Perms.exe: File Access Permissions per User

Perms displays a user's access permissions for a specified file or set of files.

To use Perms, you need "Backup files and folders" privileges on the computer where the files are stored, and you must be logged on as a member of the Administrators group for the domain or computer where the user account is defined. Otherwise, "Access denied" errors might occur.

Perms queries the permissions associated with a specific ACE, displaying only those permissions granted by that particular ACE.

Note that if a user is a member of local or global groups with varying sets of permissions, PERMS output does not reflect cases in which this user has been given or denied rights through the ACEs for these local or global groups. The following scenarios illustrate this point:

In this case, Perms would show that username has FULL ACCESS, while in fact he or she has NO ACCESS.
In this case, Perms would show that username has READ ONLY permission, even though he or she actually has FULL ACCESS.

File Required

Perms.exe

Perms Topics

Perms Syntax
Perms Examples
Perms Characters

top

Perms Syntax

perms [domain\|computer\]username path [/i] [/s] [/?]

Where:

[domain\|computer\]username: name of user whose permissions are to be checked, in the format domain\username or computer\username or local username.
path: name of a file or folder in any legal format, including UNC (\\). You can use the character * or ? wildcards.
/i: assumes the specified user is logged on interactively to computer where the file/directory resides. With this switch, PERMS assumes the user is a member of the INTERACTIVE group. Without this switch, PERMS assumes the user is a member of the NETWORK group. Indicates that Perms is to assume that account is interactively logged on to the computer where path resides. Without this parameter, Perms assumes the user is logged on over the network and is a member of the Network security group.
/s: checks permissions on files in subdirectories.
/?: displays help for the Perms command.

top

Perms Examples

Example 1

Display permissions for files in user "imauser" on computer "IMACOMPUTER" in subdirectories of drive C, and then send that output to a text file.

perms IMACOMPUTER\imauserg c: /s >driveCperms.txt

top

Perms Characters

Access Masks in Perms Output:

Access	Description
R	Read. Allows or denies viewing the attributes of a file or folder, such as read-only and hidden. Attributes are defined by NTFS.
W	Write. Allows or denies changing the attributes of a file or folder, such as read-only or hidden. Attributes are defined by NTFS.
X	Execute. Allows or denies running program files (applies to files only).
D	Delete. Allows or denies deleting the file or folder. If you do not have delete permissions for a file or folder, you can still delete it if you have Delete Subfolders and Files permissions for the parent folder.
P	Change Permissions. Allows or denies changing permissions for the file or folder, such as Full Control, Read, and Write.
O	Take Ownership. Allows or denies taking ownership of the file or folder. The owner of a file or folder can always change permissions on it, regardless of any existing permissions that protect the file or folder.
A	General All.
-	No Access
*	The specified user is the owner of the file or directory.
#	A group the user is a member of owns the file or directory.
?	The user's access permisssions cannot be determined.