Mahedee Hasan

Mahedee Hasan

I am a Microsoft MVP (11th times), programmer, software developer, software architect, consultant, author, researcher, technical blogger, technical speaker, trainer and learner. I have more than 17 years experience in the field of software design and development.

Managing Windows Folder Permissions from Command Line

2 minute read

Managing folder permissions in Windows doesn’t always require the graphical interface. Command line tools provide powerful and efficient ways to modify file and folder permissions, especially when working with scripts or managing multiple directories.

Prerequisites

Before modifying folder permissions, ensure you:

  • Run Command Prompt as Administrator
  • Understand the security implications of permission changes
  • Have backup of important data

Using CACLS (Legacy Method)

The CACLS command is the traditional way to modify Access Control Lists (ACLs) in Windows. While still functional, it’s been superseded by ICACLS.

Basic CACLS Syntax

To grant full permissions to Everyone on a folder and all its contents:

cacls C:\Windows\Temp /t /e /g Everyone:f

Sample Output:

D:\Images> cacls C:\Windows\Temp /t /e /g Everyone:f
processed dir: C:\Windows\Temp
processed dir: C:\Windows\Temp\C9B3A155-BAC8-4CC8-BB43-0E3BE182ABAB-Sigs
processed dir: C:\Windows\Temp\CAVS
processed dir: C:\Windows\Temp\comtypes_cache
processed dir: C:\Windows\Temp\Crashpad
processed file: C:\Windows\Temp\GoogleDFSSetup_211015180131_8668.log
processed dir: C:\Windows\Temp\logs
processed file: C:\Windows\Temp\MpCmdRun.log

CACLS Parameters Explained

Parameter Description
/t Apply changes recursively to all subdirectories and files
/e Edit existing DACL (Discretionary Access Control List) instead of replacing it
/g Grant specified user access rights
Everyone:f Grant full control to the Everyone group

Common CACLS Permission Levels

  • f - Full Control
  • c - Change (write)
  • r - Read
  • w - Write
  • n - None

ICACLS is the modern replacement for CACLS, offering more functionality and better Unicode support.

Basic ICACLS Syntax

icacls "C:\Windows\temp" /grant username:(OI)(CI)F

ICACLS Parameters Explained

Parameter Description
F Full Control
M Modify
RX Read and Execute
R Read
W Write

Inheritance Options

Option Description
(OI) Object Inherit - applies to files
(CI) Container Inherit - applies to folders
(IO) Inherit Only
(NP) Do not propagate inherit

Practical Examples

1. Grant Full Control to Specific User

icacls "C:\MyFolder" /grant john:(OI)(CI)F

2. Remove User Permissions

icacls "C:\MyFolder" /remove john

3. View Current Permissions

icacls "C:\MyFolder"

4. Reset Permissions to Default

icacls "C:\MyFolder" /reset /t

5. Grant Read-Only Access

icacls "C:\MyFolder" /grant users:(OI)(CI)R

Best Practices

  1. Always backup permissions before making changes: 
    icacls "C:\MyFolder" /save backup.txt /t

  2. Test on non-critical folders first

  3. Use specific user accounts instead of Everyone when possible

  4. Apply principle of least privilege - grant only necessary permissions

  5. Document permission changes for future reference

Security Considerations

  • Granting full control to Everyone can be a security risk
  • Always understand the implications before modifying system folders
  • Consider using Groups instead of individual users for easier management
  • Regular audit of folder permissions is recommended

Troubleshooting

Access Denied Errors

  • Ensure Command Prompt is running as Administrator
  • Check if you have ownership of the folder
  • Verify the user/group exists

Permission Not Applied

  • Check inheritance settings
  • Verify the correct syntax is used
  • Ensure the path is correct and accessible

Conclusion

Command line permission management in Windows provides flexibility and automation capabilities that GUI tools cannot match. While CACLS remains functional, ICACLS offers better features and should be preferred for new implementations. Always exercise caution when modifying permissions, especially on system directories.

Comments

You May Also Enjoy