Windows: List files and their permissions (access) in command line
In linux, ls -l lists files permissions, like this:
-rw-r--r-- 1 user user 924 2011-07-01 20:23 test.txt
In Windows, commands tree and dir don't have the options to list permissions. How is it possible to list files and their permissions using command line only?
Solution 1:
Use icacls:
> icacls Music
Music SNOW\grawity:(I)(F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
SNOW\grawity:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
The older cacls tool is the only choice on Windows XP [although you can copy icacls.exe from Server 2003]. cacls does not know about some ACL modes, but displays most of them fine.
> cacls Music
F:\Users\Mantas\Music SNOW\grawity:F
CREATOR OWNER:(OI)(CI)(IO)F
SNOW\grawity:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:(OI)(CI)F
In both outputs, (OI) means "object inherit" (files will inherit this ACE), (CI) is "container inherit" (containers – i.e. folders – will inherit this ACE), (IO) is "inherit only".
Microsoft also used to provide an xcacls tool separately, but its functionality is now part of icacls.
Solution 2:
You can use Powershell and the Get-Acl command
PS C:\> Get-Acl
Directory:
Path Owner Access
---- ----- ------
C:\ NT SERVICE\TrustedInstaller Everyone Allow FullControl
Use it in conjunction with Get-ChildItem (aliased with dir and ls) to get the permissions for the files.
PS C:\> Get-ChildItem | Get-Acl
Or, using the alias:
PS C:\> Dir | Get-Acl
Solution 3:
You might also take a look at AccessChk from Sysinternals. The output can be parsed much easier.
C:\Users\jeremy>accesschk myad\simmonsj c:\inetpub
Accesschk v5.11 - Reports effective permissions for securable objects
Copyright (C) 2006-2012 Mark Russinovich
Sysinternals - www.sysinternals.com
RW c:\inetpub\custerr
RW c:\inetpub\history
RW c:\inetpub\logs
RW c:\inetpub\Roadkill
RW c:\inetpub\smartadmin
RW c:\inetpub\temp
RW c:\inetpub\wwwroot
Solution 4:
dir /Q gives you the owner of the directories.