Archive for January 2013

Setting modify permissions for users on a folder using icacls

The following is an example of how to set permissions on a folder using icacls, which is included with every Windows distrubution:

icacls "%ProgramFiles%\Application Folder" /grant Users:(OI)(CI)M

This will grant the group Users “modify” permissions to the folder C:\Program Files\Application Folder.


The format is as follows:

icacls "target folder" /grant Account:options /option

where the indivudual parts represent:

icacls – calls the program icacls

“target folder” – first parameter is the destination folder

/grant – signifies the function to perform, in this case to grant permissions. /deny and /remove are also options.

Account followed by a colon – this is the account for which you want to grant, deny or remove ACLs.

options – (OI)(CI)M means modify permissions “(M)” plus inheritance (IO) for this folder, subfolders and files (CI)

/options – you can use /inheritance:r here for example, signifying to block inheritance of ACLs from underlying folders.

For more options and a complete list of commands open a command prompt (cmd.exe) and type icacls /?.