Appendix B: Icacls and File Integrity Levels
Icacls is a command-line tool that you can use to manage the security settings on files. The Windows Vista version of Icacls supports mandatory labels on files.
|icacls.exe is an update to an older program, cacls.exe. Cacls.exe does not recognize mandatory labels.|
You can use Icacls to view and set the integrity level for a file. Icacls displays the integrity level SID for a file if the file has an explicit mandatory label ACE. Icacls does not show the integrity level SID for the implicit default integrity level. Icacls will use the NO_WRITE_UP integrity policy only when setting the integrity level of a file.
The following image shows an example of using Icacls to view or set the integrity level of a file.
Figure 11 Icacls and mandatory labels