Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


14213 posts

Uber Geek
+1 received by user: 2570

Trusted
Subscriber

Topic # 164280 4-Feb-2015 07:26
Send private message

I've recently started using W10 alongside W7, file permissions have been a bit of a pain. I would sometimes have to go back into W7 to change permissions so I could take ownership of files in W10 then change permissions there.

Yesterday I took an image of my W7 drive with Macrium Reflect free, tried something that accidentally deleted the W7 partition, then tried to restore it. Unfortunately the image (and another I took at the same time) is corrupt. So I no longer have the option to go back into W7 and change permissions. I could reinstall of course but I'll probably just run with a brand new fresh install of W10.

What I'm after is a way to bulk assign the same owner and permissions to every file on a disk. I know you should in theory just right click the root folder and change it there, but various things come up:
 - Recycle bins from the two windows versions seem incompatible so I have to hit "ignore" about 5000 times.
 - Some folders deep in the tree seem to have odd permissions and don't want to be changed.

Is there a way to say "set this owner and permissions for every file on this disk without asking me a bunch of questions"?




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


Create new topic
4988 posts

Uber Geek
+1 received by user: 1324

Trusted
Microsoft

  Reply # 1230906 4-Feb-2015 07:38
One person supports this post
Send private message

icacls



14213 posts

Uber Geek
+1 received by user: 2570

Trusted
Subscriber

  Reply # 1230909 4-Feb-2015 07:50
Send private message

So something like this will recursively give USERNAME ownership and full permissions to all files on a drive? Will this work on any computer and any drive to take permissions? Makes NTFS seem pretty insecure...

icacls d:\* /setowner USERNAME /c /t
icacls d:\* /grant USERNAME:F /c /t






AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


4988 posts

Uber Geek
+1 received by user: 1324

Trusted
Microsoft

  Reply # 1230910 4-Feb-2015 07:57
Send private message

NTFS is not insecure. you need to have permissions to set permissions



14213 posts

Uber Geek
+1 received by user: 2570

Trusted
Subscriber

  Reply # 1230913 4-Feb-2015 08:10
Send private message

So if I try to set permissions on files I don't explicitly have access to I won't be able get them with icacls?

What happens in the scenario that permissions are locked down on a data disk to give full permissions to just "john" but no permissions to anyone else, the OS fails and is reinstalled, and you need to give a user on the new OS "fred" ownership and permissions to the files?

I of course have backups but I would rather not have to do that.




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


4988 posts

Uber Geek
+1 received by user: 1324

Trusted
Microsoft

  Reply # 1230925 4-Feb-2015 08:32
Send private message

if ICACLS is failing to take ownership, then you need to take ownership using TAKEOWN

4988 posts

Uber Geek
+1 received by user: 1324

Trusted
Microsoft

  Reply # 1230926 4-Feb-2015 08:34
Send private message

and in terms of security, this isn't insecure.  You can take ownership as you have local physical access to the disk
If you wanted to stop someone from being able to rip out your disks and put them in another machine, looking into EFS (encrypting file system) or BDE (BitLocker drive encryption)



14213 posts

Uber Geek
+1 received by user: 2570

Trusted
Subscriber

  Reply # 1230930 4-Feb-2015 08:38
Send private message

I'll try ICACLS this evening, i'll look into TAKEOWN if it doesn't work thanks. Good point about physical access. I do have sensitive data encrypted.




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer




14213 posts

Uber Geek
+1 received by user: 2570

Trusted
Subscriber

  Reply # 1234404 11-Feb-2015 06:44
Send private message

Is there an easy way to say "remove all existing permissions, set all files and folders to use inherited permissions"?




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


JWR

739 posts

Ultimate Geek
+1 received by user: 237


  Reply # 1234428 11-Feb-2015 08:33

timmmay: Is there an easy way to say "remove all existing permissions, set all files and folders to use inherited permissions"?


You mean like...  right click -> properties -> security tab -> advanced button?

You can take ownership, add/remove permissions, inheritance etc..



14213 posts

Uber Geek
+1 received by user: 2570

Trusted
Subscriber

  Reply # 1234429 11-Feb-2015 08:35
Send private message

JWR: You mean like...  right click -> properties -> security tab -> advanced button?

You can take ownership, add/remove permissions, inheritance etc..


When you do that if there are files way down the tree that have difference permission or ownership it doesn't tend to take. After a bit more reading I'm thinking TAKEOWN then ICACLS /reset should probably do the job.




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.