(Difference between pages)
piszczynski>Aleks No edit summary |
m (2 revisions imported) |
||
Line 1: | Line 1: | ||
== | == File Permissions iCACLS Copy Export Modify == | ||
File permissions can be managed in CMD with the iCACLS tool. | |||
Get file/folder permissions: | |||
* | *icacls <path> | ||
Grant Modify Permission: | |||
* | *icacls <path> /grant <user>:M | ||
Details of permissions: | |||
<pre> | |||
iCACLS inheritance settings: | |||
(OI) — object inherit; | |||
(CI) — container inherit; | |||
(IO) — inherit only; | |||
(NP) — don’t propagate inherit; | |||
(I) — permission inherited from the parent container. | |||
List of basic access permissions: | |||
D — delete access; | |||
* | F — full access; | ||
N — no access; | |||
M — modify access; | |||
RX — read and execute access; | |||
R — read-only access; | |||
W — write-only access. | |||
</pre> | |||
Save and copy permissions to file to apply to other files: | |||
*icacls <path> /save <pathtosavepermissions> /t | |||
Restore or copy saved permissions from file: | |||
*icals <path> /restore <pathtosavedpermissions> | |||
== | == File Permissions Powershell Get-Acl Set-Acl == | ||
Permissions can be managed with Powershell get-acl cmdlet | |||
*Get-Acl <path> | |||
Copy permissions from one file to another: | |||
*$acl = Get-Acl -path <pathtocopypermisssionsfrom> | |||
**$acl | Set-Acl -path <pathtocopypermissionsto> | |||
If you need to add permissions but dont have permissions to copy from you can create an object containing the permissions: | |||
*New-Object Security.AccessControl.FileSystemAccessRule('IdentityReference\String','FileSystemRights','InheritanceFlags, PropagationFlags','AccessControlType') | |||
Details on the options: | |||
*IdentityReference\String — user or group name (use the following principal format: domain\user) | |||
*FileSystemRights — permission (for example, Read , Write , etc.) | |||
*InheritanceFlags and PropagationFlags – these flags determine permission inheritance settings from the parent folder (more details about ACL propagation are described in the Microsoft documentation https://docs.microsoft.com/en-us/previous-versions/ms229747(v=vs.110)?redirectedfrom=MSDN) | |||
*AccessControlType — allow or deny access to an object (Allow/Deny) | |||
Example: | |||
<pre> | |||
# get current NTFS permissions | |||
$current_acl = Get-ACL -Path "C:\Docs" | |||
# create an object with new NTFS permissions | |||
$new_acl = New-Object System.Security.AccessControl.FileSystemAccessRule('domiain\user', 'Read', 'ContainerInherit, ObjectInherit', 'None', 'Allow') | |||
# add new permissions to the current ACL | |||
$current_acl.AddAccessRule($new_acl) | |||
# Apply an ACL to a folder | |||
Set-ACL -Path "C:\Docs" -ACLObject $current_acl | |||
</pre> |
Latest revision as of 22:32, 15 November 2023
File Permissions iCACLS Copy Export Modify
File permissions can be managed in CMD with the iCACLS tool.
Get file/folder permissions:
- icacls <path>
Grant Modify Permission:
- icacls <path> /grant <user>:M
Details of permissions:
iCACLS inheritance settings: (OI) — object inherit; (CI) — container inherit; (IO) — inherit only; (NP) — don’t propagate inherit; (I) — permission inherited from the parent container. List of basic access permissions: D — delete access; F — full access; N — no access; M — modify access; RX — read and execute access; R — read-only access; W — write-only access.
Save and copy permissions to file to apply to other files:
- icacls <path> /save <pathtosavepermissions> /t
Restore or copy saved permissions from file:
- icals <path> /restore <pathtosavedpermissions>
File Permissions Powershell Get-Acl Set-Acl
Permissions can be managed with Powershell get-acl cmdlet
- Get-Acl <path>
Copy permissions from one file to another:
- $acl = Get-Acl -path <pathtocopypermisssionsfrom>
- $acl | Set-Acl -path <pathtocopypermissionsto>
If you need to add permissions but dont have permissions to copy from you can create an object containing the permissions:
- New-Object Security.AccessControl.FileSystemAccessRule('IdentityReference\String','FileSystemRights','InheritanceFlags, PropagationFlags','AccessControlType')
Details on the options:
- IdentityReference\String — user or group name (use the following principal format: domain\user)
- FileSystemRights — permission (for example, Read , Write , etc.)
- InheritanceFlags and PropagationFlags – these flags determine permission inheritance settings from the parent folder (more details about ACL propagation are described in the Microsoft documentation https://docs.microsoft.com/en-us/previous-versions/ms229747(v=vs.110)?redirectedfrom=MSDN)
- AccessControlType — allow or deny access to an object (Allow/Deny)
Example:
# get current NTFS permissions $current_acl = Get-ACL -Path "C:\Docs" # create an object with new NTFS permissions $new_acl = New-Object System.Security.AccessControl.FileSystemAccessRule('domiain\user', 'Read', 'ContainerInherit, ObjectInherit', 'None', 'Allow') # add new permissions to the current ACL $current_acl.AddAccessRule($new_acl) # Apply an ACL to a folder Set-ACL -Path "C:\Docs" -ACLObject $current_acl