Windows File & Folder Permissions Manager
The icacls command displays or modifies Access Control Lists (ACLs) on files and folders in Windows. It lets you control who can read, write, modify, or delete your files and folders.
Think of it like setting locks and keys on your files - you decide exactly who gets access and what they're allowed to do. This is essential for security when multiple people use the same computer, or when you need to protect sensitive files from unauthorized access or malware.
Advertisement
[ Insert Google AdSense Banner Code Here ]
When you can't open, delete, or modify files/folders due to permission issues.
Control which users or groups can access shared folders on a network.
Restrict access to confidential documents, preventing unauthorized viewing or editing.
Save permission settings to a file and restore them later after reinstalling Windows.
icacls C:\Users\archonvlabs\Documents View current permissions on the Documents folder.
icacls C:\test.txt /grant Users:F Give the "Users" group Full Control (F) over test.txt file.
icacls C:\SecretFolder /grant John:R Give user "John" Read-only (R) access to SecretFolder.
icacls C:\Projects /grant Developers:(OI)(CI)M /T Give "Developers" group Modify (M) access to Projects folder and all subfolders/files. (OI)(CI) means inheritance.
icacls C:\Private /deny Guest:F Block the "Guest" account from accessing the Private folder completely.
icacls C:\test.txt /remove Users Remove all permissions for "Users" group from test.txt.
icacls C:\MyFolder /setowner Administrator Change the owner of MyFolder to Administrator account.
icacls C:\MyFolder /reset /T Reset all permissions to default inherited permissions for MyFolder and all contents (/T = recursive).
icacls C:\Data /save perms.txt /T Save all permissions from C:\Data and subfolders to a backup file called perms.txt.
icacls C:\Data /restore perms.txt Restore previously saved permissions from perms.txt backup file.
icacls C:\folder /inheritance:d Disable permission inheritance (folder will no longer inherit permissions from parent).
icacls C:\folder /inheritance:e Enable permission inheritance (folder will inherit permissions from parent).
Modifying permissions requires Administrator privileges. Use runas /user:administrator cmd to elevate.
Be VERY careful when changing permissions! Incorrect permissions can lock you out of your own files, break programs, or create security vulnerabilities.
Always backup permissions first! Use icacls /save before making changes so you can restore if something goes wrong.
Practice icacls commands in the interactive terminal below:
F Full Control
Complete access - can read, write, modify, delete, and change permissions. Like having the master key.
M Modify
Can read, write, and delete files, but cannot change permissions. Good for regular users.
RX Read & Execute
Can view files and run programs, but cannot make any changes. View-only with ability to run.
R Read-only
Can only view files and their properties. Cannot edit, delete, or execute anything.
W Write-only
Can create and modify files but cannot read them. Useful for drop boxes or logs.
D Delete
Can delete the file or folder. Usually combined with other permissions.
(OI) Object Inherit
Files created inside this folder will inherit these permissions automatically.
(CI) Container Inherit
Subfolders created inside this folder will inherit these permissions automatically.
(IO) Inherit Only
Permission applies only to child items, not the folder itself. Used with OI or CI.
(NP) No Propagate
Don't pass this permission to items deeper than one level (immediate children only).
Pro Tip: Use (OI)(CI) together to apply permissions to both files AND subfolders recursively. Example: icacls C:\Projects /grant Users:(OI)(CI)M /T