cacls.exe

Windows Access Control List (ACL) Command Line Tool

Command-Line UtilityLegacyWindows Security

CPU Usage

0-5%

Memory

1-6 MB

Location

System32

Publisher

Microsoft Corporation

Quick Answer

cacls.exe is a legacy Windows tool. It edits ACLs for files and folders via the command line and is largely superseded by icacls.exe in modern Windows builds. Use with caution.

Is it a Virus?

✔ NO - Safe

Must be in C:\Windows\System32\cacls.exe or C:\Windows\SysWOW64\cacls.exe; only legitimate versions from Microsoft.

Warning

Caution with legacy tool

Using cacls.exe can modify permissions broadly; ensure you specify correct permissions and paths to avoid lockouts.

Can I Disable?

✔ YES

You can avoid using it; it's a system utility. Safely ignore unless needed for admin tasks, or replace with icacls.

What is cacls.exe?

cacls.exe is a Windows command-line utility used to view and modify ACLs on files and directories. It enables administrators to grant, revoke, or modify rights for users or groups. As a legacy tool, its capabilities have largely been superseded by icacls.exe, which offers broader syntax and safer defaults.

cacls.exe edits NTFS ACLs by applying access control entries to files and folders. It supports granting, denying, and revoking rights for users or groups, and can modify inheritance. It is deprecated in favor of icacls.exe for improved features and safety.

Quick Fact: cacls.exe debuted long ago as a simple ACL editor and is still available for compatibility, but modern Windows prefers icacls.exe for safer and more flexible permission handling.

Types of cacls Processes

Command-Line Invocation: Runs from a CMD or PowerShell session to modify ACLs on a target object
ACL Entry Application: Applies grant/deny rules to a file or folder for users/groups
Inheritance Modifier: Can modify inherited permissions on container objects
Scripting Helper: Used in batch files and admin scripts for permission hardening
Legacy Compatibility: Maintains support for older deployment workflows
Guidance for Admin Tasks: Often included in security hardening guides alongside icacls

Is cacls.exe Safe?

Yes, cacls.exe is safe when it is the legitimate Windows tool located in the System32 folder and obtained from Microsoft.

Is cacls.exe a Virus or Malware?

The real cacls.exe is NOT a virus. However, malware can masquerade with similar names; always verify location and signature.

How to Tell if cacls.exe is Legitimate or Malware

File Location: Must be in C:\Windows\System32\cacls.exe or C:\Windows\SysWOW64\cacls.exe on 64-bit systems. Any other path is suspicious.
Digital Signature: Right-click the file in Explorer → Properties → Digital Signatures. Should show a valid signature from 'Microsoft Corporation' or 'Microsoft Windows'.
Resource Usage: Normal usage is near-zero CPU when idle and minimal memory. Unexpected spikes suggest script or malware activity.
Behavior: Should only run when invoked by an administrator or a signed script. Persistent background activity indicates compromise.

Red Flags: If cacls.exe is located outside the Windows System32 path, lacks a valid signature, or runs without user initiation, scan with antivirus. Watch for similarly named files like 'cacls32.exe' from untrusted sources.

Why Is cacls.exe Running on My PC?

cacls.exe runs when an administrator or a script modifies ACLs for files or folders, often via batch scripts, PowerShell, or setup routines.

Reasons it's running:

Active Permission Changes: An admin task or script is actively granting or revoking rights on targets.
Startup or Scheduled Tasks: A scheduled task or startup script runs to enforce permissions during boot or logon.
Group Policy or Baselines: Security baselines or GPO scripts apply ACLs across machines or shares.
Backup/Restore Processes: Backup tools may rebuild ACLs during data restore to preserve security settings.
Legacy Script Usage: Old deployment or maintenance scripts still rely on cacls.exe for compatibility.

Can I Disable or Remove cacls.exe?

Not exactly. You can’t uninstall a built-in Windows tool, but you can avoid using it or block its usage. Consider using icacls.exe for permission tasks and restrict non-admin execution where appropriate.

How to Stop cacls.exe

End Active Sessions: If a console window is running cacls, close the session or end the task from Task Manager.
Close or Remove Scripts: Identify and disable batch files or PowerShell scripts that call cacls.exe.
Disable Startup/Scheduled Tasks: In Task Scheduler or Group Policy, disable jobs that invoke cacls.exe.
Restrict Execution: Use AppLocker/WDAC to block non-admin execution of cacls.exe.
Migrate to icacls: Replace permission changes with icacls.exe for modern Windows compatibility.

How to Disable or Replace cacls.exe

✔ Note: cacls.exe is part of Windows; it cannot be uninstalled. Use AppLocker or WDAC to block execution for non-admins.
✔ Migrate existing scripts to icacls.exe for future changes.
✔ Verify that essential admin tasks still function after restricting usage.

Common Problems: Permission Edits with cacls

If cacls.exe changes fail or produce errors, common issues relate to syntax, user names, and inheritance settings.

Common Causes & Solutions

Incorrect user or group name: Double-check the exact user/group name and use proper syntax, e.g., cacls.exe "C:\path" /G User:(F)
Access Denied for non-admin users: Run the command from an elevated Command Prompt or use Run as administrator.
Attempting changes on read-only files: Remove the read-only attribute, then retry, or perform changes on a writable copy.
Inheritance not applied as expected: Use /t for traversing subfolders or /e to edit existing ACLs without replacing all entries.
Overly broad permissions granted: Limit to required rights (F, M, RX) and specify exact users/groups; avoid granting full control broadly.
Tool deprecation and compatibility issues: Prefer icacls.exe for new deployments and only use cacls for legacy script compatibility.

Quick Fixes:
1. Open an elevated Command Prompt.
2. Identify target with cacls.exe "C:\path" and review current ACLs.
3. Apply precise permissions, e.g., cacls.exe "C:\path" /G User:(F).
4. Validate changes with cacls.exe "C:\path" to confirm ACLs are correct.
5. If possible, migrate to icacls.exe for future changes.

Frequently Asked Questions

Is cacls.exe safe to use on Windows 10/11?

Yes, when it comes from Microsoft and is used by trusted administrators. It is a legacy tool and should be replaced by icacls.exe for modern systems.

What does cacls.exe do exactly?

Cacls.exe edits NTFS ACLs by granting, denying, or revoking rights for users or groups on files and directories, including inheritance behavior.

How do I grant permissions with cacls.exe?

Example: cacls.exe "C:\Folder" /G User:(F). Replace User with the account and F with the desired rights; use caution on sensitive paths.

Why is cacls.exe deprecated?

It has been superseded by icacls.exe, which provides safer defaults, better syntax, and more robust handling of ACLs and inheritance.

How can I recover if I lock myself out with ACL changes?

If possible, use a backup script or icacls.exe to restore previous ACLs, or use a recovery account with admin rights to correct permissions.

Can I use cacls.exe on a network share?

Yes, but always ensure you have appropriate permissions on the share and that you understand the security implications of granting access across the network.