Sign in with
Sign up | Sign in
Your question

Interpreting Cacls Output

Last response: in Windows XP
Share
Anonymous
July 17, 2005 6:32:06 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Can anyone explain to me the output of a typical output of cacls or point me
to a document that explains the details? The microsoft knowledgebase
articles do not explain the output (only in general).

For example:

C:\Documents and Settings\All Users NT AUTHORITY\SYSTEM:F
BUILTIN\Administrators:F
BUILTIN\Users:R
<Account Domain not found>(special
access:) C
Everyone:R
NT AUTHORITY\SYSTEM:( OI)(CI)(IO)F
BUILTIN\Administrators:( OI)(CI)(IO)F
BUILTIN\Users:( OI)(CI)(IO)(special
access:) 

GENERIC_READ
GENERIC_EXECUTE

Everyone:( OI)(CI)(IO)(special access:) 

GENERIC_READ
GENERIC_EXECUTE


Why do there appear to be double entries for some items:

BUILTIN\Administrators:F
BUILTIN\Administrators:( OI)(CI)(IO)F

and

BUILTIN\Users:R
BUILTIN\Users:( OI)(CI)(IO)(special
access:) 

GENERIC_READ
GENERIC_EXECUTE

and

Everyone:R
Everyone:( OI)(CI)(IO)(special access:) 

GENERIC_READ
GENERIC_EXECUTE

These are extracted from above. Can someone explain this output or point me
to a document?

Thanks...

Dick
Anonymous
July 17, 2005 6:32:07 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

The following table lists valid values for permission.
Value Description
--------------------------------
n None
r Read
w Write
c Change (Write)
f Full Control

Output ACE applies to
----------------------------------------------------------------------------
OI This folder and files
CI This folder and subfolders
IO The ACE does not apply to the current
file/directory.
No output message This folder only
(IO)(CI) This folder, subfolders and files
(OI)(CI)(IO) Subfolders and files only
(CI)(IO) Subfolders only
(OI)(IO) Files only

cacls
http://www.microsoft.com/resources/documentation/window...


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:TN-dnctKedawOUffRVn-oQ@comcast.com,
Dick Sutton <rsutton43@comcast.net> hunted and pecked:
> Can anyone explain to me the output of a typical output of cacls or point
> me to a document that explains the details? The microsoft knowledgebase
> articles do not explain the output (only in general).
>
> For example:
>
> C:\Documents and Settings\All Users NT AUTHORITY\SYSTEM:F
> BUILTIN\Administrators:F
> BUILTIN\Users:R
> <Account Domain not found>(special
> access:) C
> Everyone:R
> NT AUTHORITY\SYSTEM:( OI)(CI)(IO)F
> BUILTIN\Administrators:( OI)(CI)(IO)F
> BUILTIN\Users:( OI)(CI)(IO)(special
> access:) 
>
> GENERIC_READ
>
> GENERIC_EXECUTE
>
> Everyone:( OI)(CI)(IO)(special access:) 
>
> GENERIC_READ
> GENERIC_EXECUTE
>
>
> Why do there appear to be double entries for some items:
>
> BUILTIN\Administrators:F
> BUILTIN\Administrators:( OI)(CI)(IO)F
>
> and
>
> BUILTIN\Users:R
> BUILTIN\Users:( OI)(CI)(IO)(special
> access:) 
>
> GENERIC_READ
>
> GENERIC_EXECUTE
>
> and
>
> Everyone:R
> Everyone:( OI)(CI)(IO)(special access:) 
>
> GENERIC_READ
> GENERIC_EXECUTE
>
> These are extracted from above. Can someone explain this output or point
> me to a document?
>
> Thanks...
>
> Dick
Anonymous
July 17, 2005 9:49:51 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Thanks for the reply, Wes. I have all that info (and understand it). I've
been using cacls for a long time. However, I've never seen a document or
web site, etc, that explains why we see double entries such as I gave as an
example. I'm sure there must be a valid reason and I'm sure that it's
important in some situations. I'd just like to know.

I hope someone has some info on these questions.

Dick

"Wesley Vogel" <123WVogel955@comcast.net> wrote in message
news:o Mj%23%23ewiFHA.2668@TK2MSFTNGP10.phx.gbl...
> The following table lists valid values for permission.
> Value Description
> --------------------------------
> n None
> r Read
> w Write
> c Change (Write)
> f Full Control
>
> Output ACE applies to
> ----------------------------------------------------------------------------
> OI This folder and files
> CI This folder and subfolders
> IO The ACE does not apply to the current
> file/directory.
> No output message This folder only
> (IO)(CI) This folder, subfolders and files
> (OI)(CI)(IO) Subfolders and files only
> (CI)(IO) Subfolders only
> (OI)(IO) Files only
>
> cacls
> http://www.microsoft.com/resources/documentation/window...
>
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:TN-dnctKedawOUffRVn-oQ@comcast.com,
> Dick Sutton <rsutton43@comcast.net> hunted and pecked:
>> Can anyone explain to me the output of a typical output of cacls or point
>> me to a document that explains the details? The microsoft knowledgebase
>> articles do not explain the output (only in general).
>>
>> For example:
>>
>> C:\Documents and Settings\All Users NT AUTHORITY\SYSTEM:F
>> BUILTIN\Administrators:F
>> BUILTIN\Users:R
>> <Account Domain not found>(special
>> access:) C
>> Everyone:R
>> NT AUTHORITY\SYSTEM:( OI)(CI)(IO)F
>> BUILTIN\Administrators:( OI)(CI)(IO)F
>> BUILTIN\Users:( OI)(CI)(IO)(special
>> access:) 
>>
>>
>> GENERIC_READ
>>
>> GENERIC_EXECUTE
>>
>> Everyone:( OI)(CI)(IO)(special
>> access:) 
>>
>> GENERIC_READ
>> GENERIC_EXECUTE
>>
>>
>> Why do there appear to be double entries for some items:
>>
>> BUILTIN\Administrators:F
>> BUILTIN\Administrators:( OI)(CI)(IO)F
>>
>> and
>>
>> BUILTIN\Users:R
>> BUILTIN\Users:( OI)(CI)(IO)(special
>> access:) 
>>
>>
>> GENERIC_READ
>>
>> GENERIC_EXECUTE
>>
>> and
>>
>> Everyone:R
>> Everyone:( OI)(CI)(IO)(special
>> access:) 
>>
>> GENERIC_READ
>> GENERIC_EXECUTE
>>
>> These are extracted from above. Can someone explain this output or point
>> me to a document?
>>
>> Thanks...
>>
>> Dick
>
!