Cacls

In Microsoft Windows,  , and its replacement  , are native command-line utilities capable of displaying and modifying the security descriptors on folders and files. An access-control list is a list of permissions for securable object, such as a file or folder, that controls who can access it. The  command is also available on ReactOS.

cacls
The cacls.exe utility is a deprecated command line editor of directory and file security descriptors in Windows NT 3.5 and later operating systems of the Windows NT family. Microsoft has produced the following newer utilities, some also subsequently deprecated, that offer enhancements to support changes introduced with version 3.0 of the NTFS filesystem:
 * xcacls.exe   is supported by Windows 2000 and later and adds new features like setting Execute, Delete and Take Ownership permissions
 * xcacls.vbs
 * fileacl.exe
 * icacls.exe (included in Windows Server 2003 SP2 and later)
 * SubInAcl.exe - Resource Kit utility to set and replace permissions on various type of objects including files, services and registry keys
 * Windows PowerShell (Get-Acl and Set-Acl cmdlets)

The ReactOS version was developed by Thomas Weidenmueller and is licensed under the GNU Lesser General Public License.

icacls
Stands for Integrity Control Access Control List. Windows Server 2003 Service Pack 2 and later include icacls, an in-box command-line utility that can display, modify, backup and restore ACLs for files and folders, as well as to set integrity levels and ownership in Vista and later versions. It is not a complete replacement for cacls, however. For example, it does not support Security Descriptor Definition Language (SDDL) syntax directly via command line parameters (only via the /restore option).