Back

Topic

[KB1261]PcVue and ACLs: Managing Permissions

Tags: Operating System, System

System
2 hours ago
By LM
Options
Print
Applies to:
PcVue 16 onwards
Summary:
Learn how ACLs (Access Control Lists) work with PcVue, and why they matter for securing your projects—even if you’re not a system admin. This guide breaks down the basics and shows you how to manage permissions like a pro.
Details:

1. What Are ACLs?

  • Simple Explanation: ACLs (Access Control Lists) are like “permission rules” for your files and folders. They decide who can read, edit, or delete them.
  • Analogy: Think of ACLs as a “guest list” for a party. Only people on the list (or with the right “key”) can enter certain rooms (files/folders).

2. Why Do ACLs Matter in PcVue?

  • Security: ACLs help protect your PcVue projects from unauthorized changes.
  • Collaboration: They let you share projects with colleagues while controlling what each person can do.
  • Example: If you’re working on a PcVue mimic, you might want your team to view it but not modify it.

3. How ACLs Work in Windows

Operating systems Windows 10, Windows Server 2016 and later provides powerful command-line tools that simplify the process of managing file and folder permissions. These tools are especially useful for scripting tasks, allowing administrators to automate the setting, modification, and backup of access control lists (ACLs) efficiently.

  • icacls displays or modifies discretionary access control lists (DACLs) on specified files and applies stored DACLs to files in specified directories.
  • takeown enables an administrator to recover access to a file that previously was denied, by making the administrator the owner of the file. This command is typically used on batch files.

Guide with examples for these two commands: Using the Icacls Command in Windows: A Complete Guide with Examples

PowerShell equivalents to these commands: Get-Acl and Set-Acl

Trick for finding out the owner of directories or files: use the dir command with the /Q flag

While these tools are usually for admins, understanding the basics helps everyone.

  • Save ACLs Command 
icacls "D:\PcVue Projects" /save "D:\AclFile.txt" /T
  • This command saves a folder ACLs to a file. No need to have elevated priviledges to do that.
  • Grant ACLs command (for context, not for users to run!)
icacls "D:\PcVue Projects" /grant:r "MACHINE\Username":(OI)(CI)(RX,D) /T /C
  • This command gives (to a specific user) read access to the folder “D:\PcVue Projects” and all files/directories below it.
  • Restore ACLs command
icacls "D:" /restore "D:\AclFile.txt" /T
  • This command restores a folder ACLs from a file. Administrator priviledges are required to do that. The command must point to the parent folder (here “D:”).

4. PcVue and ACLs

Below are some examples of ACLs on PcVue installation folders retrieved using the icacls and dir commands.

Examples of ACLs on PcVue installation folders

Running context

Windows Server 2022 was used to run the following commands.

Command

icacls "C:\ARC Informatique\PcVue 16"

Output

NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Administrators:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(RX)
BUILTIN\Users:(I)(CI)(AD)
BUILTIN\Users:(I)(CI)(WD)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)

Remarks

  • This command was executed before an administrator made changes to the folder’s access control lists (ACLs).

Command

icacls "C:\Program Files"

Output

NT SERVICE\TrustedInstaller:(F)
NT SERVICE\TrustedInstaller:(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(M)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(OI)(CI)(IO)(F)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE)

Command

icacls "C:\Program Files\ARC Informatique\PcVue 17"

Output

NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(RX)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)

Command

icacls "C:\ProgramData"

Output

NT AUTHORITY\SYSTEM:(OI)(CI)(F)
BUILTIN\Administrators:(OI)(CI)(F)
CREATOR OWNER:(OI)(CI)(IO)(F)
BUILTIN\Users:(OI)(CI)(RX)
BUILTIN\Users:(CI)(WD,AD,WEA,WA)

Command

icacls "C:\ProgramData\ARC Informatique\PcVue 17"

Output

NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Administrators:(I)(OI)(CI)(F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(OI)(CI)(RX)
BUILTIN\Users:(I)(CI)(WD,AD,WEA,WA)

Remarks

  • This command was executed before the administrator made changes to the folder’s access control lists (ACLs).

Command

dir "C:\ARC Informatique\PcVue 16" /AD /Q

Output

NT AUTHORITY\SYSTEM    .
NT AUTHORITY\SYSTEM    ..
NT AUTHORITY\SYSTEM    Bin
NT AUTHORITY\SYSTEM    Development kits
NT AUTHORITY\SYSTEM    Documentation
NT AUTHORITY\SYSTEM    Etc
NT AUTHORITY\SYSTEM    Lib
NT AUTHORITY\SYSTEM    Usr

Remarks

  • This command was executed immediately after installing PcVue 16, before starting the sv32 application.

Command

dir "C:\Program Files\ARC Informatique\PcVue 17" /AD /Q

Output

NT AUTHORITY\SYSTEM    .
NT AUTHORITY\SYSTEM    ..
NT AUTHORITY\SYSTEM    bin
NT AUTHORITY\SYSTEM    config
NT AUTHORITY\SYSTEM    doc
NT AUTHORITY\SYSTEM    ext

Command

dir "C:\ProgramData\ARC Informatique\PcVue 17" /AD /Q

Output

NT AUTHORITY\SYSTEM    .
NT AUTHORITY\SYSTEM    ..
NT AUTHORITY\SYSTEM    devkits
NT AUTHORITY\SYSTEM    etc
NT AUTHORITY\SYSTEM    lib
NT AUTHORITY\SYSTEM    logs
NT AUTHORITY\SYSTEM    usr

Remarks

  • This command was executed immediately after installing PcVue 17, before starting the sv32 application.

Command

dir "C:\ProgramData\ARC Informatique\PcVue 17" /AD /Q

Output

NT AUTHORITY\SYSTEM    .
NT AUTHORITY\SYSTEM    ..
USER-MACHINE-ID\Dev    bmp
USER-MACHINE-ID\Dev    databases
NT AUTHORITY\SYSTEM    devkits
USER-MACHINE-ID\Dev    dumps
NT AUTHORITY\SYSTEM    etc
USER-MACHINE-ID\Dev    gis
NT AUTHORITY\SYSTEM    lib
NT AUTHORITY\SYSTEM    logs
USER-MACHINE-ID\Dev    pki
USER-MACHINE-ID\Dev    prg
USER-MACHINE-ID\Dev    scr
USER-MACHINE-ID\Dev    sym
USER-MACHINE-ID\Dev    tmp
NT AUTHORITY\SYSTEM    usr
USER-MACHINE-ID\Dev    win
USER-MACHINE-ID\Dev    wtp

Remarks

  • This command was executed immediately after running the sv32 application for the first time.
  • The interactive user at runtime was USER-MACHINE-ID\Dev.

Created on: 20 Jan 2026