| 0x00002711 | ICACLS name /save aclfile [/T] [/C] [/L] [/Q] 將符合名稱之檔案與資料夾的 DACL 儲存至 aclfile,以供稍後與 /restore 搭配使用。請注意,這不會儲存 SACL、擁有者或完整 性標籤。ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile [/C] [/L] [/Q] 將儲存的 DACL 套用到目錄中的檔案。ICACLS name /setowner user [/T] [/C] [/L] [/Q] 變更所有相符名稱的擁有者。此選項不會強制變更擁有權; 如果要強制變更擁有 權,請使用 takeown.exe 公用程式。ICACLS name /findsid Sid [/T] [/C] [/L] [/Q] 尋找內含明確提及 Sid 之 ACL 的所有相符名稱。ICACLS name /verify [/T] [/C] [/L] [/Q] 尋找含有未使用標準格式的 ACL 或長度與 ACE 計數不一致的所有檔案。ICACLS name /reset [/T] [/C] [/L] [/Q] 針對所有符合的檔案,使用預設繼承的 ACL 取代 ACL。ICACLS name [/grant[:r] Sid:perm[...]] [/deny Sid:perm [...]] [/remove[:g|:d]] Sid[...]] [/T] [/C] [/L] [/Q] [/setintegritylevel Level:policy[...]] /grant[:r] Sid:perm 授與指定的使用者存取權限。若加上 :r,該權限便會取 代先前授與的明確權限。若不加上 :r,則會將權限加入先前授與的任何明 確權限。 /deny Sid:perm 明確拒絕指定的使用者存取權限。對指定的權限新增明確拒絕的 ACE,並將任何明確授與中的相同權限移除。 /remove[:[g|d]] Sid 會移除 ACL 中 Sid 的所有符合項目。若加上 :g,會將授 與該 Sid 之權限的所有符合項目移除。若加上 :d,則會將拒絕該 Sid 之權 限的所有符合項目移除。 /setintegritylevel [(CI)(OI)]Level 明確地新增完整性 ACE 至所有符合的檔 案。可指定下列層級的其中一個: L[ow] M[edium] H[igh] 完整性 ACE 的繼承選項具有高於層級的優先性,且只會套用到目錄。 /inheritance:e|d|r e - 啟用繼承 d - 停用繼承並複製 ACE r - 移除所有繼承的 ACE注意: Sid 的格式可以是數字或好記的名稱。如果指定使用數字格式,請在 SID 的開頭 加上 *。 /T 指示要在 name 指定之目錄下的所有相符檔案/目錄上執行此操作。 /C 指示不論發生任何檔案錯誤,都繼續執行此操作。仍會顯示錯誤訊息。 /L 指示此操作會在符號連結 (而非其目標) 上執行。 /Q 指示 icacls 應隱藏成功訊息。 ICACLS 保留 ACE 項目的標準順序: 明確拒絕 明確授與 繼承拒絕 繼承授與 perm 是權限遮罩,可使用下列其中一種格式來指定: 一連串簡單權限: N - 不允許存取 F - 完整存取權 M - 修改存取權 RX - 讀取和執行存取權 R - 唯讀存取權 W - 唯寫存取權 D - 刪除存取權 在括號中以逗號分隔特定權限的清單: DE - 刪除 RC - 讀取控制 WDAC - 寫入 DAC WO - 寫入擁有者 S - 同步 AS - 存取系統安全性 MA - 允許的最大值 GR - 一般讀取 GW - 一般寫入 GE - 一般執行 GA - 一般所有權限 RD - 讀取資料/列出目錄 WD - 寫入資料/新增檔案 AD - 附加資料/新增子目錄 REA - 讀取擴充屬性 WEA - 寫入擴充屬性 X - 執行/周遊 DC - 刪除子系 RA - 讀取屬性 WA - 寫入屬性 繼承權限的優先順序高於上述任一種格式,且僅套用到目錄: (OI) - 物件繼承 (CI) - 容器繼承 (IO) - 僅繼承 (NP) - 不傳播繼承 (I) - 從父容器繼承的權限範例: icacls c:\\windows\\* /save AclFile /T - 會將 c:\\windows 及其子目錄下所有檔案的 ACL 儲存到 AclFile。 icacls c:\\windows\\ /restore AclFile - 會還原 AclFile 之中每個檔案的 Acl,而 AclFile 位於 c:\\windows 及其子目錄下。 icacls file /grant Administrator:(D,WDAC) - 會將檔案的刪除和寫入 DAC 權限授與使用者 Administrator。 icacls file /grant *S-1-1-0:(D,WDAC) - 會將檔案的刪除和寫入 DAC 權限授與 sid S-1-1-0 所定義的使用者。 |
ICACLS name /save aclfile [/T] [/C] [/L] [/Q] stores the DACLs for the files and folders that match the name into aclfile for later use with /restore. Note that SACLs, owner, or integrity labels are not saved.ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile [/C] [/L] [/Q] applies the stored DACLs to files in directory.ICACLS name /setowner user [/T] [/C] [/L] [/Q] changes the owner of all matching names. This option does not force a change of ownership; use the takeown.exe utility for that purpose.ICACLS name /findsid Sid [/T] [/C] [/L] [/Q] finds all matching names that contain an ACL explicitly mentioning Sid.ICACLS name /verify [/T] [/C] [/L] [/Q] finds all files whose ACL is not in canonical form or whose lengths are inconsistent with ACE counts.ICACLS name /reset [/T] [/C] [/L] [/Q] replaces ACLs with default inherited ACLs for all matching files.ICACLS name [/grant[:r] Sid:perm[...]] [/deny Sid:perm [...]] [/remove[:g|:d]] Sid[...]] [/T] [/C] [/L] [/Q] [/setintegritylevel Level:policy[...]] /grant[:r] Sid:perm grants the specified user access rights. With :r, the permissions replace any previously granted explicit permissions. Without :r, the permissions are added to any previously granted explicit permissions. /deny Sid:perm explicitly denies the specified user access rights. An explicit deny ACE is added for the stated permissions and the same permissions in any explicit grant are removed. /remove[:[g|d]] Sid removes all occurrences of Sid in the ACL. With :g, it removes all occurrences of granted rights to that Sid. With :d, it removes all occurrences of denied rights to that Sid. /setintegritylevel [(CI)(OI)]Level explicitly adds an integrity ACE to all matching files. The level is to be specified as one of: L[ow] M[edium] H[igh] Inheritance options for the integrity ACE may precede the level and are applied only to directories. /inheritance:e|d|r e - enables inheritance d - disables inheritance and copy the ACEs r - remove all inherited ACEsNote: Sids may be in either numerical or friendly name form. If a numerical form is given, affix a * to the start of the SID. /T indicates that this operation is performed on all matching files/directories below the directories specified in the name. /C indicates that this operation will continue on all file errors. Error messages will still be displayed. /L indicates that this operation is performed on a symbolic link itself versus its target. /Q indicates that icacls should suppress success messages. ICACLS preserves the canonical ordering of ACE entries: Explicit denials Explicit grants Inherited denials Inherited grants perm is a permission mask and can be specified in one of two forms: a sequence of simple rights: N - no access F - full access M - modify access RX - read and execute access R - read-only access W - write-only access D - delete access a comma-separated list in parentheses of specific rights: DE - delete RC - read control WDAC - write DAC WO - write owner S - synchronize AS - access system security MA - maximum allowed GR - generic read GW - generic write GE - generic execute GA - generic all RD - read data/list directory WD - write data/add file AD - append data/add subdirectory REA - read extended attributes WEA - write extended attributes X - execute/traverse DC - delete child RA - read attributes WA - write attributes inheritance rights may precede either form and are applied only to directories: (OI) - object inherit (CI) - container inherit (IO) - inherit only (NP) - don't propagate inherit (I) - permission inherited from parent containerExamples: icacls c:\\windows\\* /save AclFile /T - Will save the ACLs for all files under c:\\windows and its subdirectories to AclFile. icacls c:\\windows\\ /restore AclFile - Will restore the Acls for every file within AclFile that exists in c:\\windows and its subdirectories. icacls file /grant Administrator:(D,WDAC) - Will grant the user Administrator Delete and Write DAC permissions to file. icacls file /grant *S-1-1-0:(D,WDAC) - Will grant the user defined by sid S-1-1-0 Delete and Write DAC permissions to file. |
| 0x00002712 | ICACLS name /save aclfile [/T] [/C] 將符合名稱之檔案與資料夾的 DACL 儲存至 aclfile,以供稍後與 /restore 搭配使用。請注意,這不會儲存 SACL、擁有者或完整性標籤。ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile [/C] 將儲存的 DACL 套用到目錄中的檔案。ICACLS name /setowner user [/T] [/C] 變更所有相符名稱的擁有者。此選項不會強制變更擁有權; 若要強制變更擁有權, 請使用 takeown.exe 公用程式。ICACLS name /findsid Sid [/T] [/C] 尋找內含明確提及 Sid 之 ACL 的所有相符名稱。ICACLS name /verify [/T] [/C] 尋找含有未使用標準格式的 ACL 或長度與 ACE 計數不一致的所有檔案。ICACLS name /reset [/T] [/C] 針對所有符合的檔案,使用預設繼承的 ACL 取代 ACL。ICACLS name [/grant[:r] Sid:perm[...]] [/deny Sid:perm [...]] [/remove[:g|:d]] Sid[...]] [/T] [/C] /grant[:r] Sid:perm 授與指定的使用者存取權限。若加上 :r,該權限便會取 代先前授與的明確權限。若不加上 :r,則會將權限加入先前授與的任何明 確權限。 /deny Sid:perm 明確拒絕指定的使用者存取權限。對指定的權限新增明確拒絕的 ACE,並將任何明確授與中的相同權限移除。 /remove[:[g|d]] Sid 會移除 ACL 中 Sid 的所有符合項目。若加上 :g,會將授 與該 Sid 之權限的所有符合項目移除。若加上 :d,則會將拒絕該 Sid 之權 限的所有符合項目移除。 /inheritance:e|d|r e - 啟用繼承 d - 停用繼承並複製 ACE r - 移除所有繼承的 ACE注意: Sids 的格式可以是數字或好記的名稱。如果指定使用數字格式,請在 SID 的開頭 加上 *。 /T 指示要在 name 指定之目錄下的所有相符檔案/目錄上執行此操作。 /C 指示不論發生任何檔案錯誤,都繼續執行此操作。仍會顯示錯誤訊息。 ICACLS 保留 ACE 項目的標準順序: 明確拒絕 明確授與 繼承拒絕 繼承授與 perm 是權限遮罩,可使用下列其中一種格式來指定: 一連串簡單權限: N - 不允許存取 F - 完整存取權 M - 修改存取權 RX - 讀取和執行存取權 R - 唯讀存取權 D - 刪除存取權 在括號中以逗號分隔特定權限的清單: DE - 刪除 RC - 讀取控制 WDAC - 寫入 DAC WO - 寫入擁有者 S - 同步 AS - 存取系統安全性 MA - 允許的最大值 GR - 一般讀取 GW - 一般寫入 GE - 一般執行 GA - 一般所有權限 RD - 讀取資料/列出目錄 WD - 寫入資料/新增檔案 AD - 附加資料/新增子目錄 REA - 讀取擴充屬性 WEA - 寫入擴充屬性 X - 執行/周遊 DC - 刪除子系 RA - 讀取屬性 WA - 寫入屬性 繼承權限的優先順序高於上述任一種格式,且僅套用到目錄: (OI) - 物件繼承 (CI) - 容器繼承 (IO) - 僅繼承 (NP) - 不傳播繼承 (I) - 從父容器繼承的權限範例: icacls c:\\windows\\* /save AclFile /T - 會將 c:\\windows 以及子目錄下所有檔案的 ACL 儲存到 AclFile。 icacls c:\\windows\\ /restore AclFile - 會還原 AclFile 之中每個檔案的 Acl,而 AclFile 位於 c:\\windows 及其子目錄下。 icacls file /grant Administrator:(D,WDAC) - 會將檔案的刪除和寫入 DAC 權限授與使用者 Administrator。 icacls file /grant *S-1-1-0:(D,WDAC) - 會將檔案的刪除和寫入 DAC 權限授與 sid S-1-1-0 所定義的使用者。 |
ICACLS name /save aclfile [/T] [/C] stores the DACLs for the files and folders that match the name into aclfile for later use with /restore. Note that SACLs, owner, or integrity labels are not saved.ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile [/C] applies the stored DACLs to files in directory.ICACLS name /setowner user [/T] [/C] changes the owner of all matching names. This option does not force a change of ownership; use the takeown.exe utility for that purpose.ICACLS name /findsid Sid [/T] [/C] finds all matching names that contain an ACL explicitly mentioning Sid.ICACLS name /verify [/T] [/C] finds all files whose ACL is not in canonical form or whose lengths are inconsistent with ACE counts.ICACLS name /reset [/T] [/C] replaces ACLs with default inherited ACLs for all matching files.ICACLS name [/grant[:r] Sid:perm[...]] [/deny Sid:perm [...]] [/remove[:g|:d]] Sid[...]] [/T] [/C] /grant[:r] Sid:perm grants the specified user access rights. With :r, the permissions replace any previously granted explicit permissions. Without :r, the permissions are added to any previously granted explicit permissions. /deny Sid:perm explicitly denies the specified user access rights. An explicit deny ACE is added for the stated permissions and the same permissions in any explicit grant are removed. /remove[:[g|d]] Sid removes all occurrences of Sid in the ACL. With :g, it removes all occurrences of granted rights to that Sid. With :d, it removes all occurrences of denied rights to that Sid. /inheritance:e|d|r e - enables inheritance d - disables inheritance and copy the ACEs r - remove all inherited ACEsNote: Sids may be in either numerical or friendly name form. If a numerical form is given, affix a * to the start of the SID. /T indicates that this operation is performed on all matching files/directories below the directories specified in the name. /C indicates that this operation will continue on all file errors. Error messages will still be displayed. ICACLS preserves the canonical ordering of ACE entries: Explicit denials Explicit grants Inherited denials Inherited grants perm is a permission mask and can be specified in one of two forms: a sequence of simple rights: N - no access F - full access M - modify access RX - read and execute access R - read-only access D - delete access a comma-separated list in parenthesis of specific rights: DE - delete RC - read control WDAC - write DAC WO - write owner S - synchronize AS - access system security MA - maximum allowed GR - generic read GW - generic write GE - generic execute GA - generic all RD - read data/list directory WD - write data/add file AD - append data/add subdirectory REA - read extended attributes WEA - write extended attributes X - execute/traverse DC - delete child RA - read attributes WA - write attributes inheritance rights may precede either form and are applied only to directories: (OI) - object inherit (CI) - container inherit (IO) - inherit only (NP) - don't propagate inherit (I) - permission inherited from parent containerExamples: icacls c:\\windows\\* /save AclFile /T - Will save the ACLs for all files under c:\\windows and its subdirectories to AclFile. icacls c:\\windows\\ /restore AclFile - Will restore the Acls for every file within AclFile that exists in c:\\windows and its subdirectories. icacls file /grant Administrator:(D,WDAC) - Will grant the user Administrator Delete and Write DAC permissions to file. icacls file /grant *S-1-1-0:(D,WDAC) - Will grant the user defined by sid S-1-1-0 Delete and Write DAC permissions to file. |
| 0x00002713 | 不正確的參數 \"%1\" |
Invalid parameter \"%1\" |
| 0x00002714 | ACCESS_DENIED%0 |
ACCESS_DENIED%0 |
| 0x00002715 | 已處理的檔案: %1 |
processed file: %1 |
| 0x00002716 | %0 |
%0 |
| 0x00002717 | (OI)%0 |
(OI)%0 |
| 0x00002718 | (CI)%0 |
(CI)%0 |
| 0x00002719 | (NP)%0 |
(NP)%0 |
| 0x0000271A | (IO)%0 |
(IO)%0 |
| 0x0000271B | (DENY)%0 |
(DENY)%0 |
| 0x0000271C | (特殊存取:) |
(special access:) |
| 0x0000271D | 共用違規:%0 |
sharing violation:%0 |
| 0x0000271E | 設定擁有權失敗%0 |
Set ownership failed%0 |
| 0x0000271F | 拒絕存取: %0 |
Access denied: %0 |
| 0x00002720 | 未設定任何使用權限。所有使用者都有完全控制權。%0 |
No permissions are set. All users have full control.%0 |
| 0x00002721 | %1: Ace 項目的順序不標準。 |
%1: Ace entries not in canonical order. |
| 0x00002722 | %1: ACL 長度不正確。 |
%1: Acl length is incorrect. |
| 0x00002723 | 已順利儲存 ACL。 |
Acls were successfully saved. |
| 0x00002724 | 已順利還原 ACL。 |
Acls successfully restored. |
| 0x00002725 | 找到的 SID: %1。 |
SID Found: %1. |
| 0x00002726 | 驗證 ACL 時沒有發現錯誤。 |
No errors were found while verifying ACLs. |
| 0x00002727 | 已順利修改 ACL。 |
The Acls were successfully modified. |
| 0x00002728 | 已順利重設 ACL。 |
The ACLs were successfully reset. |
| 0x00002729 | 已順利設定擁有者。 |
The owner was successfully set. |
| 0x0000272A | 找不到有相符 SID 的檔案 |
No files with a matching SID was found |
| 0x0000272B | 已順利處理 %1 個檔案; %2 個檔案處理失敗 |
Successfully processed %1 files; Failed processing %2 files |
| 0x0000272C | 不允許執行此操作,因為它會建立無法使用的 ACL。 |
This operation is not allowed as it would create an un-usable ACL. |
| 0x0000272D | 第一個參數必須是檔案名稱模式 \"/?\" |
First parameter must be a file name pattern or \"/?\" |