Interpreting Cacls Output

Archived from groups: microsoft.public.windowsxp.general (More info?)

Can anyone explain to me the output of a typical output of cacls or point me
to a document that explains the details? The microsoft knowledgebase
articles do not explain the output (only in general).

For example:

C:\Documents and Settings\All Users NT AUTHORITY\SYSTEM:F
BUILTIN\Administrators:F
BUILTIN\Users:R
<Account Domain not found>(special
access:)C
Everyone:R
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
BUILTIN\Administrators:(OI)(CI)(IO)F
BUILTIN\Users:(OI)(CI)(IO)(special
access:)

GENERIC_READ
GENERIC_EXECUTE

Everyone:(OI)(CI)(IO)(special access:)

GENERIC_READ
GENERIC_EXECUTE


Why do there appear to be double entries for some items:

BUILTIN\Administrators:F
BUILTIN\Administrators:(OI)(CI)(IO)F

and

BUILTIN\Users:R
BUILTIN\Users:(OI)(CI)(IO)(special
access:)

GENERIC_READ
GENERIC_EXECUTE

and

Everyone:R
Everyone:(OI)(CI)(IO)(special access:)

GENERIC_READ
GENERIC_EXECUTE

These are extracted from above. Can someone explain this output or point me
to a document?

Thanks...

Dick
2 answers Last reply
More about interpreting cacls output
  1. Archived from groups: microsoft.public.windowsxp.general (More info?)

    The following table lists valid values for permission.
    Value Description
    --------------------------------
    n None
    r Read
    w Write
    c Change (Write)
    f Full Control

    Output ACE applies to
    ----------------------------------------------------------------------------
    OI This folder and files
    CI This folder and subfolders
    IO The ACE does not apply to the current
    file/directory.
    No output message This folder only
    (IO)(CI) This folder, subfolders and files
    (OI)(CI)(IO) Subfolders and files only
    (CI)(IO) Subfolders only
    (OI)(IO) Files only

    cacls
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/cacls.mspx


    --
    Hope this helps. Let us know.

    Wes
    MS-MVP Windows Shell/User

    In news:TN-dnctKedawOUffRVn-oQ@comcast.com,
    Dick Sutton <rsutton43@comcast.net> hunted and pecked:
    > Can anyone explain to me the output of a typical output of cacls or point
    > me to a document that explains the details? The microsoft knowledgebase
    > articles do not explain the output (only in general).
    >
    > For example:
    >
    > C:\Documents and Settings\All Users NT AUTHORITY\SYSTEM:F
    > BUILTIN\Administrators:F
    > BUILTIN\Users:R
    > <Account Domain not found>(special
    > access:)C
    > Everyone:R
    > NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
    > BUILTIN\Administrators:(OI)(CI)(IO)F
    > BUILTIN\Users:(OI)(CI)(IO)(special
    > access:)
    >
    > GENERIC_READ
    >
    > GENERIC_EXECUTE
    >
    > Everyone:(OI)(CI)(IO)(special access:)
    >
    > GENERIC_READ
    > GENERIC_EXECUTE
    >
    >
    > Why do there appear to be double entries for some items:
    >
    > BUILTIN\Administrators:F
    > BUILTIN\Administrators:(OI)(CI)(IO)F
    >
    > and
    >
    > BUILTIN\Users:R
    > BUILTIN\Users:(OI)(CI)(IO)(special
    > access:)
    >
    > GENERIC_READ
    >
    > GENERIC_EXECUTE
    >
    > and
    >
    > Everyone:R
    > Everyone:(OI)(CI)(IO)(special access:)
    >
    > GENERIC_READ
    > GENERIC_EXECUTE
    >
    > These are extracted from above. Can someone explain this output or point
    > me to a document?
    >
    > Thanks...
    >
    > Dick
  2. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Thanks for the reply, Wes. I have all that info (and understand it). I've
    been using cacls for a long time. However, I've never seen a document or
    web site, etc, that explains why we see double entries such as I gave as an
    example. I'm sure there must be a valid reason and I'm sure that it's
    important in some situations. I'd just like to know.

    I hope someone has some info on these questions.

    Dick

    "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
    news:OMj%23%23ewiFHA.2668@TK2MSFTNGP10.phx.gbl...
    > The following table lists valid values for permission.
    > Value Description
    > --------------------------------
    > n None
    > r Read
    > w Write
    > c Change (Write)
    > f Full Control
    >
    > Output ACE applies to
    > ----------------------------------------------------------------------------
    > OI This folder and files
    > CI This folder and subfolders
    > IO The ACE does not apply to the current
    > file/directory.
    > No output message This folder only
    > (IO)(CI) This folder, subfolders and files
    > (OI)(CI)(IO) Subfolders and files only
    > (CI)(IO) Subfolders only
    > (OI)(IO) Files only
    >
    > cacls
    > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/cacls.mspx
    >
    >
    > --
    > Hope this helps. Let us know.
    >
    > Wes
    > MS-MVP Windows Shell/User
    >
    > In news:TN-dnctKedawOUffRVn-oQ@comcast.com,
    > Dick Sutton <rsutton43@comcast.net> hunted and pecked:
    >> Can anyone explain to me the output of a typical output of cacls or point
    >> me to a document that explains the details? The microsoft knowledgebase
    >> articles do not explain the output (only in general).
    >>
    >> For example:
    >>
    >> C:\Documents and Settings\All Users NT AUTHORITY\SYSTEM:F
    >> BUILTIN\Administrators:F
    >> BUILTIN\Users:R
    >> <Account Domain not found>(special
    >> access:)C
    >> Everyone:R
    >> NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
    >> BUILTIN\Administrators:(OI)(CI)(IO)F
    >> BUILTIN\Users:(OI)(CI)(IO)(special
    >> access:)
    >>
    >>
    >> GENERIC_READ
    >>
    >> GENERIC_EXECUTE
    >>
    >> Everyone:(OI)(CI)(IO)(special
    >> access:)
    >>
    >> GENERIC_READ
    >> GENERIC_EXECUTE
    >>
    >>
    >> Why do there appear to be double entries for some items:
    >>
    >> BUILTIN\Administrators:F
    >> BUILTIN\Administrators:(OI)(CI)(IO)F
    >>
    >> and
    >>
    >> BUILTIN\Users:R
    >> BUILTIN\Users:(OI)(CI)(IO)(special
    >> access:)
    >>
    >>
    >> GENERIC_READ
    >>
    >> GENERIC_EXECUTE
    >>
    >> and
    >>
    >> Everyone:R
    >> Everyone:(OI)(CI)(IO)(special
    >> access:)
    >>
    >> GENERIC_READ
    >> GENERIC_EXECUTE
    >>
    >> These are extracted from above. Can someone explain this output or point
    >> me to a document?
    >>
    >> Thanks...
    >>
    >> Dick
    >
Ask a new question

Read More

Microsoft Windows XP