ShellSpells
  • 🧙‍♂️Welcome!
    • ShellSpells
    • FAQs
    • License & Disclaimer
  • 🐧Linux
    • System Ops
      • Transcripts
      • Help
      • System Info
        • Date/Time
        • System Details
        • Patches & Updates
        • Init System Identification
        • Hostname / Host ID
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Shares
        • Packages
        • Connected Devices
        • Kernel Modules (Drivers)
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Jobs
        • Enumerate
        • Modify
      • Processes
        • Enumerate
        • Modify
        • Custom Script and Shared Object
        • Process I/O Redirection
      • Services
        • Enumerate
        • Modify
        • Create a Service
      • Startup/Boot Scripts
        • Enumerate
        • Modify
      • Security
        • Antivirus
        • Firewall
        • SSH Keys
      • History & Logs
        • History
        • Logs
    • File Ops
      • Search
        • Filename
        • Content
        • Users (Owners)
        • Time
        • Size
        • Permission
        • Hidden Files
        • Inode
        • Find + Exec
        • Notes
      • Enumerate Metadata
      • Modify Metadata
      • Read Content
      • Modify Content
      • Extract Content
      • Sort / Compare / Count
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
    • Terminal Ops
      • Keyboard Shortcuts
      • Tmux Shortcuts
  • 🪟Windows
    • System Ops
      • Transcripts
      • Help
      • System Info
        • One-liners
        • Date/Time
        • System Details
        • Hotfixes
        • Domain or Workgroup
        • Data Execution Prevention
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Installed Software
        • Drivers
        • Shares
      • Registry
        • Enumerate
        • Modify
        • Forensically Relevant Keys
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Tasks
      • Processes
        • Enumerate
        • Modify
      • Services
        • Enumerate
        • Modify
      • Autorun / Startup
        • Enumerate
        • Modify
      • Security
        • Permissions
          • Enumerate
          • Page
        • Antivirus
        • Firewall
          • Enumerate
          • Modify
        • Audit Policies
        • Remoting
          • Enumerate
          • Modify
          • Registry Locations
        • Stored Credentials
      • Remote Command Execution
      • Active Directory
        • Enumerate
        • Modify
      • History & Logs
        • History
        • Logs
      • PowerShell Config
      • Scripting
      • WMIC Notes
    • File Ops
      • Search
        • Filename
        • Time
        • Size
        • Permissions
        • Attributes
        • Wildcarding
      • Enumerate Metadata
        • One Liners
        • Users (Owners)
        • Timestamps
        • Size
        • Permissions
        • Attributes
      • Modify Metadata
        • Change Owner
        • Timestamps
        • Size
        • Attributes
      • Read Content
      • Modify Content
        • Overwrite
        • Insert
        • Append
        • Replace / Remove
        • Convert Case
        • Alternate Data Streams
      • Extract Content
      • Sort / Compare / Count
        • Sort
        • Count
        • Compare
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
      • Output Formatting / Filtering
      • File Formatting
      • Operators
  • ⛓️Network
    • Traffic Manipulation
      • iptables
        • Option List
        • General Commands
        • Filter Tables
        • NAT
        • Mangle
        • Filter for SSH Traffic (Example)
      • nftables
    • Packet Capture
      • Syntax
      • TCPDump Examples
    • Packet Analysis
      • Wireshark
  • 🚗Maneuver
    • SSH
    • Control Sockets
    • RDP
    • Windows Port Proxy
  • 🛩️Data Transfer
    • SCP
    • FTP
    • Netcat
      • Netcat Relays
    • Server Interactions
    • Alternate Methods
  • 🪄REGEX
    • Examples
Powered by GitBook
On this page
  • File Permissions
  • Graphical User Interface (GUI)
  • User Permissions
  • Group Permissions
  • Graphical User Interface (GUI):
  • Share Permissions
  • Registry Locations

Was this helpful?

  1. Windows
  2. System Ops
  3. Security
  4. Permissions

Page

File Permissions

icacls "file.txt" /grant "username:R"

Grants read (R) permissions to the specified user.

icacls "file.txt" /grant "username:F"

Grants full control (F) permissions to the specified user.

icacls "file.txt" /remove "username"

Removes all explicitly set permissions for the user.

icacls "file.txt" /deny "username:W"

Denies write (W) permission to the specified user.

icacls "file.txt" /reset

Resets the permissions for "file.txt" to inherit from its parent directory.

icacls "C:\folder" /grant "username:M" /T

Grants modify (M) permissions to "username" on the folder and all its subfolders and files.

icacls "file.txt" /save "C:\path\to\acls.txt"

Saves the Access Control List (ACL) of "file.txt" to "acls.txt".

icacls "C:\folder" /restore "C:\path\to\acls.txt"

Restores the ACLs to the files in "folder" from "acls.txt".

icacls <FilePathOrDirectory> /inheritance:r

Removes inherited permissions from a file or directory.

icacls <FilePathOrDirectory> /setowner <UserOrGroup>

Changes the owner of a file or directory.

takeown /f C:\<filename>.exe

If you have SeTakeOwnership, you can own a process or file.

Grant permissions:

Set-Acl <file_or_folder> -AclObject (Get-Acl <file_or_folder>).Access | Add-AclEntry <username>:(R,W,X)

Revoke permissions:

Set-Acl <file_or_folder> -AclObject (Get-Acl <file_or_folder>).Access | Remove-AclEntry <username>

Change owner:

Set-Acl <file_or_folder> -Owner <username>

Graphical User Interface (GUI)

File/Folder Properties:

Right-click the file or folder, select "Properties."

Go to the "Security" tab.

Click "Edit" to modify permissions.

Add, remove, or change permissions for users or groups.

Permissions Syntax: Use abbreviations for permissions:

Permission
Description

F

Full control

M

Modify

RX

Read & execute

R

Read

W

Write

User Permissions

net user <Username> <Password> /add

Creates a new user account with a password.

net user <Username> /delete

Deletes a user account.

net user <username> /active:no

Disables account.

net user <username> /active:yes

Enables account.

net localgroup <group_name> <username> /add

Adds user to group.

net localgroup <group_name> <username> /delete

Removes user from group.

Group Permissions

net localgroup <GroupName> <Username> /add

Adds a user to a local group.

net localgroup <GroupName> <Username> /delete

Removes a user from a local group.

net localgroup <GroupName> /add

Creates a new local group.

net localgroup <GroupName> /delete

Deletes a local group.

Add-LocalGroupMember -Group "<group_name>" -Member "<username>"

Add member to group

Remove-LocalGroupMember -Group "<group_name>" -Member "<username>"

Remove member from group

Add-ADGroupMember

AD add member

Remove-ADGroupMember

AD remove member

Graphical User Interface (GUI):

Local Users and Groups (Windows 10 Pro and above):

Open Computer Management (right-click "This PC" > "Manage").

Go to "Local Users and Groups" > "Groups."

Right-click the group you want to modify and select "Properties."

Go to the "Members" tab.

Add or remove users as needed.

Share Permissions

`net share <share_name> /grant:,<READ

CHANGE

net share <ShareName> /delete

Deletes a shared folder.

icacls <FolderPath> /grant <UserOrGroup>:<Permission>

Modifies NTFS permissions for the shared folder.

New-SmbShare -Name <ShareName> -Path <FolderPath> -FullAccess <UserOrGroup>

Creates a new SMB share with Full Access permissions (PowerShell).

Remove-SmbShare -Name <ShareName>

Removes an SMB share (PowerShell).

Grant-SmbShareAccess

Grants permissions to users or groups on a share.

Revoke-SmbShareAccess

Revokes permissions from users or groups.

Remove-SmbShare

Deletes a share.

Registry Locations

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList

Controls the visibility of user accounts on the Welcome screen. Can be used to hide specific user accounts.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares

Contains information about shared folders, including share permissions.

HKEY_CLASSES_ROOT

Contains file associations and COM object registrations, which include permissions for these objects.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Stores system-level policies, including user rights assignments and security options.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg

Controls permissions for remote access to the registry.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Contains information about user profiles, including profile paths and permissions.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions

Defines known folders in Windows, including paths and permissions.

PreviousEnumerateNextAntivirus

Last updated 1 year ago

Was this helpful?

🪟