The command icacls displays and/or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories. Icacls.exe replaces the Cacls.exe command line tool for viewing and editing DACLs. This tool may become handy when a security executive need to run an audit exercise on files or a domain administrator need to protect some files such as, to make sure that users do not have access to log files on client computers. For example, a quick tip how to restrict users from modifying scheduled tasks is found here. Typical example using Icacls would be:
icacls test1 /grant User1:(d,wdac) – To grant the user User1 Delete and Write DAC permissions to a file named “Test1”
For more detailed info about Icacls go here.