lsacl

list access control lists for object 

Command

SYNOPSIS

lsacl [-t [fsplrkw]] [-r] object...

DESCRIPTION

lsacl lists object access control lists for a specified object. Most objects under Windows NT/2000/XP/2003/Vista/7/2008/8/2012 have ACLs controlling permissions to operate on that object. For a full list of the permissions, see chacl.

Options

-r 

operates recursively through subdirectories. This option is currently only valid when used in conjunction with the -t f option.

-t [fsprlkw

specifies the type of object. lsacl accepts the following types: 

f	file
k	kernel object
l	lmshare
p	printer
r	registry key
s	service
w	windowstation/desktop object

Registry Key Names

The registry key names that you can specify with the -t r option differ from those used by the registry command and by regedt32: 

Registry Name			lsacl Name
HKEY_CLASSES_ROOT		CLASSES_ROOT
HKEY_CURRENT_USER		CURRENT_USER
HKEY_USERS			USERS
HKEY_LOCAL_MACHINE	MACHINE
HKEY_CURRENT_CONFIG	CONFIG

EXAMPLES

To display all ACLs on all files on the c: drive, use 

lsacl -r c:/

To display the non-persistent permissions on a file system root, use 

lsacl '\\.\c:'

To display the ACL on the Windows NT/2000/XP/2003/Vista/7/2008/8/2012 schedule service, use 

lsacl -t s schedule

You may prefix the name of the service with \\machinename\ to query ACLs on a service on a different machine.

To display the ACL on a printer, use 

lsacl -t p 'hp laserjet iiisi Postscript v52.3'

You may prefix the name of the printer with \\machinename\ to query ACLs on a printer on a different machine.

To display the ACL on a registry key, use 

lsacl -t r 'CLASSES_ROOT\CLSID'

You may prefix the name of the registry key with \\machinename\ to query ACLs on a service on a different machine.

To display the ACL on a sharepoint, use 

lsacl -t l '\\machine\share'

Note: This is not the same as if you used -t f. One gives the permissions to attach to the share point; the other gives the permissions to manipulate the file system at the root point of the file system.

To display the ACL on a particular named pipe, use 

lsacl -t k '\\.\pipe'

To display the ACL on the the current windowstation, on the current desktop. 

lsacl -t w $(ws) $(ws)/$(ws -d)

DIAGNOSTICS

Possible exit status values are:

0 

Successful completion.

>0 

An error occurred.

PORTABILITY

Windows NT 4.0. Windows 2000. Windows XP. Windows Server 2003.

AVAILABILITY

MKS Toolkit for Power Users
MKS Toolkit for System Administrators
MKS Toolkit for Developers
MKS Toolkit for Interoperability
MKS Toolkit for Professional Developers
MKS Toolkit for Enterprise Developers
MKS Toolkit for Enterprise Developers 64-Bit Edition

SEE ALSO

Commands:
chacl, registry, ws

MKS Toolkit 9.5 Documentation Build 3.