Shulou(Shulou.com)06/03 Report--

This article mainly explains "how to use the cacls command to set file and folder permissions", the content of the article is simple and clear, easy to learn and understand, the following please follow the editor's ideas slowly in depth, to study and learn "how to use the cacls command to set file and folder permissions" bar!

Do you not want someone to open a folder or file on your computer? Do you sometimes want to allow others to see files in certain files and folders, but don't want others to change them? Or don't want an account on your computer not to be able to access a folder? If so, you can use the following command without the help of other encryption software.

Note that the disk that restricts access to files or folders must be in the NTFS file system, not in FAT32 format. This may be one of the reasons why the security of the ntfs file system is better than that of fat32. [for example, to view the file system of disk D, just open disk D, right-click-Properties in the space inside, and you can see it]

If it is fat32 instead of ntfs file system, you can use this command to convert the disk to ntfs file system [does not affect the files in it]:

Operate under the command line:

Start-run-cmd- enter to open the command line interface

Enter: convert d: / fs:ntfs

Then enter and follow the instructions.

[the above command means: convert means the command to convert the file system; d: to convert D disk, you can write other disks accordingly, such as f:; / fs:ntfs means that the file system is converted to ntfs format. Note that this command can only convert fat32 to ntfs format. Converting ntfs to fat32 cannot be done with a simple command, and requires special software.]

If you don't want someone to open the test folder under D disk, and your D disk is already a ntfs file system, you can skip the above operation and go directly to my following operation!

Example 1: let all users disable access to the test folder on D disk.

Command: there is no more to say about the opening of the command line interface. Look up there.

Cacls d:\ test / t / p everyone:n

It means to set the test folder on D disk to [unlimited] for all users, and n means no, which means no permissions. Other common permissions: r for read-only; f for full control. / t means to set permissions for subfolders in the folder as well. You don't have to worry about it. But write it down. Otherwise, it won't work well.

The answer is: open the D disk test and prompt you to disable access. Because it says all everyone users. You can't access it yourself. When you want to access it, you only need to run the command:

Cacls d:\ test / t / p everyone:f

That's it.

If your computer has several accounts and you want to prevent other accounts from accessing this folder, you can change everyone to the appropriate account name, such as edwin, etc. (depending on your actual account name) when writing the command.

Set permissions directly with all users of everyone. It is not too troublesome to run the command to remove the restriction when it is turned on. At least provide an opportunity to practice the command line and remember this command. Otherwise, if you forget it for a long time, you will have to check the information again.

Example 2: prevent the user edwin from opening the movie e:\ test\ apian.rmvb. Of course, you can also restrict the opening of pictures, programs, and word documents.

Command:

Cacls e:\ test\ apian.rmvb / p edwin:n

Unrestrict:

Cacls e:\ test\ apian.rmvb / p edwin:f

Example 3: set the exe file in the green software folder of D disk to read-only [including those in the subfolder]. This prevents the virus from infecting the exe file.

Command:

D:

Cd d:\ green software

Cacls * .exe / t / p everyone:r

W pay attention to the above

"d:

Cd d:\ green software "

These two lines of commands indicate that the current directory is changed to d:\ green software. It can't be omitted or written.

Example 4: set the E disk root directory to read-only to prevent viruses from infecting the E disk root directory. Because many USB disk viruses can infect the root directory, a new folder and files such as autorun.inf, setup.exe, a2de3d3.exe, autorun.exe are generated under the root directory. Some malignant viruses are very serious. So that you can't even reinstall the system to solve the virus problem. Because these viruses exist in the root of the non-system directory when you simply format disk C and reinstall the system, the virus infects disk C when you open a non-system disk such as disk D for the first time. If you set the non-system root directory to read-only, you can prevent viruses from generating these files. Of course, it does not affect the deletion of files in the root directory. But it will affect you to create your own folder or copy into files in the root directory. All suggestions start to set up the folders recorded in the root directory. Put the files in a subfolder. Or when you want to create a folder under a root directory such as D, cancel the root read-only directory with the command line. Although it is a bit troublesome, the advantages outweigh the disadvantages.

Command:

Cacls e:\ / p everyone:r

Release the root directory from read-only:

Cacls e:\ / p everyone:f

He he. It's clear enough. Give it a try.

Question: since I can encrypt it with commands, can others also use commands to decrypt it?

Answer: yes. Any account with administrator privileges can run commands to set permissions. But not everyone knows it. Or very few people understand this. Even if others see the hint of forbidding access, they will not think about what is going on. All you can use in the direction.

Problem: pay attention to using these commands

Answer: 1. Try not to set permissions on system files and folders. Because then there may be a serious error in the system.

2. If you want to reinstall the system, try to decrypt the encryption before. If you are using ghost to recover, you don't need it.

3. Emphasize again that the drive letter you are in must be ntfs.

CACLS parameter description

CACLS filename [/ T] [/ E] [/ C] [/ G user:perm] [/ R user [...]]

[/ P user:perm [...]] [/ D user [...]]

Filename displays ACL.

/ T change in the current directory and all its subdirectories

Specifies the ACL of the file.

/ E Edit the ACL without replacing it.

/ C continues when an access denial error occurs.

/ G user:perm grants access to the specified user.

Perm can be: r read

W write

C change (write)

F complete control

/ R user revokes access for the specified user (legal only when used with / E)

/ P user:perm replaces the access rights of the specified user.

Perm can be: n none

R read

W write

C change (write)

F complete control

/ D user denies access to the specified user.

You can use wildcards to specify multiple files in the command.

You can also specify multiple users in the command.

CI-Container inheritance.

ACE is inherited by the directory.

OI-object inheritance.

The ACE is inherited by the file.

IO-inherits only.

ACE does not apply to the current file / directory.

From the explanation of its system parameters, it is not difficult to see that it is easy to deny a user access to a specific directory or permission, at least with CACLS.

Steps / methods

1 Open "start menu" 2 find "run" and open "run dialog" 3 enter "CMD" and enter to open "CMD" virtual DOS environment 4 example: cacls d:/test / p administrator:F 5 press "Y" when prompted to confirm the action. Note 6 the above usage is entirely based on Microsoft Windows system (can also be a virtual machine) 7cacls DVM / p User name: n after enter to indicate whether to process the prompt or not The choice is. That is, the user name is prohibited from accessing disk D, and there will be an error message that access will be denied if you want to access it again. The aspect of unlocking the prohibition is to unset it using cacls d: / p username: F as another super administrator. Prompt the user to be very careful when operating the drive letter.

Thank you for your reading, the above is the content of "how to use the cacls command to set file and folder permissions". After the study of this article, I believe you have a deeper understanding of how to use the cacls command to set file and folder permissions, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.