Home > Commands N-Z > Commands X


Description | Syntax | Parameters | Switches | Related | Notes | Examples | Errorlevels | Availability

Display or modify Access Control Lists (ACLs) for files and folders. Unlike CACLS, xcacls can apply 'Special Access' rights.


XCACLS filename [/C] [/D user] [/E] [/G user:permision;FolderSpec] [/P user:permision;FolderSpec] [/R user] [/T] [/Y]

Display the ACLs for the file(s):

XCACLS filename

filename (NT4)
Filename(s) to affect.

/C (NT4)
Continue on access denied errors.
/D user (NT4)
Deny specified user access, this will over-ride all other permissions the user has.
/E (NT4)
Edit ACL instead of replacing it.
/G user:permision;FolderSpec (NT4)
Grant specified user access rights, permision can be:
/P user:permision;FolderSpec (NT4)
Replace user's rights, permision can be:
/R user (NT4)
Revoke specified user's access rights.
/T (NT4)
Traverse all subfolders and change all matching files found.
/Y (NT4)
Replace user's rights without verify.


CACLS - Display or modify Access Control Lists (ACLs) for files and folders.
PERMS - Show permissions for a user.
SHOWACL - Show file Access Control Lists (NT2000).
SUBINACL - Change an ACL's user/domain (use when the file owner has moved to a new domain).
ATTRIB - Display or change file attributes.
Equivalent Linux BASH commands:
chmod - Change access permissions.
chown - Change file owner and group.


FolderSpec is a permission applied to a folder.

Folder permissions are inherited by new files added to the folder. If FolderSpec is not specified then permission will apply to both files and folders.

FolderSpec: T@ where @ is one of the rights above, when this is specified new files will not inherit folder permissions. At least one folder access right must follow T Entries between ';' and T will be ignored.

Wildcards can be used to specify more that one file in a command. You can specify more than one user in a command. You can combine access rights.


Allow guests the right to read and execute in myFolder:

    XCACLS myFolder /E /G guests:rx

Allow guests the Full Control permission in myFolder and all subfolders:

    XCACLS myFolder /T /E /G guests:f

This will grant guests only read access to all files in and below myFolder, new folders created will be Read Access only, new files will not inherit any rights:

    XCACLS myFolder /T /P guests:R;Tr

This will grant guests only execute access to all files in and below myFolder:

    XCACLS myFolder /T /P guests:x



External Server Resource Kit
Windows NT