How to grant permission to users for a directory using command line in Windows

Question

How can I grant permissions to a user on a directory  Read  Write  Modify  using the Windows command line

User · Answer

This is what worked for me    Manually open the folder for which the access is denied  Select the Executable application file in that folder  Right-click on it and go to Properties -  Compatibility Now see the Privilege Level and check it for Run As Administrator Click on Change Settings for all users    The problem is solved now

User · Answer

With an Excel vba script to provision and create accounts  I was needing to grant full rights permissions to the folder and subfolders that were created by the tool using our administrators  x  account to our new user   cacls looked something like this  cacls  FileServer Users Username  e  g Domain Username C  I needed to migrate this code to Windows 7 and beyond  My solution turned out to be   icacls  FileServer Users Username  grant r Domain Username  OI  CI F  t   grant r  - Grants specified user access rights  Permissions replace previously granted explicit permissions  Without  r  permissions are added to any previously granted explicit permissions   OI  CI  - This folder  subfolders  and files   F - Full Access   t -  Traverse all subfolders to match files directories   What this gave me was a folder on this server that the user could only see that folder and created subfolders  that they could read and write files  As well as create new folders

User · Answer

Just in case there is anyone else that stumbles on this page  if you want to string various permissions together in the one command  I used this   icacls  c  TestFolder   grant r Test User  OI  CI  RC RD RX    Note the csv string for the various permissions

User · Answer

I struggled with this for a while and only combining the answers in this thread worked for me  on Windows 10   1  Open cmd or PowerShell and go to the folder with files 2  takeown  R  F   3  icacls    T  grant dan F    Good luck

User · Answer

Corrupt Permissions  Regaining access to a folder and its sub-objects  Although most of the answers posted in reply to the question have some merit  IMHO none of them give a complete solution  The following  might be  a perfect solution for Windows 7 if you are locked-out of a folder by corrupted permission settings   icacls  c  folder   remove d  grant r Everyone  OI  CI F  T     For Windows 10 the user SID must be specified after the  remove d option   icacls  c  folder   remove d Everyone  grant r Everyone  OI  CI F  T       Notes    The command is applied to the specified directory  Specifying the user  Everyone  sets the widest possible permission  as it includes every possible user  The option   remove d  deletes any explicit DENY settings that may exist  as those override explicit ALLOW settings  a necessary preliminary to creating a new ALLOW setting  This is only a precaution  as there is often no DENY setting present  but better safe than sorry  The option   grant  creates a new ALLOW setting  an explicit permission that replaces    r   any and all explicit ALLOW settings that may exist  The  F  parameter  i e  the permission created  makes this a grant of FULL control  The   T  parameter adds recursion  applying these changes to all current sub-objects in the specified directory  i e  files and subfolders   as well as the folder itself  The   OI   and   CI   parameters also add recursion  applying these changes to sub-objects created subsequently        ADDENDUM  2019 02 10  -  The Windows 10 command line above was kindly suggested to me today  so here it is  I haven t got Windows 10 to test it  but please try it out if you have  and then will you please post a comment below    The change only concerns removing the DENY setting as a first step  There might well not be any DENY setting present  so that option might make no difference  My understanding is  on Windows 7  that you don t need to specify a user after  remove d but I might be wrong about that        ADDENDUM  2019 11 21  -  User astark recommends replacing Everyone with the term  S-1-1-0 in order for the command to be language independent  I only have an English install of Windows  so I can t test this proposal  but it seems reasonable

User · Answer

in windows 10 working without  c    and      For example   F   Full Control  e   Edit permission and kept old permission  p   Set new permission      cacls  file or folder path   e  p UserName F    also this fixes error 2502 and 2503      cacls  C  Windows Temp   e  p UserName F

User · Answer

As of Vista  cacls is deprecated  Here s the first couple of help lines   C   gt cacls NOTE  Cacls is now deprecated  please use Icacls   Displays or modifies access control lists  ACLs  of files   You should use icacls instead  This is how you grant John full control over D  test folder and all its subfolders   C   gt icacls  D  test   grant John  OI  CI F  T   According do MS documentation    F   Full Control CI   Container Inherit - This flag indicates that subordinate containers will inherit this ACE  OI   Object Inherit - This flag indicates that subordinate files will inherit the ACE   T   Apply recursively to existing files and sub-folders   OI and CI only apply to new files and sub-folders   Credit  comment by  AlexSpence    For complete documentation  you may run  icacls  with no arguments or see the Microsoft documentation here and here

User · Answer

I try the below way and it work for me  1  open cmd exe 2  takeown  R  F     3  icacls    T  grant  username   D  4  del      S  Q    So that the files can become my own access and it assign to  Delete  and then I can delete the files and folders

User · Answer

navigate to top level directory you want to set permissions to with explorer type cmd in the address bar of your explorer window enter icacls    grant John  OI  CI F  T where John is the username profit  Just adding this because it seemed supremely easy this way and others may profit - all credit goes to Calin Darie

User · Answer

excellent point Calin Darie  I had a lot of scripts to use cacls I move them to icacls how ever I could not find a script to change the root mount volumes example  d  datafolder  I finally crated the script below  which mounts the volume as a temporary drive then applies sec  then unmounts it  It is the only way I found that you can update the root mount security    1 gets the folder mount GUID to a temp file then reads the GUID to mount the volume as a temp drive X  applies sec and logs the changes then unmounts the Volume only from the X  drive so the mounted folder is not altered or interrupted other then the applied sec   here is sample of my script     mountvol  d   1   L  gt tempDrive temp  amp  amp  FOR  f  tokens      I IN  tempDrive temp  DO mountvol X    I  D  tools security icacls exe    2  grant domain group  OI  CI F  T  C  gt  gt   1LUNsec- TDWEEK - TMONTH - TDAY - TYEAR - THOUR - TMINUTE - TAM  txt if exist x      mountvol X   d

User · Answer

Use cacls command  See information here   CACLS files  e  p  USERNAME   PERMISSION  Where   p   Set new permission  e   Edit permission and kept old permission as it is i e  edit ACL instead of replacing it   USERNAME    Name of user  PERMISSION    Permission can be  R - Read W - Write C - Change  write  F - Full control For example grant Rocky Full  F  control with following command  type at Windows command prompt   C  gt  CACLS files  e  p rocky f Read complete help by typing following command  C  gt  cacls

User · Answer

I am Administrator and some script placed  Deny  permission on my name on all files and subfolders in a directory  Executing the icacls  D  test   grant John  OI  CI F  T command did not work  because it seemed it did not remove the  Deny  right from my name from this list   The only thing that worked for me is resetting all permissions with the icacls  D  test   reset  T command

User · Answer

attrib  r  a  s  h  lt folder name gt   lt file name gt  to hide attrib -r -a -s -h  lt folder name gt   lt file name gt  to unhide

User · Answer

You can also use ICACLS    To grant the Users group Full Control to a folder    gt icacls  C  MyFolder   grant Users F   To grant Modify permission to IIS users for C  MyFolder  if you need your IIS has ability to R W files into specific folder     gt icacls  C  MyFolder   grant IIS IUSRS M   If you do ICACLS    you will be able to see all available options

User · Answer

Bulk folder creation and grant permission works me by using the below powershell script   Import-Csv  D  Scripts foldernames csv    foreach-object        username      foldername         foldername is the header of csv file       domain      example com          folder   D  Users        domainusername    domain          username      New-Item  folder  username    Type Directory      Get-Acl  folder  username         acl   Get-Acl  folder  username       acl SetAccessRuleProtection  True   False        rule   New-Object System Security AccessControl FileSystemAccessRule  Administrators   FullControl    ContainerInherit  ObjectInherit    None    Allow        acl AddAccessRule  rule        rule   New-Object System Security AccessControl FileSystemAccessRule  SYSTEM   FullControl    ContainerInherit  ObjectInherit    None    Allow        acl AddAccessRule  rule        rule   New-Object System Security AccessControl FileSystemAccessRule   domain Domain Admins   Read    ContainerInherit  ObjectInherit    None    Allow        acl AddAccessRule  rule        rule   New-Object System Security AccessControl FileSystemAccessRule  domainusername  Modify    ContainerInherit  ObjectInherit    None    Allow        acl AddAccessRule  rule       Set-Acl  folder  username  acl     Note  You have to create same domain username in csv file otherwise you will get permission issues

User · Answer

XCACLS VBS is a very powerful script that will change edit ACL info   c  windows system32 cscript exe xcacls vbs help returns all switches and options   You can get official distribution from Microsoft Support Page

User · Answer

Open a Command Prompt  then execute this command   icacls  quot c  somelocation of path quot   q  c  t  grant Users F  F gives Full Access   q  c  t applies the permissions to subfolders  Note  Sometimes  quot Run as Administrator quot  will help

[windows] How to grant permission to users for a directory using command line in Windows?

Examples related to windows

Examples related to command-prompt

Examples related to file-permissions