什麼是 ICACLS ? 遇到需管理員權限才能刪除的檔案怎麼辦? 開不了USB 或HARDDISK 可能和使用者權限有關!
什麼是 ICACLS
? 遇到需管理員權限才能刪除的檔案怎麼辦? 開不了USB 或HARDDISK 可能和使用者權限有關!
ICACLS
CMD 命令是一個 Windows 命令行實用程式,允許使用者管理和修改檔和資料夾許可權。它是一個功能強大的工具,可用於控制對計算機上的檔和資料夾的訪問,以及授予或拒絕對特定使用者或組的訪問。ICACLS 命令可用於設置或修改本地和遠端檔和資料夾的許可權。
Access
control entry(ACE) 是一套記錄或許可權規則,用於控制使用者/組對檔對象的各個許可權級別。
基本許可權:
完全存取 (F)
修改存取權限 (M)(包括“刪除”)
讀取與執行存取 (RX)
唯讀取 (R)
只寫入 (W)
ICACLS 命令列如下:
Parameter |
Description |
<filename> |
Specifies
the file for which to display or modify DACLs. |
<directory> |
Specifies
the directory for which to display or modify DACLs. |
/t |
Performs the
operation on all specified files in the current directory and its
subdirectories. |
/c |
Continues
the operation despite any file errors. Error messages will still be
displayed. |
/l |
Performs the
operation on a symbolic link instead of its destination. |
/q |
Suppresses
success messages. |
[/save
<ACLfile> [/t] [/c] [/l] [/q]] |
Stores DACLs
for all matching files into an access control list (ACL) file for later use
with /restore. |
[/setowner
<username> [/t] [/c] [/l] [/q]] |
Changes the
owner of all matching files to the specified user. |
[/findsid
<sid> [/t] [/c] [/l] [/q]] |
Finds all
matching files that contain a DACL explicitly mentioning the specified
security identifier (SID). |
[/verify
[/t] [/c] [/l] [/q]] |
Finds all
files with ACLs that are not canonical or have lengths inconsistent with
access control entry (ACE) counts. |
[/reset [/t]
[/c] [/l] [/q]] |
Replaces
ACLs with default inherited ACLs for all matching files. |
[/grant[:r]
<sid>:<perm>[...]] |
Grants
specified user access rights. Permissions replace previously granted explicit
permissions. Not adding
the :r, means that permissions are added to any previously
granted explicit permissions. |
[/deny
<sid>:<perm>[...]] |
Explicitly
denies specified user access rights. An explicit deny ACE is added for the
stated permissions and the same permissions in any explicit grant are
removed. |
[/remove[:g
| :d]] <sid>[...] [/t] [/c] [/l] [/q] |
Removes all
occurrences of the specified SID from the DACL. This command can also use: ·
:g -
Removes all occurrences of granted rights to the specified SID. ·
:d -
Removes all occurrences of denied rights to the specified SID. |
[/setintegritylevel
[(CI)(OI)] <Level>:<Policy>[...]] |
Explicitly
adds an integrity ACE to all matching files. The level can be specified as: ·
l - Low ·
m- Medium ·
h - High Inheritance
options for the integrity ACE may precede the level and are applied only to
directories. |
[/substitute
<sidold><sidnew> [...]] |
Replaces an
existing SID (sidold) with a new SID (sidnew). Requires using
with the <directory> parameter. |
/restore
<ACLfile> [/c] [/l] [/q] |
Applies
stored DACLs from <ACLfile> to
files in the specified directory. Requires using with the <directory> parameter. |
/inheritancelevel:
[e | d | r] |
Sets the
inheritance level, which can be: ·
e -
Enables inheritance ·
d -
Disables inheritance and copies the ACEs ·
r -
Disables inheritance and removes only inherited ACEs |
From
Microsoft website: icacls | Microsoft Learn)
遇到需管理員權限才能刪除的檔案怎麼辦?
用window 的search 打入CMD 然後按右鍵以管理員身份登入,然後打
icacls
example.exe /setintegritylevel Medium (example 為檔案名)
這個指令能提高檔案權限,有機會可以刪除檔案
至於開不了USB 或HARDDISK 可能和使用者權限有關,可更改FILE 屬性
內的設定再加上指令:
icacls C:\*.* /reset /t |
(c 是開不到的那個DRIVE, 如是其他DRIVE, 請打相關英文字母)
請參考筆者在網上看了一個非常好的教學,借分享一下:
留言
張貼留言