? (ACE) ?????????? ???? ?? ??? ?? ????? ???? ??? ??? ???? ??????????? ?????? ?? ????? ???? ?? ???? ???

/T??????? ??????? ?? ?????? ?? recursively ???? ?? ??? chosen ???? ?? ??? ??, ???? ??????????? ??? ?? ??? ???? ??????? ?? ????????? ?? ??? ?????? ?? ????? ???

/E??? ????? ?? ???? ACL ??????? ???? ??? ?????? ?? ???, ???? ?????????? ?? ????? ??????? ???? Test.dat ????? ?? ??? ??? ?? ?????XCACLS test.dat /G ??????????: F????? ??? ACEs ?? ???? ???? ?? ??? ????

/Ccauses Xcacls.exe to continue if an "access denied" error message occurs. ???/Cis not specified, Xcacls.exe stops on this error.

/Guser:perm;specgrants a user access to the matching file or folder.
  • Theperm(permission) variable applies the specified access right to files and represents the special file-access-right mask for folders. Thepermvariable accepts the following values:
    • R????
    • CChange (write)
    • F???? ????????
    • PChange Permissions (special access)
    • ???Take Ownership (special access)
    • XEXecute (special access)
    • EREad (Special access)
    • WWrite (Special access)
    • DDelete (Special access)
  • Thespec(special access) variable applies only to folders and accepts the same values asperm, with the addition of the following special value:
    • TNot Specified. Sets an ACE for the directory itself without specifying an ACE that is applied to new files created in that directory. At least one access right has to follow. Entries between a semicolon (;) and T are ignored.

      ???
      • The access options for files (for folders, special file and folder access) are identical. For detailed explanations of these options, see the Windows 2000 operating system documentation.
      • All other options, which can also be set in Windows Explorer, are subsets of all possible combinations of the basic access rights. Because of this, there are no special options for folder access rights, such as LIST or READ.
/R??????????revokes all access rights for the specified user.

/Puser:perm;specreplaces access rights for user. The rules for specifying perm and spec are the same as for the /G option. See the "Xcacls.exe examples" section.

/D??????????denies user access to the file or directory.

/Ydisables confirmation when replacing user access rights. By default, CACLS asks for confirmation. Because of this feature, when CACLS is used in a batch routine, the routine stops responding until the right answer is entered. The/Yoption was introduced to avoid this confirmation, so that Xcacls.exe can be used in batch mode.
????? ?? ???? ????

Use Xcacls.exe to view permissions

You can also use Xcacls.exe to view permissions for a file or folder. ?????? ?? ???, ???? ????xcacls C:\winnt????? ?????????, ?? ???? ??? ENTER ?????? The following is a typical result:
c:\WINNT BUILTIN\Users:R
           BUILTIN\Users:(OI)(CI)(IO)(special access:)
                                     GENERIC_READ
                                     GENERIC_EXECUTE

           BUILTIN\Power Users:C
           BUILTIN\Power Users:(OI)(CI)(IO)C
           BUILTIN\Administrators:F
           BUILTIN\Administrators:(OI)(CI)(IO)F
           NT AUTHORITY\SYSTEM:F
           NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
           BUILTIN\Administrators:F
           CREATOR OWNER:(OI)(CI)(IO)F
The ACL flags have the following meanings:
  • IO: Inherit Only - This flag indicates that this ACE does not apply to the current object.
  • CI: Container Inherit - This flag indicates that subordinate containers will inherit this ACE.
  • OI: Object Inherit - This flag indicates that subordinate files will inherit the ACE.
  • NP: Non-Propagate - This flag indicates that the subordinate object will not propagate the inherited ACE any further.
The letter at the end of each line indicates permission. ?????? ?? ???::
  • F: Full Control
  • C: Change
  • W: Write
????? ?? ???? ????

Xcacls.exe examples

?????? 1

??????:XCACLS *.* /G administrator:RW /Yat the command prompt, and then press ENTER to replace the ACL of all files and folders in the current folder without scanning subfolders and without confirmation.

?????? 2

The ACEs that are added to the folder in this example also inherit ACE for new files that are created in this folder. The command gives TestUser read, write, run, and delete rights on all new files created in this folder, but only read and write permissions on the folder itself. ??????:XCACLS *.* /G TestUser:RWED;RW /E????? ?????????, ?? ???? ??? ENTER ??????

?????? 3

The following example grants read and write permissions on a folder without creating an inherit entry for new files. Therefore, in this example, new files that are created in this folder receive no ACE for TestUser. For existing files, an ACE with read permissions is created. ??????:XCACLS *.* /G TestUser:R;RW /E????? ?????????, ?? ???? ??? ENTER ??????
????? ?? ???? ????

NTFS permissions guidelines

The following are guidelines for assigning NTFS permissions:
  • Use NTFS permissions to control access to files and folders.
  • Assign permissions to groups rather than to individual users.
  • NTFS file permissions take priority over NTFS folder permissions.
  • Administrators and the owner of a file or folder control which permissions can be set for that object.
  • When you change folder permissions, be aware of programs that are installed on the servers. Programs create their own folders that have the?? ???????? ?? ????????? ?????? ?? ??????? ???? ????? ????????? ?? ?????? ???setting turned on. If permissions are changed in the parent folder, these changes could create problems in the program.

    ???????:Remember that many files and folders receive their permissions through inheritance. Therefore, although you think that you are changing only one folder, you may be changing many more.
????? ?? ???? ????

???? ???????

???? ??????? ?? ???, Microsoft ?????? ??? ??? ???? ????? ?? ??? ????? ???? ???????? ????? ????::
245015  (http://support.microsoft.com/kb/245015/ ) How to print folder and file permissions from one folder
135268  (http://support.microsoft.com/kb/135268/ ) How to use CACLS.EXE in a batch file
????? ?? ???? ????
???? ???? ???? ??:
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
????? ?? ???? ????
??????: 
kbenv kbhowtomaster kbmt KB318754 KbMthi
????? ?? ???? ????
???? ?????? ???????????? ?????? ????????
??????????: ?? ???? ?? ???? ??????? ?? ????? ?? Microsoft ????-?????? ?????????? ?????? ?????? ???? ??? ??. Microsoft ???? ??? ????-???????? ?? ????-???????? ????? ?????? ?? ???? ???????? ???? ?? ???? ????? ????? ??? ?? ??? ?????? ?? ???? ???? ???? ??? ????? ??. ???????, ????-???????? ???? ????? ???? ???? ???? ???. ?????, ????????, ?????-???? ?? ??????? ?? ???????? ?? ???? ???, ???? ?? ??? ?????? ???? ???? ??? ????? ??? ?? ???? ??. Microsoft ??????? ??? ???? ?? ?????? ?? ??????????, ????????? ?? ??? ?????? ?? ???? ????? ?? ???? ???????? ?? ??? ???? ????? ?? ??? ????????? ???? ??. Microsoft ????-?????? ?????????? ?? ????? ?????? ?? ?? ??? ??.
?????????? ?? ??????? ????????? ??????? ??:318754  (http://support.microsoft.com/kb/318754/en-us/ )
????? ?? ???? ????