Gathering Security Descriptor Information Using Checked Version of Cacls.exe (223006)


The information in this article applies to:

  • Microsoft Windows NT Server 4.0
This article was previously published under Q223006

SUMMARY

Administrators can use the Cacls.exe command-line tool to view and change access control lists (ACLs) on the security descriptors of file system objects.

The checked version of Cacls.exe provides an additional switch (/b) that includes command-line access to much more detailed information about the contents of the security descriptor.

MORE INFORMATION

The /b switch is used with a following number that specifies the type of additional information to provide.

Cacls <filename> /b <#>Information provided
1Displays the SIDS for each user in the security descriptor
2Displays access masks for each entry
4Displays any returned errors
8Displays the location of any returned errors
0x10Provides verbose output
0x20Provides even more verbose output
0x40Enumerate object names
0x80Enumerate failures
0x100Enumerate starts and returns
0x200Enumerate extra data
0x400Show size allocation data
0x800Displays enumeration of files only
Modification Type:MajorLast Reviewed:9/9/2002
Keywords:kbinfo KB223006
©2002 Microsoft Corporation. All rights reserved.