Paul's Internet Landfill/ 2010/ Changing Windows XP Permissions from the Command Line

Chaning Windows XP Permissions from the Command Line

Now that Windows XP is obsolete and everybody is using Windows 7, here's a tip that might have made your life easier if I had shared it sooner.

In Windows XP, you can run most programs as an administrative user by right-clicking and choosing Run As. However, as far as I know you cannot run Windows Explorer this way, which really gets aggravating when diagnosing file permission problems. My workflow has been to log in as the affected user, check whether the permissions work, find a problem, then log in as an administrative user to change the permissions, then log back in as the affected user again. Long-time Windows users are used to this dance; their patience for their preferred operating system is infinite. But I come from the Linux/UNIX world, and I am used to opening a terminal window, running su - or sudo, and performing administrative tasks without having to log out and log back in.

As usual, Microsoft has come through for us. Sure, it's a pretty obscure trick, but it shows that our benevolent masters have only our best interests at heart. (Further evidence is that running commands as administrator is much easier in Windows 7.)

The first part of the trick is the runas command. Open a command shell (Start -> Run -> cmd) and then type

runas /user:username cmd

If my domain is contoso and my administrator is admin, this would be

runas /user:contoso\admin cmd

This will open up a new cmd window logged in as the administrative user. (Come to think of it, maybe right-clicking the icon and choosing Run As might work too. Oops.)

Now that you have a command-line window running as an administrative user, you can launch programs as that user, which itself is useful in troubleshooting problems. You can also change file permissions using the cacls command. Typing cacls alone will give you a good summary of the command (make your terminal window tall to see it all), but here is an example. To change a folder Secrets so that user eve has full access to it and its contents recursively, first navigate to the parent folder and then type

cacls Secrets /E /T /G eve:f

You should one line be printed for the folder and all of its contents.