> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-13/windows/post-exploitation-windows-filesystem.md).

# Filesystem

## Modify File Permissions via ICACLS

To remove a specific Deny Access Control Entry (ACE) for a principal on a file using `icacls`, particularly useful if a privileged user like SYSTEM is explicitly denied access preventing file access even with high privileges. The `icacls` command is used to display or modify Access Control Lists (ACLs) for files and folders. To remove only denied permissions for a user or group, use the `/remove:d` flag followed by the principal name.

The syntax `/remove:d Sid|Name` removes all denied permissions for the specified security identifier (Sid) or name. If you need to remove only a specific denied permission type, you can specify it after the principal name using a colon, like `/remove:d Sid|Name:perm`.

For example, to remove all 'Deny' permissions for the `NT AUTHORITY\SYSTEM` user on a specific file:

```powershell
icacls "path\to\your\file" /remove:d "NT AUTHORITY\SYSTEM"
```

Replace `"path\to\your\file"` with the target file path. This command removes all 'Deny' ACEs for the `NT AUTHORITY\SYSTEM` user on the specified file. Using `/remove:d` ensures only deny entries are affected, leaving any granted permissions intact.
