Icacls – administer NTFS permissions


Displays or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories.


icacls <FileName> [/grant[:r] <Sid>:<Perm>[...]] [/deny <Sid>:<Perm>[...]] [/remove[:g|:d]] <Sid>[...]] [/t] [/c] [/l] [/q] [/setintegritylevel <Level>:<Policy>[...]]
icacls <Directory> [/substitute <SidOld> <SidNew> [...]] [/restore <ACLfile> [/c] [/l] [/q]]
Parameter Description
<FileName> Specifies the file for which to display DACLs.
<Directory> Specifies the directory for which to display DACLs.
/t Performs the operation on all specified files in the current directory and its subdirectories.
/c Continues the operation despite any file errors. Error messages will still be displayed.
/l Performs the operation on a symbolic link versus its destination.
/q Suppresses success messages.

Example: icacls “c:\users\jshipp\*” /q /c /t /reset

Microsoft Technet link