Icacls.exe 实用程序是可用于 Windows Server 2003 与 Service Pack 2

文章翻译 文章翻译
文章编号: 919240 - 查看本文应用于的产品
展开全部 | 关闭全部

本文内容

概要

本文介绍了 Icacls.exe 命令行实用程序。您可以使用此实用程序修改用 Service Pack 2 (SP2) 运行 Microsoft Windows Server 2003 的计算机上的 NTFS 文件系统权限。

当前,您可以使用 Xcacls.exe 实用程序、 Cacls.exe 实用程序和 Xcacls.vbs 实用程序修改 Windows Server 2003 中的 NTFS 权限。Icacls.exe 实用程序是用于修改 NTFS 权限的其他选项。在 Icacls.exe 实用程序解决您使用现有的实用程序时出现的各种问题。

在 Windows Vista 中,并在 Windows Server 2003 SP2 包括 Icacls.exe 实用程序。

更多信息

若要安装 Icacls.exe 实用程序,安装最新的 service pack,Windows Server 2003 的。有关如何安装最新的 service pack,为 Windows Server 2003 的详细信息单击下面的文章编号,以查看 Microsoft 知识库中相应的文章:
889100如何获取最新的 service pack,Windows Server 2003 的

对于 Icacls.exe 实用程序的语法

若要查看下面的语法信息,键入 icacls.exe / 吗? 在命令提示符处。
ICACLS name /save aclfile [/T] [/C]
    store the acls for all matching names into aclfile for
    later use with /restore.

ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile [/C]
    applies the stored acls to files in directory.

ICACLS name /setowner user [/T] [/C]
    changes the owner of all matching names.

ICACLS name /findsid Sid [/T] [/C]
    finds all matching names that contain an ACL
    explicitly mentioning Sid.

ICACLS name /verify [/T] [/C]
    finds all files whose ACL is not in canonical form or whose
    lengths are inconsistent with ACE counts.

ICACLS name /resize [/T] [/C] [/L]
    changes incorrect recorded lengths of ACLs to true lengths.

ICACLS name /reset [/T] [/C]
    replaces acls with default inherited acls for all matching files.

ICACLS name [/grant[:r] Sid:perm[...]]
       [/deny Sid:perm [...]]
       [/remove[:g|:d]] Sid[...]] [/T] [/C]

    /grant[:r] Sid:perm grants the specified user access rights. With :r,
        the permissions replace any previously granted explicit permissions.
        Without :r, the permissions are added to any previously granted
        explicit permissions.

    /deny Sid:perm explicitly denies the specified user access rights.
        An explicit deny ACE is added for the stated permissions and
        the same permissions in any explicit grant are removed.

    /remove[:[g|d]] Sid removes all occurrences of Sid in the acl. With
        :g, it removes all occurrences of granted rights to that Sid. With
        :d, it removes all occurrences of denied rights to that Sid.


Note:
    Sids may be in either numeric or friendly name form. If a numeric
    form is given, affix a * to the start of the SID.

    /T indicates that this operation is performed on all matching
        files/directories below the directories specified in the name.

    /C indicates that this operation will continue on all file errors.
        Error messages will still be displayed.

    ICACLS preserves the canonical ordering of ACE entries:
            Explicit denials
            Explicit grants
            Inherited denials
            Inherited grants

    perm is a permission mask and can be specified in one of two forms:
        a sequence of simple rights:
                F - full access
                M - modify access
                RX - read and execute access
                R - read-only access
                W - write-only access
        a comma-separated list in parentheses of specific rights:
                D - delete
                RC - read control
                WDAC - write DAC
                WO - write owner
                S - synchronize
                AS - access system security
                MA - maximum allowed
                GR - generic read
                GW - generic write
                GE - generic execute
                GA - generic all
                RD - read data/list directory
                WD - write data/add file
                AD - append data/add subdirectory
                REA - read extended attributes
                WEA - write extended attributes
                X - execute/traverse
                DC - delete child
                RA - read attributes
                WA - write attributes
        inheritance rights may precede either form and are applied
        only to directories:
                (OI) - object inherit
                (CI) - container inherit
                (IO) - inherit only
                (NP) - don't propagate inherit

Examples:

        icacls c:\windows\* /save AclFile /T
        - Will save the ACLs for all files under c:\windows
          and its subdirectories to AclFile.

        icacls c:\windows\ /restore AclFile
        - Will restore the Acls for every file within
          AclFile that exists in c:\windows and its subdirectories

        icacls file /grant Administrator:(D,WDAC)
        - Will grant the user Administrator Delete and Write DAC
          permissions to file

        icacls file /grant *S-1-1-0:(D,WDAC)
        - Will grant the user defined by sid S-1-1-0 Delete and
          Write DAC permissions to file

若要修改的 NTFS 权限的其他可用实用程序

有关可用来修改 NTFS 权限的其他实用程序的详细信息,请单击下面的文章编号,以查看 Microsoft 知识库中相应的文章:
318754如何使用 Xcacls.exe 修改 NTFS 权限
135268如何在批处理文件中使用 Cacls.exe
825751如何使用 Xcacls.vbs 修改 NTFS 权限

属性

文章编号: 919240 - 最后修改: 2007年10月11日 - 修订: 3.3
这篇文章中的信息适用于:
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003 Enterprise Edition
  • Microsoft Windows Server 2003 Standard Edition
  • Microsoft Windows Server 2003 Web Edition
  • Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)
  • Microsoft Windows Server 2003 R2 Datacenter Edition (64-Bit x86)
  • Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
  • Microsoft Windows Server 2003 R2 Enterprise Edition (64-Bit x86)
  • Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003 R2 Standard Edition (64-Bit x86)
  • Microsoft Windows Server 2003 Datacenter Edition
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows XP Professional x64 Edition
关键字:?
kbmt kbwinserv2003presp2fix kbexpertiseinter kbfix kbhotfixserver kbqfe kbpubtypekc KB919240 KbMtzh
机器翻译
注意:这篇文章是由无人工介入的微软自动的机器翻译软件翻译完成。微软很高兴能同时提供给您由人工翻译的和由机器翻译的文章, 以使您能使用您的语言访问所有的知识库文章。然而由机器翻译的文章并不总是完美的。它可能存在词汇,语法或文法的问题,就像是一个外国人在说中文时总是可能犯这样的错误。虽然我们经常升级机器翻译软件以提高翻译质量,但是我们不保证机器翻译的正确度,也不对由于内容的误译或者客户对它的错误使用所引起的任何直接的, 或间接的可能的问题负责。
点击这里察看该文章的英文版: 919240
Microsoft和/或其各供应商对于为任何目的而在本服务器上发布的文件及有关图形所含信息的适用性,不作任何声明。 所有该等文件及有关图形均"依样"提供,而不带任何性质的保证。Microsoft和/或其各供应商特此声明,对所有与该等信息有关的保证和条件不负任何责任,该等保证和条件包括关于适销性、符合特定用途、所有权和非侵权的所有默示保证和条件。在任何情况下,在由于使用或运行本服务器上的信息所引起的或与该等使用或运行有关的诉讼中,Microsoft和/或其各供应商就因丧失使用、数据或利润所导致的任何特别的、间接的、衍生性的损害或任何因使用而丧失所导致的之损害、数据或利润不负任何责任。

提供反馈

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com