设置高级NTFS权限的工具 XCACLS.vbs
作者 佚名
来源 批处理
浏览
发布时间 2013-07-09
http://support.microsoft.com/kb/825751 Microsoft 以 Microsoft Visual Basic 脚本 (Xcacls.vbs) 的形式提供了 Extended Change Access Control List(扩展更改访问控制列表)工具 (Xcacls.exe) 的更新版本。本文分步介绍如何使用 Xcacls.vbs 脚本修改和查看文件或文件夹的 NTFS 文件系统权限。 可以从命令行使用 Xcacls.vbs 设置所有可在 Microsoft Windows 资源管理器中访问的文件系统安全选项。Xcacls.vbs 可显示和修改文件的访问控制列表 (ACL)。 注意:Xcacls.vbs 只与 Microsoft Windows 2000、Microsoft Windows XP 和 Microsoft Windows Server 2003 兼容。Microsoft 不支持 Xcacls.vbs。 回到顶端 设置和使用 Xcacls.vbs 要设置和使用 Xcacls.vbs,请按照下列步骤操作: 从以下 Microsoft 网站获得 Xcacls.vbs 的最新版本: http://download.microsoft.com/download/f/7/8/f786aaf3-a37b-45ab-b0a2-8c8c18bbf483/XCacls_Installer.exe (http://download.microsoft.com/download/f/7/8/f786aaf3-a37b-45ab-b0a2-8c8c18bbf483/xcacls_installer.exe) 双击“Xcacls_Installer.exe”。当提示您提供放置提取文件的位置时,请指定一个位于计算机的搜索路径设置中的文件夹(如 C:\Windows)。 将默认脚本引擎从 Wscript 更改为 Cscript。(Xcacls.vbs 脚本最适合在 Cscript 下运行。)为此,请在命令提示符下键入以下内容,然后按 Enter: cscript.exe /h:cscript 注意:将默认脚本引擎更改为 Cscript 只影响脚本向屏幕写入的方式。Wscript 根据“确定”对话框分别写入每一行。Cscript 将每一行写入命令窗口。如果您不想更改默认脚本引擎,则必须使用以下命令运行脚本 cscript.exe xcacls.vbs 但是,如果将默认脚本更改为 Cscript,则可以使用以下命令运行该脚本: xcacls.vbs . 要查看 Xcacls.vbs 的命令语法,请在命令提示符处键入下面的命令: xcacls.vbs /? Xcacls.vbs 命令的语法 下面 xcacls.vbs /? 命令的输出描述了 Xcacls.vbs 命令的语法: 复制代码 代码如下: Usage: XCACLS filename [/E] [/G user:perm;spec] [...] [/R user [...]] [/F] [/S] [/T] [/P user:perm;spec [...]] [/D user:perm;spec] [...] [/O user] [/I ENABLE/COPY/REMOVE] [/N [/L filename] [/Q] [/DEBUG] filename [Required] If used alone, it displays ACLs. (Filename can be a filename, directory name or wildcard characters and can include the whole path. If path is missing, it is assumed to be under the current directory.) Notes: - Put filename in quotes if it has spaces or special characters such as &, $, #, etc. - If filename is a directory, all files and subdirectories under it will NOT be changed unless the /F or S is present. /F [Used with Directory or Wildcard] This will change all files under the inputted directory but will NOT traverse subdirectories unless /T is also present. If filename is a directory, and /F is not used, no files will be touched. /S [Used with Directory or Wildcard] This will change all subfolders under the inputted directory but will NOT traverse subdirectories unless /T is also present. If filename is a directory, and /S is not used, no subdirectories will be touched. /T [Used only with a Directory] Traverses each subdirectory and makes the same changes. This switch will traverse directories only if the filename is a directory or is using wildcard characters. /E Edit ACL instead of replacing it. /G user:GUI Grant security permissions similar to Windows GUI standard (non-advanced) choices. /G user:Perm;Spec Grant specified user access rights. (/G adds to existing rights for user) User: If User has spaces in it, enclose it in quotes. If User contains #machine#, it will replace #machine# with the actual machine name if it is a non-domain controller, and replace it with the actual domain name if it is a domain controller. New to 3.0: User can be a string representing the actual SID, but MUST be lead by SID# Example: SID#S-1-5-21-2127521184-160... (SID string shown has been shortened) (If any user has SID# then globally all matches must match the SID (not name) so if your intention is to apply changes to all accounts that match Domain\User then do not specify SID# as one of the users.) GUI: Is for standard rights and can be: Permissions... F Full control M Modify X read and eXecute L List folder contents R Read W Write Note: If a ; is present, this will be considered a Perm;Spec parameter pair. Perm: Is for "Files Only" and can be: Permissions... F Full control M Modify X read and eXecute R Read W Write Advanced... D Take Ownership C Change Permissions B Read Permissions A Delete 9 Write Attributes 8 Read Attributes 7 Delete Subfolders and Files 6 Traverse Folder / Execute File 5 Write Extended Attributes 4 Read Extended Attributes 3 Create Folders / Append Data 2 Create Files / Write Data 1 List Folder / Read Data Spec is for "Folder and Subfolders only" and has the same choices as Perm. /R user Revoke specified user''s access rights. (Will remove any Allowed or Denied ACL''s for user.) /P user:GUI Replace security permissions similar to standard choices. /P user:perm;spec Replace specified user''s access rights. For access right specification see /G option. (/P behaves like /G if there are no rights set for user.) /D user:GUI Deny security permissions similar to standard choices. /D user:perm;spec Deny specified user access rights. For access right specification see /G option. (/D adds to existing rights for user.) /O user Change the Ownership to this user or group. /I switch Inheritance flag. If omitted, the default is to not touch Inherited ACL''s. Switch can be: ENABLE - This will turn on the Inheritance flag if it is not on already. COPY - This will turn off the Inheritance flag and copy the Inherited ACL''s into Effective ACL''s. REMOVE - This will turn off the Inheritance flag and will not copy the Inherited ACL''s. This is the opposite of ENABLE. If switch is not present, /I will be ignored and Inherited ACL''s will remain untouched. /L filename Filename for Logging. This can include a path name if the file is not under the current directory. File will be appended to, or created if it does not exit. Must be Text file if it exists or error will occur. If filename is omitted, the default name of XCACLS will be used. /Q Turn on Quiet mode. By default, it is off. If it is turned on, there will be no display to the screen. /DEBUG Turn on Debug mode. By default, it is off. If it is turned on, there will be more information displayed and/or logged. Information will show Sub/Function Enter and Exit as well as other important information. /SERVER servername Enter a remote server to run script against. /USER username Enter Username to impersonate for Remote Connections (requires PASS switch). Will be ignored if it is for a Local Connection. /PASS password Enter Password to go with USER switch (requires USER switch). Wildcard characters can be used to specify more than one file in a command, such as: * Any string of zero or more characters ? Any single character You can specify more than one user in a command. You can combine access rights. |
凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务,公司网站:http://www.lingzhong.cn 为了给广大客户了解更多的技术信息,本技术文章收集来源于网络,凌众科技尊重文章作者的版权,如果有涉及你的版权有必要删除你的文章,请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢! |
你可能对下面的文章感兴趣
上一篇: 用批处理实现的删除特定时间以前的文件下一篇: 用DOS命令判断磁盘分区是否为NTFS格式
关于设置高级NTFS权限的工具 XCACLS.vbs的所有评论