| 0x00002711 | ICACLS name /save aclfile [/T] [/C] [/L] [/Q] 将匹配名称的文件和文件夹的 DACL 存储到 aclfile 中 以便将来与 /restore 一起使用。请注意,未保存 SACL、 所有者或完整性标签。ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile [/C] [/L] [/Q] 将存储的 DACL 应用于目录中的文件。ICACLS name /setowner user [/T] [/C] [/L] [/Q] 更改所有匹配名称的所有者。该选项不会强制更改所有 身份;使用 takeown.exe 实用程序可实现 该目的。ICACLS name /findsid Sid [/T] [/C] [/L] [/Q] 查找包含显式提及 SID 的 ACL 的 所有匹配名称。ICACLS name /verify [/T] [/C] [/L] [/Q] 查找其 ACL 不规范或长度与 ACE 计数不一致的所有文件。ICACLS name /reset [/T] [/C] [/L] [/Q] 为所有匹配文件使用默认继承的 ACL 替换 ACL。ICACLS name [/grant[:r] Sid:perm[...]] [/deny Sid:perm [...]] [/remove[:g|:d]] Sid[...]] [/T] [/C] [/L] [/Q] [/setintegritylevel Level:policy[...]] /grant[:r] Sid:perm 授予指定的用户访问权限。如果使用 :r, 这些权限将替换以前授予的所有显式权限。 如果不使用 :r,这些权限将添加到以前授予的 所有显式权限。 /deny Sid:perm 显式拒绝指定的用户访问权限。 将为列出的权限添加显式拒绝 ACE, 并删除所有显式授予的权限中的相同权限。 /remove[:[g|d]] Sid 删除 ACL 中所有出现的 SID。使用 :g,将删除授予该 SID 的所有权限。使用 :d,将删除拒绝该 SID 的所有权限。 /setintegritylevel [(CI)(OI)]级别将完整性 ACE 显式 添加到所有匹配文件。要指定的级别为以下级别 之一: L[ow] M[edium] H[igh] 完整性 ACE 的继承选项可以优先于级别,但只应用于 目录。 /inheritance:e|d|r e - 启用继承 d - 禁用继承并复制 ACE r - 删除所有继承的 ACE注意: Sid 可以采用数字格式或友好的名称格式。如果给定数字格式, 那么请在 SID 的开头添加一个 *。 /T 指示在以该名称指定的目录下的所有匹配文件/目录上 执行此操作。 /C 指示此操作将在所有文件错误上继续进行。 仍将显示错误消息。 /L 指示此操作在符号 链接本身而不是其目标上执行。 /Q 指示 icacls 应该禁止显示成功消息。 ICACLS 保留 ACE 项的规范顺序: 显式拒绝 显式授予 继承的拒绝 继承的授予 perm 是权限掩码,可以指定两种格式之一: 简单权限序列: N - 无访问权限 F - 完全访问权限 M - 修改权限 RX - 读取和执行权限 R - 只读权限 W - 只写权限 D - 删除权限 在括号中以逗号分隔的特定权限列表: DE - 删除 RC - 读取控制 WDAC - 写入 DAC WO - 写入所有者 S - 同步 AS - 访问系统安全性 MA - 允许的最大值 GR - 一般性读取 GW - 一般性写入 GE - 一般性执行 GA - 全为一般性 RD - 读取数据/列出目录 WD - 写入数据/添加文件 AD - 附加数据/添加子目录 REA - 读取扩展属性 WEA - 写入扩展属性 X - 执行/遍历 DC - 删除子项 RA - 读取属性 WA - 写入属性 继承权限可以优先于每种格式,但只应用于 目录: (OI) - 对象继承 (CI) - 容器继承 (IO) - 仅继承 (NP) - 不传播继承 (I) - 从父容器继承的权限示例: icacls c:\\windows\\* /save AclFile /T - 将 c:\\windows 及其子目录下所有文件的 ACL 保存到 AclFile。 icacls c:\\windows\\ /restore AclFile - 将还原 c:\\windows 及其子目录下存在的 AclFile 内 所有文件的 ACL。 icacls file /grant Administrator:(D,WDAC) - 将授予用户对文件删除和写入 DAC 的管理员 权限。 icacls file /grant *S-1-1-0:(D,WDAC) - 将授予由 sid S-1-1-0 定义的用户对文件删除和 写入 DAC 的权限。 |
ICACLS name /save aclfile [/T] [/C] [/L] [/Q] stores the DACLs for the files and folders that match the name into aclfile for later use with /restore. Note that SACLs, owner, or integrity labels are not saved.ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile [/C] [/L] [/Q] applies the stored DACLs to files in directory.ICACLS name /setowner user [/T] [/C] [/L] [/Q] changes the owner of all matching names. This option does not force a change of ownership; use the takeown.exe utility for that purpose.ICACLS name /findsid Sid [/T] [/C] [/L] [/Q] finds all matching names that contain an ACL explicitly mentioning Sid.ICACLS name /verify [/T] [/C] [/L] [/Q] finds all files whose ACL is not in canonical form or whose lengths are inconsistent with ACE counts.ICACLS name /reset [/T] [/C] [/L] [/Q] replaces ACLs with default inherited ACLs for all matching files.ICACLS name [/grant[:r] Sid:perm[...]] [/deny Sid:perm [...]] [/remove[:g|:d]] Sid[...]] [/T] [/C] [/L] [/Q] [/setintegritylevel Level:policy[...]] /grant[:r] Sid:perm grants the specified user access rights. With :r, the permissions replace any previously granted explicit permissions. Without :r, the permissions are added to any previously granted explicit permissions. /deny Sid:perm explicitly denies the specified user access rights. An explicit deny ACE is added for the stated permissions and the same permissions in any explicit grant are removed. /remove[:[g|d]] Sid removes all occurrences of Sid in the ACL. With :g, it removes all occurrences of granted rights to that Sid. With :d, it removes all occurrences of denied rights to that Sid. /setintegritylevel [(CI)(OI)]Level explicitly adds an integrity ACE to all matching files. The level is to be specified as one of: L[ow] M[edium] H[igh] Inheritance options for the integrity ACE may precede the level and are applied only to directories. /inheritance:e|d|r e - enables inheritance d - disables inheritance and copy the ACEs r - remove all inherited ACEsNote: Sids may be in either numerical or friendly name form. If a numerical form is given, affix a * to the start of the SID. /T indicates that this operation is performed on all matching files/directories below the directories specified in the name. /C indicates that this operation will continue on all file errors. Error messages will still be displayed. /L indicates that this operation is performed on a symbolic link itself versus its target. /Q indicates that icacls should suppress success messages. ICACLS preserves the canonical ordering of ACE entries: Explicit denials Explicit grants Inherited denials Inherited grants perm is a permission mask and can be specified in one of two forms: a sequence of simple rights: N - no access F - full access M - modify access RX - read and execute access R - read-only access W - write-only access D - delete access a comma-separated list in parentheses of specific rights: DE - delete RC - read control WDAC - write DAC WO - write owner S - synchronize AS - access system security MA - maximum allowed GR - generic read GW - generic write GE - generic execute GA - generic all RD - read data/list directory WD - write data/add file AD - append data/add subdirectory REA - read extended attributes WEA - write extended attributes X - execute/traverse DC - delete child RA - read attributes WA - write attributes inheritance rights may precede either form and are applied only to directories: (OI) - object inherit (CI) - container inherit (IO) - inherit only (NP) - don't propagate inherit (I) - permission inherited from parent containerExamples: icacls c:\\windows\\* /save AclFile /T - Will save the ACLs for all files under c:\\windows and its subdirectories to AclFile. icacls c:\\windows\\ /restore AclFile - Will restore the Acls for every file within AclFile that exists in c:\\windows and its subdirectories. icacls file /grant Administrator:(D,WDAC) - Will grant the user Administrator Delete and Write DAC permissions to file. icacls file /grant *S-1-1-0:(D,WDAC) - Will grant the user defined by sid S-1-1-0 Delete and Write DAC permissions to file. |
| 0x00002712 | ICACLS name /save aclfile [/T] [/C] 将匹配名称的文件和文件夹的 DACL 存储到 aclfile 以便将来与 /restore 一起使用。请注意,未保存 SACL、所有者或完整性标签。ICACLS directory [/substitute SidOld SidNew [...]] /restore:aclfile [/C] 将存储的 DACL 应用于目录中的文件。ICACLS name /setowner user [/T] [/C] 更改所有匹配名称的所有者。该选项不会强制更改所有身份; 使用 takeown.exe 实用程序可实现该目的。ICACLS name /findsid Sid [/T] [/C] 查找包含显式提及 SID 的 ACL 的所有匹配名称。ICACLS name /verify [/T] [/C] 查找其 ACL 不规范或长度与 ACE 计数不一致的所有文件。ICACLS name /reset [/T] [/C] 为所有匹配文件使用默认继承的 ACL 替换 ACL。ICACLS name [/grant[:r] Sid:perm[...]] [/deny Sid:perm [...]] [/remove[:g|:d]] Sid[...]] [/T] [/C] /grant[:r] Sid:perm 授予指定的用户访问权限。如果使用 :r, 这些权限将替换以前授予的所有显式权限。 如果不使用 :r,这些权限将添加到以前授予的所有显式权限。 /deny Sid:perm 显式拒绝指定的用户权限。 将为列出的权限添加显式拒绝 ACE, 并删除所有显式授予的权限中的相同权限。 /remove[:[g|d]] SID 删除 ACL 中所有出现的 SID。使用 :g,将删除授予该 SID 的所有权限。使用 :d,将删除拒绝该 SID 的所有权限。 /inheritance:e|d|r e - 启用继承 d - 禁用继承并复制 ACE r - 删除所有继承的 ACE注意: SID 可以采用数字格式或友好的名称格式。如果给定数字格式, 那么请在 SID 的开头添加一个 *。 /T 指示在以该名称指定的目录下的所有匹配文件/目录上 执行此操作。 /C 指示该操作将在所有文件错误上继续进行。仍将显示错误消息。 ICACLS 保留 ACE 项的规范顺序: 显式拒绝 显式授予 继承的拒绝 继承的授予 perm 是权限掩码,可以两种格式之一指定: 简单权限序列: N - 没有访问权限 F - 完全访问权限 M - 修改权限 RX - 读取和执行权限 R - 只读权限 D - 删除访问权限 在括号中以逗号分隔的特定权限列表: DE - 删除 RC - 读取控制 WDAC - 写入 DAC WO - 写入所有者 S - 同步 AS - 访问系统安全性 MA - 允许的最大值 GR - 一般性读取 GW - 一般性写入 GE - 一般性执行 GA - 全为一般性 RD - 读取数据/列出目录 WD - 写入数据/添加文件 AD - 附加数据/添加子目录 REA - 读取扩展属性 WEA - 写入扩展属性 X - 执行/遍历 DC - 删除子项 RA -读取属性 WA - 写入属性 继承权限可以优先于每种格式,但只应用于 目录: (OI) - 对象继承 (CI) - 容器继承 (IO) - 仅继承 (NP) - 不传播继承 (I) - 从父容器继承的权限示例: icacls c:\\windows\\* /save AclFile /T - 将把 c:\\windows 及其子目录下所有文件的 ACL 保存到 AclFile。 icacls c:\\windows\\ /restore AclFile - 将还原 c:\\windows 及其子目录下存在的 AclFile 内的所有文件的 ACL。 icacls file /grant Administrator:(D,WDAC) - 将授予用户向文件删除和写入 DAC 的管理员权限。 icacls file /grant *S-1-1-0:(D,WDAC) - 将授予由 sid S-1-1-0 定义的用于向文件删除和写入 DAC 的权限。 |
ICACLS name /save aclfile [/T] [/C] stores the DACLs for the files and folders that match the name into aclfile for later use with /restore. Note that SACLs, owner, or integrity labels are not saved.ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile [/C] applies the stored DACLs to files in directory.ICACLS name /setowner user [/T] [/C] changes the owner of all matching names. This option does not force a change of ownership; use the takeown.exe utility for that purpose.ICACLS name /findsid Sid [/T] [/C] finds all matching names that contain an ACL explicitly mentioning Sid.ICACLS name /verify [/T] [/C] finds all files whose ACL is not in canonical form or whose lengths are inconsistent with ACE counts.ICACLS name /reset [/T] [/C] replaces ACLs with default inherited ACLs for all matching files.ICACLS name [/grant[:r] Sid:perm[...]] [/deny Sid:perm [...]] [/remove[:g|:d]] Sid[...]] [/T] [/C] /grant[:r] Sid:perm grants the specified user access rights. With :r, the permissions replace any previously granted explicit permissions. Without :r, the permissions are added to any previously granted explicit permissions. /deny Sid:perm explicitly denies the specified user access rights. An explicit deny ACE is added for the stated permissions and the same permissions in any explicit grant are removed. /remove[:[g|d]] Sid removes all occurrences of Sid in the ACL. With :g, it removes all occurrences of granted rights to that Sid. With :d, it removes all occurrences of denied rights to that Sid. /inheritance:e|d|r e - enables inheritance d - disables inheritance and copy the ACEs r - remove all inherited ACEsNote: Sids may be in either numerical or friendly name form. If a numerical form is given, affix a * to the start of the SID. /T indicates that this operation is performed on all matching files/directories below the directories specified in the name. /C indicates that this operation will continue on all file errors. Error messages will still be displayed. ICACLS preserves the canonical ordering of ACE entries: Explicit denials Explicit grants Inherited denials Inherited grants perm is a permission mask and can be specified in one of two forms: a sequence of simple rights: N - no access F - full access M - modify access RX - read and execute access R - read-only access D - delete access a comma-separated list in parenthesis of specific rights: DE - delete RC - read control WDAC - write DAC WO - write owner S - synchronize AS - access system security MA - maximum allowed GR - generic read GW - generic write GE - generic execute GA - generic all RD - read data/list directory WD - write data/add file AD - append data/add subdirectory REA - read extended attributes WEA - write extended attributes X - execute/traverse DC - delete child RA - read attributes WA - write attributes inheritance rights may precede either form and are applied only to directories: (OI) - object inherit (CI) - container inherit (IO) - inherit only (NP) - don't propagate inherit (I) - permission inherited from parent containerExamples: icacls c:\\windows\\* /save AclFile /T - Will save the ACLs for all files under c:\\windows and its subdirectories to AclFile. icacls c:\\windows\\ /restore AclFile - Will restore the Acls for every file within AclFile that exists in c:\\windows and its subdirectories. icacls file /grant Administrator:(D,WDAC) - Will grant the user Administrator Delete and Write DAC permissions to file. icacls file /grant *S-1-1-0:(D,WDAC) - Will grant the user defined by sid S-1-1-0 Delete and Write DAC permissions to file. |
| 0x00002713 | 无效参数“%1” |
Invalid parameter \"%1\" |
| 0x00002714 | ACCESS_DENIED%0 |
ACCESS_DENIED%0 |
| 0x00002715 | 已处理的文件: %1 |
processed file: %1 |
| 0x00002716 | %0 |
%0 |
| 0x00002717 | (OI)%0 |
(OI)%0 |
| 0x00002718 | (CI)%0 |
(CI)%0 |
| 0x00002719 | (NP)%0 |
(NP)%0 |
| 0x0000271A | (IO)%0 |
(IO)%0 |
| 0x0000271B | (DENY)%0 |
(DENY)%0 |
| 0x0000271C | (特殊访问:) |
(special access:) |
| 0x0000271D | 共享冲突:%0 |
sharing violation:%0 |
| 0x0000271E | 设置所有权失败%0 |
Set ownership failed%0 |
| 0x0000271F | 拒绝访问: %0 |
Access denied: %0 |
| 0x00002720 | 未设置任何权限。所有用户都具有完全控制权限。%0 |
No permissions are set. All users have full control.%0 |
| 0x00002721 | %1: ACE 条目顺序不规范。 |
%1: Ace entries not in canonical order. |
| 0x00002722 | %1: ACL 长度不正确。 |
%1: Acl length is incorrect. |
| 0x00002723 | 已成功保存 ACL。 |
Acls were successfully saved. |
| 0x00002724 | 已成功还原 ACL。 |
Acls successfully restored. |
| 0x00002725 | 发现 SID: %1。 |
SID Found: %1. |
| 0x00002726 | 验证 ACL 时未发现错误。 |
No errors were found while verifying ACLs. |
| 0x00002727 | 已成功修改 ACL。 |
The Acls were successfully modified. |
| 0x00002728 | 已成功重置 ACL。 |
The ACLs were successfully reset. |
| 0x00002729 | 已成功设置所有者。 |
The owner was successfully set. |
| 0x0000272A | 未找到任何具有匹配 SID 的文件。 |
No files with a matching SID was found |
| 0x0000272B | 已成功处理 %1 个文件; 处理 %2 个文件时失败 |
Successfully processed %1 files; Failed processing %2 files |
| 0x0000272C | 不允许进行该操作,原因是这将创建无法使用的 ACL。 |
This operation is not allowed as it would create an un-usable ACL. |
| 0x0000272D | 第一个参数必须是文件名模式或 \"/?\" |
First parameter must be a file name pattern or \"/?\" |