In computing, cacls and its replacement, icacls, are Microsoft Windows native command line utilities capable of displaying and modifying the security descriptors on folders and files. An access control list is a list of permissions for securable object, such as a file or folder, that controls who can access it.
The cacls.exe utility is a deprecated command line editor of directory and file security descriptors in Windows NT 3.5 and later operating systems of the Windows NT family. Microsoft has produced the following newer utilities, some also subsequently deprecated, that offer enhancements to support changes introduced with version 3.0 of the NTFS filesystem:
Stands for Integrity Control Access Control List. Windows Server 2003 Service Pack 2 and later include icacls, an in-box command-line utility that can display, modify, backup and restore ACLs for files and folders, as well as to set integrity levels and ownership in Vista and later versions. It is not a complete replacement for cacls, however. For example, it does not support Security Descriptor Definition Language (SDDL) syntax directly via command line parameters (only via the /restore option).
All known versions of icacls have a serious bug: on objects with protected ACLs, icacls