Windows Permissions: Tools & Management

TL;DR

Yes, there are several applications to help manage Windows permissions. This guide covers built-in tools and popular third-party options, ranging from simple file/folder control to advanced user rights assignment.

Managing Windows Permissions: A Practical Guide

1. Understand the Basics
   • Windows permissions control who can do what with files, folders and system resources.
   • Key permission types include Read, Write, Execute, Modify, Full Control.
   • Permissions are inherited from parent folders by default – this is important to remember!
2. Built-in Tools: File Explorer

   The simplest way to manage permissions for files and folders.

   1. Right-click the file or folder, select ‘Properties’.
   2. Go to the ‘Security’ tab.
   3. Click ‘Edit…’ to change permissions for users/groups.
   4. Add users/groups and assign specific permission checkboxes (Read & Execute, Write, Modify, Full Control).
3. Built-in Tools: icacls Command Line

   For scripting and advanced control.

   icacls "C:PathToFolder" /grant username:(OI)(CI)F

   This command grants ‘Full Control’ (F) to the specified user (‘username’) on the folder and all subfolders/files within it (OI = Object Inherit, CI = Container Inherit). Replace “C:PathToFolder” with the actual path.

   icacls "C:PathToFile.txt" /remove username

   This removes all permissions for ‘username’ from the file.

4. Built-in Tools: Local Users and Groups (lusrmgr.msc)

   Manage user accounts, groups, and assign users to groups with predefined rights.

   • Press Win+R, type lusrmgr.msc and press Enter.
   • Expand ‘Users’ or ‘Groups’.
   • Right-click a user/group, select ‘Properties’.
   • Go to the ‘Member Of’ tab to add/remove group memberships. Group membership dictates many system permissions.
5. Third-Party Applications: AccessEnum

   A free tool for auditing and reporting on effective permissions.

   • Download from AccessEnum.
   • Run the application as an administrator.
   • Select the target object (file, folder, registry key, etc.).
   • View detailed permission information, including effective permissions for each user/group.
6. Third-Party Applications: SysTools ACL Manager

   A commercial tool offering a GUI for managing permissions.

   • Provides an easier interface than icacls, with features like permission comparison and backup/restore.
   • Suitable for users who prefer a visual approach to complex permission management tasks.
7. Third-Party Applications: PowerGREP

   Powerful search tool that can also be used to find files with specific permissions.

   • Useful for identifying files/folders where permissions need correcting.
   • Can output results in various formats for further analysis.