Page tree
Skip to end of metadata
Go to start of metadata
An access control list (ACL) is a Windows structure that defines access rights for a trustee (user or computer). It is commonly viewed through the Permissions tab on a file or registry key, and can also be viewed with command-line tools such as cacls.exe.

ACLs can also be defined and described using the Security Descriptor Definition Language (SDDL). Technical details about this language can be found on Microsoft’s Developer site at, but this information may be more complex than necessary.

The simple way to create and use SDDL is to use the user interface in Windows Explorer to create the desired permissions on a test file. Then use the following command-line or Powershell commands to see the SDDL string that can be used in FSLogix settings.

Command-Linecacls.exe <Filename> /s
PowershellGet-Acl -Path <Filename> | Format-List
  • No labels