test2101

AccessChk: Quick Guide to Checking Windows File and Registry Permissions

Written by

adm

in

Step-by-Step: Running AccessChk to Find Hidden Access Rights

What AccessChk is

AccessChk is a Sysinternals command-line tool that shows what access users and groups have to files, directories, registry keys, services, processes, and more on Windows.

Preparation

  • Download: Get AccessChk from Microsoft Sysinternals.
  • Run as admin: Open an elevated Command Prompt or PowerShell (right-click → Run as administrator).
  • Path: Place accesschk.exe in a folder on PATH or run it from its download location.

Basic command structure

Code
accesschk [options]

Common useful commands (with purpose)

  1. List access for a specific file or directory
Code
accesschk -d C:\Path\To\FileOrFolder
  • Purpose: Show discrete rights (read, write, delete, etc.) for that object.
  1. Show permissions for all files in a folder
Code
accesschk -s -d C:\Path\To\Folder</span>
  • Purpose: Recursively list effective rights for each item in the folder.
  1. Find accounts that can take ownership
Code
accesschk -o C:\Path\To\FileOrFolder
  • Purpose: Detect who has TAKEOWN/SE_TAKEOWNERSHIP-like rights.
  1. Display registry key permissions
Code
accesschk -k “HKLM\SOFTWARE\SomeKey”
  • Purpose: Inspect who can read or write the registry key.
  1. Check service permissions
Code
accesschk -c “ServiceName”
  • Purpose: Show which accounts can control or configure a Windows service.
  1. List which users have which rights on processes
Code
accesschk -p -v
  • Purpose: Verbose process ACLs to find accounts able to debug or terminate processes.
  1. Find accounts with full control across many objects
Code
accesschk -accepteula -q -s -w *
  • Purpose: Recursively search current directory (or root) for objects with specific rights; combine filters as needed.

Tips for finding “hidden” access

  • Use -s for recursion to surface nested objects.
  • Use -v for verbose output to see inherited vs explicit rights.
  • Combine object filters (files, registry, services, processes) to check all potential privilege vectors.
  • Pipe results to a file for offline review:
Code
accesschk [options] > C:\temp\accesschk-output.txt

Interpreting results

  • Look for accounts with FullControl, WRITE_DAC, WRITE_OWNER, or TAKEOWNERSHIP — these allow privilege escalation or persistence.
  • Note group memberships (e.g., Everyone, BUILTIN\Administrators) that grant broad access.
  • Check for non-standard service permissions and writable registry keys under HKLM that can be abused.

Example quick workflow

  1. Run recursively on target program folder:
Code
accesschk -s -d “C:\Program Files\TargetApp*”
  1. Check related services:
Code
accesschk -c TargetServiceName
  1. Inspect registry keys used by the app:
Code
accesschk -k “HKLM\SOFTWARE\TargetVendor\TargetApp” -s
  1. Review process ACLs:
Code
accesschk -p -v | findstr /i targetapp

Safety and clean-up

  • Use -accepteula to auto-accept the Sysinternals license in scripts.
  • Avoid changing ACLs until you’ve documented risks and have a rollback plan.

If you want, I can produce a one-line command set tailored to a specific folder, service name, or registry path.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts