Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Appendix B: Icacls and File Integrity Levels

Icacls is a command-line tool that you can use to manage the security settings on files. The Windows Vista version of Icacls supports mandatory labels on files.

icacls.exe is an update to an older program, cacls.exe. Cacls.exe does not recognize mandatory labels.

You can use Icacls to view and set the integrity level for a file. Icacls displays the integrity level SID for a file if the file has an explicit mandatory label ACE. Icacls does not show the integrity level SID for the implicit default integrity level. Icacls will use the NO_WRITE_UP integrity policy only when setting the integrity level of a file.

The following image shows an example of using Icacls to view or set the integrity level of a file.

Figure 11   Icacls and mandatory labels

© 2015 Microsoft