快網首頁 | 虛擬主機 | 域名注冊 | 特惠套餐 | 企業郵局 | SQL空間 | IDC業務 | 全球通郵
Xcacls.vbs,Xcacls
客服中心新聞動態常見問題常用資料知識學堂走近客服在線提問網站導航
Xcacls.vbs,Xcacls
 網頁設計 | 操作系統 | 程序開發 | Dos 命令 | 平面設計 | 辦公軟件

 您的位置:快網首頁 >> 客服中心 >> 知識學堂 >> 操作系統 >> 文章正文

如何使用 Xcacls.vbs 修改 NTFS 權限
供稿:潤之康   時間:2013-6-20 11:27:04

    Microsoft 以 Microsoft Visual Basic 腳本 (Xcacls.vbs) 的形式提供了 Extended Change Access Control List(擴展更改訪問控制列表)工具 (Xcacls.exe) 的更新版本。本文分步介紹如何使用 Xcacls.vbs 腳本修改和查看文件或文件夾的 NTFS 文件系統權限。 可以從命令行使用 Xcacls.vbs 設置所有可在 Microsoft Windows 資源管理器中訪問的文件系統安全選項。Xcacls.vbs 可顯示和修改文件的訪問控制列表 (ACL)。

注意:Xcacls.vbs 只與 Microsoft Windows 2000、Microsoft Windows XP 和 Microsoft Windows Server 2003 兼容。Microsoft 不支持 Xcacls.vbs。

設置和使用 Xcacls.vbs

要設置和使用 Xcacls.vbs,請按照下列步驟操作:
從以下 Microsoft 網站獲得 Xcacls.vbs 的最新版本:
http://download.microsoft.com/download/f/7/8/f786aaf3-a37b-45ab-b0a2-8c8c18bbf483/XCacls_Installer.exe
雙擊“Xcacls_Installer.exe”。當提示您提供放置提取文件的位置時,請指定一個位于計算機的搜索路徑設置中的文件夾(如 C:\Windows)。
將默認腳本引擎從 Wscript 更改為 Cscript。(Xcacls.vbs 腳本最適合在 Cscript 下運行。)為此,請在命令提示符下鍵入以下內容,然后按 Enter:
cscript.exe /h:cscript
注意:將默認腳本引擎更改為 Cscript 只影響腳本向屏幕寫入的方式。Wscript 根據“確定”對話框分別寫入每一行。Cscript 將每一行寫入命令窗口。如果您不想更改默認腳本引擎,則必須使用以下命令運行腳本
cscript.exe xcacls.vbs
但是,如果將默認腳本更改為 Cscript,則可以使用以下命令運行該腳本:
xcacls.vbs
.
要查看 Xcacls.vbs 的命令語法,請在命令提示符處鍵入下面的命令:
xcacls.vbs /?

Xcacls.vbs 命令的語法

下面 xcacls.vbs /? 命令的輸出描述了 Xcacls.vbs 命令的語法:
Usage:
XCACLS filename [/E] [/G user:perm;spec] [...] [/R user [...]]
                [/F] [/S] [/T]
                [/P user:perm;spec [...]] [/D user:perm;spec] [...]
                [/O user] [/I ENABLE/COPY/REMOVE] [/N
                [/L filename] [/Q] [/DEBUG]

   filename            [Required] If used alone, it displays ACLs.
                       (Filename can be a filename, directory name or
                       wildcard characters and can include the whole
                       path. If path is missing, it is assumed to be
                       under the current directory.)
                       Notes:
                       - Put filename in quotes if it has spaces or
                       special characters such as &, $, #, etc.
                       - If filename is a directory, all files and
                       subdirectories under it will NOT be changed
                       unless the /F or S is present.

   /F                  [Used with Directory or Wildcard] This will change all
                       files under the inputted directory but will NOT
                       traverse subdirectories unless /T is also present.
                       If filename is a directory, and /F is not used, no
                       files will be touched.

   /S                  [Used with Directory or Wildcard] This will change all
                       subfolders under the inputted directory but will NOT
                       traverse subdirectories unless /T is also present.
                       If filename is a directory, and /S is not used, no
                       subdirectories will be touched.

   /T                  [Used only with a Directory] Traverses each
                       subdirectory and makes the same changes.
                       This switch will traverse directories only if the
                       filename is a directory or is using wildcard characters.
   /E                  Edit ACL instead of replacing it.

   /G user:GUI         Grant security permissions similar to Windows GUI
                       standard (non-advanced) choices.
   /G user:Perm;Spec   Grant specified user access rights.
                       (/G adds to existing rights for user)

                       User: If User has spaces in it, enclose it in quotes.
                             If User contains #machine#, it will replace
                             #machine# with the actual machine name if it is a
                             non-domain controller, and replace it with the
                             actual domain name if it is a domain controller.

                             New to 3.0: User can be a string representing
                             the actual SID, but MUST be lead by SID#
                             Example: SID#S-1-5-21-2127521184-160...
                                      (SID string shown has been shortened)
                                      (If any user has SID# then globally all
                                       matches must match the SID (not name)
                                       so if your intention is to apply changes
                                       to all accounts that match Domain\User
                                       then do not specify SID# as one of the
                                       users.)

                       GUI: Is for standard rights and can be:
                             Permissions...
                                    F  Full control
                                    M  Modify
                                    X  read and eXecute
                                    L  List folder contents
                                    R  Read
                                    W  Write
                             Note: If a ; is present, this will be considered
                             a Perm;Spec parameter pair.

                       Perm: Is for "Files Only" and can be:
                             Permissions...
                                    F  Full control
                                    M  Modify
                                    X  read and eXecute
                                    R  Read
                                    W  Write
                             Advanced...
                                    D  Take Ownership
                                    C  Change Permissions
                                    B  Read Permissions
                                    A  Delete
                                    9  Write Attributes
                                    8  Read Attributes
                                    7  Delete Subfolders and Files
                                    6  Traverse Folder / Execute File
                                    5  Write Extended Attributes
                                    4  Read Extended Attributes
                                    3  Create Folders / Append Data
                                    2  Create Files / Write Data
                                    1  List Folder / Read Data
                       Spec is for "Folder and Subfolders only" and has the
                       same choices as Perm.

   /R user             Revoke specified user's access rights.
                       (Will remove any Allowed or Denied ACL's for user.)

   /P user:GUI         Replace security permissions similar to standard choices.

   /P user:perm;spec   Replace specified user's access rights.
                       For access right specification see /G option.
                       (/P behaves like /G if there are no rights set for user.)

   /D user:GUI         Deny security permissions similar to standard choices.
   /D user:perm;spec   Deny specified user access rights.
                       For access right specification see /G option.
                       (/D adds to existing rights for user.)

   /O user             Change the Ownership to this user or group.

   /I switch           Inheritance flag.  If omitted, the default is to not touch
                       Inherited ACL's. Switch can be:
                          ENABLE - This will turn on the Inheritance flag if
                                   it is not on already.
                          COPY   - This will turn off the Inheritance flag and
                                   copy the Inherited ACL's
                                   into Effective ACL's.
                          REMOVE - This will turn off the Inheritance flag and
                                   will not copy the Inherited
                                   ACL's.  This is the opposite of ENABLE.
                          If switch is not present, /I will be ignored and
                          Inherited ACL's will remain untouched.

   /L filename         Filename for Logging. This can include a path name
                       if the file is not under the current directory.
                       File will be appended to, or created if it does not
                       exit. Must be Text file if it exists or error will occur.

                       If filename is omitted, the default name of XCACLS will
                       be used.

   /Q                  Turn on Quiet mode.  By default, it is off.
                       If it is turned on, there will be no display to the screen.


   /DEBUG              Turn on Debug mode. By default, it is off.
                       If it is turned on, there will be more information
                       displayed and/or logged. Information will show
                       Sub/Function Enter and Exit as well as other important
                       information.

   /SERVER servername  Enter a remote server to run script against.

   /USER username      Enter Username to impersonate for Remote Connections
                            (requires PASS switch).  Will be ignored if it is for a Local Connection.

   /PASS password      Enter Password to go with USER switch
                            (requires USER switch).


Wildcard characters can be used to specify more than one file in a command, such as:
                                *       Any string of zero or more characters
                                ?       Any single character

You can specify more than one user in a command.
You can combine access rights.


使用 Xcacls.vbs 查看權限


Xcacls.vbs 還可用于查看文件或文件夾的權限。 例如,如果您有一個名為 C:\Test 的文件夾,在命令提示符處鍵入以下命令以查看文件夾權限,然后按 Enter:
xcacls.vbs c:\test
下面的示例是一個典型結果:
C:\>XCACLS.VBS c:\test
Microsoft (R) Windows Script Host 5.6
版權所有 (C) Microsoft Corporation 1996-2001。保留所有權利。

Starting XCACLS.VBS (Version: 3.4) Script at 6/11/2003 10:55:21 AM

Startup directory:
"C:\test"

Arguments Used:
Filename = "c:\test"

 

**************************************************************************
Directory:C:\test

Permissions:
Type     Username                Permissions           Inheritance

Allowed  BUILTIN\Administrators  Full Control          This Folder, Subfolde
Allowed  NT AUTHORITY\SYSTEM     Full Control          This Folder, Subfolde
Allowed  Domain1\User1           Full Control          This Folder Only
Allowed  \CREATOR OWNER          Special (Unknown)     Subfolders and Files
Allowed  BUILTIN\Users           Read and Execute      This Folder, Subfolde
Allowed  BUILTIN\Users           Create Folders / Appe This Folder and Subfo
Allowed  BUILTIN\Users           Create Files / Write  This Folder and Subfo

No Auditing set

Owner:Domain1\User1


注意:在該示例中,xcacls.vbs c:\test 命令的輸出與顯示在圖形用戶界面 (GUI) 的文本一致。命令窗口的一些文字不完整。

輸出還給出了腳本的版本、啟動目錄和使用的參數。

您還可以使用通配符來顯示目錄下匹配的文件。例如,如果鍵入以下命令,將會顯示 C:\Test 文件夾中所有具有“.log”擴展名的文件:
xcacls.vbs c:\test\*.log
示例


下列 Xcacls.vbs 命令提供 Xcacls.vbs 用法的一些示例:

xcacls.vbs c:\test\ /g domain\testuser1:f /f /t /e
該命令可編輯現有權限。它授予 Domain\TestUser1 完全控制 C:\Test 下所有文件的權限,遍歷 C:\Test 下的子文件夾,然后更改找到的所有文件。該命令不觸及目錄。
xcacls.vbs c:\test\ /g domain\testuser1:f /s /l "c:\xcacls.log"
該命令可替換現有權限。它授予 Domain\TestUser1 完全控制 C:\Test 下所有子文件夾的權限,而且記錄到 C:\Xcacls.log。該命令不觸及文件,并且不遍歷目錄。
xcacls.vbs c:\test\readme.txt /o "machinea\group1"
該命令將自述文件的所有者更改為組 MachineA\Group1。
xcacls.vbs c:\test\badcode.exe /r "machinea\group1" /r "domain\testuser1"
該命令撤消 MachineA\Group1 和 Domain\TestUser1 的 C:\Test\Badcode.exe 權限。
xcacls.vbs c:\test\subdir1 /i enable /q
該命令將打開文件夾 C:\Test\Subdir1 上的繼承。該命令將取消任何屏幕輸出。
xcacls.vbs \\servera\sharez\testpage.htm /p "domain\group2":14
此命令通過使用 Windows Management Instrumentation (WMI) 遠程連接到 \\ServerA\ShareZ。然后獲取用于該共享的本地路徑,在該路徑下,它更改 Testpage.htm 上的權限。它原封保留 Domain\Group2 的現有權限,但是添加權限 1(讀取數據)和權限 4(讀取擴展屬性)。該命令放棄此文件上的其他權限,原因是未使用 /e 開關。
xcacls.vbs d:\default.htm /g "domain\group2":f /server servera /user servera\admin /pass password /e
該命令使用 WMI 作為 ServerA\Admin 遠程連接到 ServerA,然后將 Default.htm 上的完全權限授予 Domain\Group2。Domain\Group2 的現有權限丟失,但保留文件上的其他權限。


快網保留以上說明的最終解釋權
快網,域名注冊,虛擬主機,ASP空間,企業郵局,SQL空間,主機租用,主機托管
   
熱門搜索:FTP 域名 DNS 備案 空間 郵箱 SQL 主機 快網 中文域名 虛擬主機
快網,域名注冊,虛擬主機,ASP空間,企業郵局,SQL空間,主機租用,主機托管
快網客服中心的相關信息:
v iis7 錯誤提示 0x80090005 [2012-11-6 14:40:28]
v netsh ipsec 安全策略配置 [2012-8-11 9:24:31]
v 使用Diskpart來動態擴展硬盤分區 [2012-5-1 16:02:26]
v 如何在Vista、Win7和2008中禁用IPv6協議 [2011-8-23 11:07:54]
v 遠程連接mysql速度慢的解決方法 [2011-5-5 11:10:04]
快網,域名注冊,虛擬主機,ASP空間,企業郵局,SQL空間,主機租用,主機托管
快網,域名注冊,虛擬主機,ASP空間,企業郵局,SQL空間,主機租用,主機托管
如果您在使用我們的產品中遇到問題,建議您首先在“常見問題”中查詢解決方法;
如果沒有找到該問題的解決方法,您可以在“問題搜索”中進行搜索;
如果搜索后沒有找到滿意答案,您可以“在線提問”,我們會盡快給您答復。
快網,域名注冊,虛擬主機,ASP空間,企業郵局,SQL空間,主機租用,主機托管
域名注冊查詢中文域名轉碼
域名whois查詢網站PR值查詢
快網,域名注冊,虛擬主機,ASP空間,企業郵局,SQL空間,主機租用,主機托管

:::::: | 收藏本站 | 關于我們 | 客服中心 | 付款方式 | 聯系我們 | 網站律師 | 工作機會 | 網站地圖 | 產品管理 | ::::::

Copyright (C) 2003-2008 天津追日科技發展有限公司  Cnkuai.cn  快網.cn  中國快網.cn
野草社区在线观看_三分钟免费观看视频_日本最新免费二区三区