Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Saturday, February 27, 2010

Ownership of a file or folder

In earlier versions of Windows there were no command-line tools to take ownership of files or folders. You needed to use the Security tab in the file or folder properties to change the ownership of an item. Windows 7 and Windows Vista include a command-line tool named Takeown.exe that can be used from an admin Command Prompt to change the ownership of a file system object easily.

Taking ownership of a file
Open an elevated Command Prompt window. To do so, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as Administrator.
Type the following command and press ENTER:
(Replace the text with the full path of the actual file.)
If the operation was successful, you should see the following message:
"SUCCESS: The file (or folder): "filename" now owned by user "Computer Name\User name"."
Then to assign the Administrators group Full Control Permissions for the file, you may use the ICACLS command. Use this syntax:
ICACLS /grant administrators:F

Taking ownership of a folder
Use the following syntax:
takeown /f /r /d y
Then to assign the Administrators group Full Control Permissions for the folder, use this syntax:
icacls /grant administrators:F /T
The /T parameter is added so that the operation is carried out through all the sub-directories and files within that folder.
Command-line help: To know more information about the above commands, run these commands from a Command Prompt window.
takeown /?
icacls /?

#1 Command Script
To further simplify the process of taking ownership, Tim Sneath of Microsoft provides a .CMD file (Windows Command Script) which takes ownership and assigns Full Control Permissions to Administrators for the directory which is passed as a parameter to the CMD file. For more information, read Tim’s post Windows Vista Secret #11: Deleting the Undeletable.
#2 Add "Take Ownership" command to the Context menu
This again uses the special runas verb in Windows 7/Vista, which has been covered many times in this Website (REF runas).
Download takeown_context.reg and save to Desktop. Right-click on the file and choose Merge. Click Yes when asked for confirmation.
This adds an extended command named Take Ownership in the context menu for files and directories. To access the command, you need to press and hold the SHIFT key down, and then right-click on a file or folder.
Sample Scenario: Let’s assume that you’re trying to delete a folder for which you don’t have permissions (although you’re logged in as Administrator) and getting an Access Denied error:
Simply press and hold the SHIFT key down, and right-click on the folder that you want to delete. Click the Take Ownership command.
You should now be able to delete that folder!

Deleting the Undeletable It's not unusual to find some folders that can't be accessed, even by an administrator, because their ACLs were set for accounts with SIDs that applied to an old partition. For example, on my home machine, I switched the C: and D: drive cables around and installed Windows Vista RTM on the new drive. Having tested everything worked, I wanted to delete some old redundant directories (like the old \Program Files directory). If even an administrator can't access the file, how do you take it back?
The secret lies in two command-line utilities, one ancient, the other completely revised for this release. Respectively, these are

  • takeown (which takes ownership of a file or directory) and
  • icacls (which sets new ACLs on that directory).

I created a small batch command on my system called itsmine.cmd, as follows:
   takeown /f %1 /r /d y
   icacls %1 /grant administrators:F /t

From an elevated command prompt, you can run a command such as itsmine d:\hard_to_delete and this will reset ownership and ACLs on the hard_to_delete directory such that a command like
rd /s d:\hard_to_delete
should work.

No comments: