CACLS.exe – Display or modify Access Control Lists (ACLs) for files and folders.

CACLS.exe (this command is deprecated, use ICACLS.EXE instead)

Display or modify Access Control Lists (ACLs) for files and folders.

Access Control Lists apply only to files stored on an NTFS formatted drive, each ACL determines which users (or groups of users) can read or edit the file. When a new file is created it normally inherits ACL’s from the folder where it was created.

      CACLS pathname [options]

   options can be any combination of:

   /T Search the pathname including all subfolders.
   /E Edit ACL (leave existing rights unchanged)
   /C Continue on access denied errors. 

   /G user:permission
      Grant access rights, permision can be:
         R Read
         W Write
         C Change (read/write)
         F Full control 

   /R user
      Revoke specified user's access rights (only valid with /E). 

   /P user:permission
      Replace access rights, permission can be:
         N None
         R Read
         W Write
         C Change (read/write)
         F Full control 

   /D user
      Deny access to user. 

   In all the options above "user" can be a UserName
   or a Workgroup (either local or global)

   If a UserName or WGname includes spaces then it must
   be surrounded with quotes e.g. "Authenticated Users"

   If no options are specified CACLS will display the ACLs for the file(s)

Other features to try

Wildcards can be used to specify multiple files.
You can specify more than one user:permission in a single command.
The /D option will deny access to a user even if they belong to a group that does have access.


  • The CACLS command does not provide a /Y switch to automatically answer ‘Y’ to the Y/N prompt. However, you can pipe the ‘Y’ character into the CACLS command using ECHO, use the following syntax:

    ECHO Y| CACLS /g <username>:<permission>
  • To edit a file you must have the “Change” ACL (or be the file’s owner)
  • To use the CACLS command and change an ACL requires “FULL Control”
  • File “Ownership” will always override all ACL’s – you always have Full Control over files that you create.
  • If CACLS is used without the /E switch all existing rights on [pathname] will be replaced, any attempt to use the /E switch to change a [user:permission] that already exists will raise an error. To be sure the CALCS command will work without errors use /E /R to remove ACL rights for the user concerned, then use /E to add the desired rights.
  • The /T option will only traverse subfolders belowthe current directory.

If no options are specified CACLS will display the current ACLs
e.g. To display the current folder
Display permissions for one file
CACLS MyFile.txt
Display permissions for multiple files
CACLS *.txt

Inherited folder permissions are displayed as:

 OI - Object inherit    - This folder and files. (no inheritance to subfolders)
 CI - Container inherit - This folder and subfolders.
 IO - Inherit only      - The ACE does not apply to the current file/directory

These can be combined as folllows:
 (OI)(CI)	    This folder, subfolders, and files.
 (OI)(CI)(IO)	Subfolders and files only.
     (CI)(IO)  Subfolders only.
 (OI)    (IO)	Files only.

So BUILTIN\Administrators:(OI)(CI)F means that both files and Subdirectories will inherit ‘F’ (Fullcontrol)
similarly (CI)R means Directories will inherit ‘R’ (
Read folders only = List permission)

When cacls is applied to the current folder only there is no inheritance and so no output.

Errors when changing permissions

If a user or group has a permission on a file or folder and you grant a second permission to the same user/group on the same folder, NTFS will sometimes produce the error message “The parameter is incorrect” To fix this (or prevent it happening) revoke the permission first (/e /r) and then reapply (/e /g)


Add Read-Only permission to a single file
CACLS myfile.txt /E /G “Power Users”:R

Add Full Control permission to a second group of users
CACLS myfile.txt /E /G “FinanceUsers”:F

Now revoke the Read permissions from the first group
CACLS myfile.txt /E /R “Power Users”

Now give the first group Full-control:
CACLS myfile.txt /E /G “Power Users”:F

Give the Finance group Full Control of a folder and all sub folders
CACLS c:\docs\work /E /T /C /G “FinanceUsers”:F

“Whether a pretty woman grants or withholds her favours, she always likes to be asked for them” – Ovid (Ars Amatoria)


ATTRIB – Display or change file attributes
AccessEnum – GUI to browse a tree view of user privs
DIR /Q – Display the owner for a list of files (try it for Program files)
PERMS – Show permissions for a user
FIXACLS – Restore default privs (Resource Kit supplement 2)
FSUTIL – File System Options
NTRIGHTS – Edit user account rights
SHOWACL – Show file Access Control Lists (Windows 2000)
TAKEOWN – Take ownership of shares
XCACLS – Display or modify Access Control Lists (ACLs) for files and folders
Q237701 – Cacls cannot apply security to root
Q834721 – Permissions on Folder are incorrectly ordered
Q135268 – How to use CACLS.EXE in a Batch File
Q245031 – Error when using the | pipe symbol
NT Permissions explained

ACL utils: SetACL or FileACL (free)

Equivalent Linux BASH commands:

chmod – Change access permissions
chown – Change file owner and group



c:\windows\* /save AclFile /T

– Will save the ACLs for all files under c:\windows and its subdirectories to AclFile.

icacls c:\windows\ /restore AclFile

– Will restore the Acls for every file within AclFile that exists in c:\windows and its subdirectories

icacls file /grant Administrator:(D,WDAC)

– Will grant the user Administrator Delete and Write DAC permissions to file

icacls file /grant *S-1-1-0:(D,WDAC)

– Will grant the user (or security group) defined by sid S-1-1-0 Delete and Write DAC permissions to file

icacls c:\windows\explorer.exe

– View the discretionary access list and integrity level

icacls file /setintegritylevel H

– Modify mandatory integrity level of an object to High

ORA-04031 unable to allocate 4200 bytes of shared memory

Error Message:

OCIStmtExecute: ORA-04031: unable to allocate 4200 bytes of shared memory (“shared pool”,”unknown object”,”sga heap”,”state objects”)


More shared memory is needed than was allocated in the shared pool.


Bug on Oracle


metalink suggest to set the parameter _db_handles_cached=0


If the shared pool is out of memory, either use the dbms_shared_pool package to pin large packages, reduce your use of shared memory, or increase the amount of available shared memory by increasing the value of the INIT.ORA parameters “shared_pool_reserved_size” and “shared_pool_size”. If the large pool is out of memory, increase the INIT.ORA parameter “large_pool_size”.


Indonesian Bank Swift Codes

Kode SWIFT adalah bentuk baku dari Bank Identifier Codes (BIC) dan merupakan kode pengenal yang berbeda-beda antar satu bank dengan yang lainnya.
Kode-kode ini digunakan pada saat ada transfer uang antar bank.

Kode SWIFT terdiri dari 8 atau 11 karakter. Kode SWIFT 8 karakter digunakan sebagai tanda pengenal untuk kantor pusat bank yang bersangkutan.

4 karakter pertama – kode bank (hanya berisi huruf)
2 karakter berikutnya – kode negara berdasarkan ISO 3166-1 alpha-2 (hanya berisi huruf)
2 karakter berikutnya – kode lokasi (huruf dan angka) (peserta pasif akan memiliki angka “1” pada karakter ke 2)
3 karakter terakhir – kode cabang, sifatnya optional – bisa ada bisa tidak (‘XXX’ untuk kantor pusat) (berisi huruf dan angka)


  • Hagabank: HAGAIDJA
  • Bank Artha Graha: ARTGIDJA
  • Bank Bumiputera Indonesia: BUMIIDJA
  • Bank Bumi Arta Indonesia: BBAIIDJA
  • Bank Buana Indonesia: BBIJIDJA
  • Bank Danamon: BDINIDJA
  • Bank Mandiri (not Bank Syariah Mandiri): BEIIIDJA
  • Bangkok Bank: BKKBIDJA
  • Bank Niaga: BNIAIDJA
  • Bank Negara Indonesia (BNI): BNINIDJA
  • Bank BNP Paribas Indonesia: BNPAIDJA
  • Bank Resona Perdania: BPIAIDJA
  • Bank Rakyat Indonesia (BRI): BRINIDJA
  • Bank Bukopin: BBUKIDJA
  • Bank Central Asia (BCA): CENAIDJA
  • Deutsche Bank AG: DEUTIDJA
  • Bank Mizuho Indonesia: MHCCIDJA
  • Hongkong and Shanghai Banking (HSBC): HSBCIDJA
  • Bank Internasional Indonesia (BII): IBBKIDJA
  • Bank Indonesia: INDOIDJA
  • Lippobank: LIPBIDJA
  • Pan Indonesia Bank: PINBIDJA
  • Bank Rabobank International Indonesia: RABOIDJA
  • Bank UFJ Indonesia (formerly Bank Sanwa Indonesia): SAINIDJA
  • Bank Swadesi: SWBAIDJA
  • Bank Tabungan Negara (BTN): BTANIDJA
  • Bank UOB Indonesia: UOBBIDJA
  • Bank Permata: BBBAIDJA
  • Bank Maybank Indocorp: MBBEIDJA
  • Bank Chinatrust Indonesia: CTCBIDJA
  • Woori Bank Indonesia: HVBKIDJA
  • Bank Sumitomo Mitsui Indonesia: SUNIIDJA
  • Bank Finconesia: FINBIDJA
  • Bank OCBC Indonesia: OCBCIDJA
  • Bank Kesawan: AWANIDJA
  • Bank Commonwealth: BICNIDJA
  • Bank Ekonomi Raharja: EKONIDJA
  • Bank DBS Indonesia: DBSBIDJA
  • Bank CIC International (formerly Bank Century Intervest Corp): CICTIDJA
  • Bank Ekspor Indonesia: BEXIIDJA
  • Bank Mega: MEGAIDJA
  • Bank of China, Jakarta Branch: BKCHIDJA
  • Bank Syariah Mandiri (not Bank Mandiri): BSMDIDJA


ORACLE – Alter Table – Add Column

We have “alter table” syntax from Oracle to add data columns in-place in this form:

alter table
column1_name column1_datatype column1_constraint,
column2_name column2_datatype column2_constraint,
column3_name column3_datatype column3_constraint

Here are some examples of Oracle “alter table” syntax to add data columns.

alter table
cust_sex  varchar2(1) NOT NULL;

Her is an example of Oracle “alter table” syntax to add multiple data columns.

cust_sex             char(1) NOT NULL,
cust_credit_rating   number


Oracle: Alter Table

Oracle provides “alter table” syntax to modify data columns in-place in this form:

alter table
column_name  datatype;

If you are brave you can use a single “alter table” syntax to modify multiple columns:

alter table
column1_name  column1_datatype,
column2_name  column2_datatype,
column3_name  column3_datatype,
column4_name  column4_datatype

Here are some examples of Oracle “alter table” syntax to modify data columns and note that you can add constraints like NOT NULL:

cust_name varchar2(100) not null,
cust_hair_color  varchar2(20)

We can also use Oracle “alter table” syntax in dynamic PL/SQL to modify data columns


. . .



ffmpeg -i video.flv -an -ss 00:00:03 -t 00:00:01 -r 1 -y -s 320×240 video%d.jpg


FFmpeg version Sherpya-r14277, Copyright (c) 2000-2008 Fabrice Bellard, et al.
libavutil version: 49.7.0
libavcodec version: 51.60.0
libavformat version: 52.17.0
libavdevice version: 52.0.0
built on Jul 18 2008 11:12:48, gcc: 4.2.4 [Sherpya]

Seems stream 0 codec frame rate differs from container frame rate: 1000.00 (1000
/1) -> 25.00 (25/1)
Input #0, flv, from ‘video.flv’:
Duration: 00:04:54.50, start: 0.000000, bitrate: 48 kb/s
Stream #0.0: Video: flv, yuv420p, 320×240, 25.00 tb(r)
Stream #0.1: Audio: mp3, 22050 Hz, mono, 48 kb/s
Output #0, image2, to ‘video%d.jpg’:
Stream #0.0: Video: mjpeg, yuvj420p, 320×240, q=2-31, 200 kb/s, 1.00 tb(c)
Stream mapping:
Stream #0.0 -> #0.0
Press [q] to stop encoding
frame= 1 fps= 0 q=4.6 Lsize= -0kB time=1.00 bitrate= -0.2kbits/s
video:11kB audio:0kB global headers:0kB muxing overhead -100.191638%

Creating random passwords with PHP

function RandomPassword($passlength) {
$chars .= “1234567890”;
$chars .= “abcdefghijklmnopqrstuvwxyz”;

$charsLength = strlen($chars);

for ($ras = 0; $ras <$passlength; $ras++) {
$number = rand(0,$charsLength-1);
$password .= $chars[$number];

return $password;