🔐

Folder Permissions Management

Jul 20, 2025

Overview

This lecture explains how to change folder permissions in Windows for specific users or groups, both through the graphical interface and the command line, using the icacls tool.

Changing Permissions through the GUI

  • Right-click the folder, select Properties, then go to the Security tab to access file permissions.
  • Click Edit to open the ACL (Access Control List) settings.
  • Click Add to enter a username, verify it, and add the user to the ACL.
  • Select the user and check the Allow boxes for desired permissions (e.g., Modify for full editing access).
  • The Deny option immediately overrides any Allow permissions, even if they exist at group level.

Changing Permissions via Command Line (icacls)

  • Use the icacls command to grant, modify, or remove permissions from the command line.
  • In PowerShell, enclose parameters in single quotes (e.g., icacls 'Vacation Pictures' /grant 'Everyone:(OI)(CI)R').
  • In Command Prompt, use double quotes for paths and omit single quotes for parameters.
  • (OI) and (CI) stand for Object Inherit and Container Inherit, applying permissions to files and folders inside the directory.
  • Use /grant to assign permissions (e.g., Modify: M, Read: R).
  • Use /remove to remove permissions from a user or group.

Using Groups for Permissions

  • To allow all users (including guests) to read a folder, grant permissions to the group "Everyone".
  • Guest users, who usually don't require passwords, are included in "Everyone" by default but are disabled unless explicitly enabled.
  • To restrict access to only users with passwords, grant permissions to the "Authenticated Users" group instead of "Everyone".
  • Remove permissions for "Everyone" if you only want authenticated users to have access.

Verifying Permissions

  • Run icacls <folder> to view current permissions and confirm changes are set as desired.

Key Terms & Definitions

  • ACL (Access Control List) — A list of users/groups and their permissions for a file or folder.
  • DACL — Discretionary ACL, the part of the ACL that defines permissions.
  • icacls — Command-line tool to view and modify file and folder permissions in Windows.
  • Authenticated Users — Group including all users with password-protected accounts.
  • Everyone — Group including all users (local, guests, and authenticated).

Action Items / Next Steps

  • Practice changing folder permissions for a specific user using both the GUI and icacls.
  • Try granting read permissions to "Authenticated Users" and removing them from "Everyone" on a test folder.
  • Run icacls <folder> to verify the changes made.

View note sourcehttps://d3c33hcgiwev3.cloudfront.net/nu5mZ_RuQT-K7741cuCr6g.processed/full/720p/index.mp4?Expires=1753142400&Signature=QbZnwDRCK4wN3L53K6k5G8wDzNSVe8qRh5IGNy1iSD62dRz9VjeLZLD1XBiTv4RE4Vg1SVNwbkCtCO59g86RoQ94txe6OZOQqHYpqvF27-3vM6nLWTZC4RXSF1nVD8IkXLmetWOjzdjZzlD5GLl2Pd91yYuDUE~03ML0bkhgyus_&Key-Pair-Id=APKAJLTNE6QMUY6HBC5A