If you work with Windows and are interested in security, system administration or pentesting, knowing AccessChk is essential. This free tool from Microsoft Sysinternals It allows you to explore in-depth access permissions on files, services, registry keys, and other system resources. The best part is that everything works from the command line.
In this article, we've compiled all the relevant information about its use, its options, and its practical application. Everything is explained in a clear and accessible way.
What is AccessChk and why should you know about it?
AccessChk It is a utility originally developed by Mark Russinovich and now maintained by Microsoft within the Sysinternals suite. Its primary function is display what permissions a user or group has on Windows operating system resources. It can be used to analyze files, folders, registry keys, services, processes, shared resources, and global objects.
It is especially useful for detect incorrect configurations that may allow unwanted access, such as directories that any user can write to, services that can be modified without elevated privileges, or vulnerable registry keys. It's also a key tool in security audits and red teaming exercises.
Advantages of using AccessChk in Windows auditing and protection
Access control in Windows is based on security descriptors, ACLs (Access Control Lists), and integrity levels. A single configuration error can represent a breach that compromises the entire system.This is where AccessChk makes the difference:
- Allows you to find excessive permissions in files, directories and services.
- Helps identify dangerous configurations such as DLL Hijacking or unquoted paths.
- Facilitates checking for inherited or explicit access in the file system and registry.
- Allows you to detect objects without access or those to which you have read or write access.
How to install and start using AccessChk
One of the great advantages of AccessChk is that it does not require installation as such. This is a portable executable. which you can download from the official Sysinternals website (Microsoft) or run directly from Sysinternals Live.
- Download the executable from Microsoft Learn or Sysinternals.
- Copy the accesschk.exe file in a folder included in your PATH environment variable (for example,
C:\Windows). - Open a command console and run
accesschkto see all available options.
Does not require elevated privileges to run, although results will vary depending on the current user's permissions.
Most useful AccessChk commands and parameters
AccessChk offers a wide variety of modifiers that allow you to tailor the output to what you really need to audit. Below are the most common options and their usefulness:
| Parameter | Function |
|---|---|
| -a | Displays user account rights. |
| -c | Query permissions on Windows services (for example, ssdpsrv). |
| -d | Filter only parent directories or keys. |
| -e | Displays explicitly stated integrity levels. |
| -f | List process tokens or filter users. |
| -h | Audit shared resources. |
| -k | Works with registry keys. |
| -l | Returns the complete security descriptor. |
| -n | Shows objects without access permission. |
| -o | Work with global objects. |
| -p | Allows you to specify a process or PID. |
| -r | Filter by read access. |
| -s | Executes the query recursively. |
| -t | Filter by object type. |
| -u | Skips errors in output. |
| -v | Displays detailed information. |
| -w | Filter by write access. |
By default, paths are interpreted as file system paths., but you can specify registry keys, global objects, or processes with their respective switches. For more information about permissions in Windows 11, you can refer to How to manage permissions in Windows 11.
Real-life examples of using AccessChk
The best way to understand the power of AccessChk is to see concrete examples. Here are some practical cases to help you get the most out of it:
Effective permissions on a system folder
accesschk "Power Users" c:\windows\system32
This command shows you what rights members of the Power Users group have to files and folders within that path.
Check write access to system services
accesschk users -cw *
Ideal for detecting potential privilege escalation vectors, especially if a group has unnecessary permissions on critical services.
Analyze permissions on registry keys
accesschk -kns austin\mruss hklm\software
Useful for blocking unwanted access or auditing excessive account restrictions.
Query integrity levels and global objects
accesschk -e -s c:\users\usuario
accesschk -wuo everyone \basednamedobjects
Integrity levels, introduced in Windows Vista, define isolation between processes. AccessChk makes this easy to view.
Check for weak permissions on folders and files
accesschk.exe -uwdqs Users c:\
accesschk.exe -uws q s Users c:\*.*
Very helpful in large corporate environments, it allows you to find configurations that can be exploited.
AccessChk applications in pentesting scenarios
AccessChk shines in offensive contexts where we seek to escalate privileges or move laterally. Some of the most common uses include:
- Detecting services with unquoted paths that allow malicious DLLs to be executed if the user can write to the affected directories.
- Checking permissions on executable files of misconfigured services.
- Scanning important registry keys , the
Winlogonor autologin settings. - Integration with other tools to automate the collection of evidence and vulnerabilities.
In addition, it is used together with tools such as Procmon o msfvenom to capture calls to missing DLLs and create effective payloads from compromised services.
AccessChk offers valuable insight into how permissions are actually applied on a Windows system. Whether you're securing production systems or exploring attack vectors during a pen test, its use is almost essential. If you haven't tried it yet, do so. It's sure to quickly become one of your favorite tools.