lsacl

list access control lists for object 

Command


SYNOPSIS

lsacl [-t [fsplrkw]] [-r] object...


DESCRIPTION

lsacl lists object access control lists for a specified object. Most objects under 7/2008R2/8/2012/10/2016 have ACLs controlling permissions to operate on that object. For a full list of the permissions, see chacl.

Options

-r 

operates recursively through subdirectories. This option is currently only valid when used in conjunction with the -t f option.

-t [fsprlkw

specifies the type of object. lsacl accepts the following types:

f	file
k	kernel object
l	lmshare
p	printer
r	registry key
s	service
w	windowstation/desktop object

Registry Key Names

The registry key names that you can specify with the -t r option differ from those used by the registry command and by regedt32:

Registry Name			lsacl Name
HKEY_CLASSES_ROOT		CLASSES_ROOT
HKEY_CURRENT_USER		CURRENT_USER
HKEY_USERS			USERS
HKEY_LOCAL_MACHINE	MACHINE
HKEY_CURRENT_CONFIG	CONFIG

EXAMPLES

To display all ACLs on all files on the c: drive, use

lsacl -r c:/

To display the non-persistent permissions on a file system root, use

lsacl '\\.\c:'

To display the ACL on the 7/2008R2/8/2012/10/2016 schedule service, use

lsacl -t s schedule

You may prefix the name of the service with \\machinename\ to query ACLs on a service on a different machine.

To display the ACL on a printer, use

lsacl -t p 'hp laserjet iiisi Postscript v52.3'

You may prefix the name of the printer with \\machinename\ to query ACLs on a printer on a different machine.

To display the ACL on a registry key, use

lsacl -t r 'CLASSES_ROOT\CLSID'

You may prefix the name of the registry key with \\machinename\ to query ACLs on a service on a different machine.

To display the ACL on a sharepoint, use

lsacl -t l '\\machine\share'

Note: This is not the same as if you used -t f. One gives the permissions to attach to the share point; the other gives the permissions to manipulate the file system at the root point of the file system.

To display the ACL on a particular named pipe, use

lsacl -t k '\\.\pipe'

To display the ACL on the the current windowstation, on the current desktop.

lsacl -t w $(ws) $(ws)/$(ws -d)

DIAGNOSTICS

Possible exit status values are:

0 

Successful completion.

>0 

An error occurred.


PORTABILITY

Windows 7. Windows Server 2008 R2. Windows 8. Windows Server 2012. Windows 10. Windows Server 2016.


AVAILABILITY

PTC MKS Toolkit for Power Users
PTC MKS Toolkit for System Administrators
PTC MKS Toolkit for Developers
PTC MKS Toolkit for Interoperability
PTC MKS Toolkit for Professional Developers
PTC MKS Toolkit for Professional Developers 64-Bit Edition
PTC MKS Toolkit for Enterprise Developers
PTC MKS Toolkit for Enterprise Developers 64-Bit Edition


SEE ALSO

Commands:
chacl, registry, ws


PTC MKS Toolkit 10.1 Documentation Build 15.