Friday, June 25, 2010

NTFS: How to delete files without permission as an administrator

1. To take ownership of the file, you’ll need to use the takeown command.
Here’s an example:

takeown /R /f D:\cygwin

where /R means recursively taking ownership.

2. That will give you ownership of the files and folders, but you still have no rights to delete it. Now you can run the cacls command to give yourself full control rights to the file:

cacls D:\cygwin /T /G YourUserName:F


At this point, you should be able to delete the file.
If you still can’t do so, you may need to reboot into Safe Mode and try it again.

The following are some options about the two commands used above:

TAKEOWN [/S system [/U username [/P [password]]]]
/F filename [/A] [/R [/D prompt]]

Description:
This tool allows an administrator to recover access to a file that
was denied by re-assigning file ownership.

Parameter List:
/S system Specifies the remote system to
connect to.

/U [domain\]user Specifies the user context under
which the command should execute.

/P [password] Specifies the password for the
given user context.
Prompts for input if omitted.

/F filename Specifies the filename or directory
name pattern. Wildcard "*" can be used
to specify the pattern. Allows
sharename\filename.

/A Gives ownership to the administrators
group instead of the current user.

/R Recurse: instructs tool to operate on
files in specified directory and all
subdirectories.

/D prompt Default answer used when the current user
does not have the "list folder" permission
on a directory. This occurs while operating
recursively (/R) on sub-directories. Valid
values "Y" to take ownership or "N" to skip.

/? Displays this help message.

NOTE: 1) If /A is not specified, file ownership will be given to the
current logged on user.

2) Mixed patterns using "?" and "*" are not supported.

3) /D is used to suppress the confirmation prompt.

Examples:
TAKEOWN /?
TAKEOWN /F lostfile
TAKEOWN /F \\system\share\lostfile /A
TAKEOWN /F directory /R /D N
TAKEOWN /F directory /R /A
TAKEOWN /F *
TAKEOWN /F C:\Windows\System32\acme.exe
TAKEOWN /F %windir%\*.txt
TAKEOWN /S system /F MyShare\Acme*.doc
TAKEOWN /S system /U user /F MyShare\foo.dll
TAKEOWN /S system /U domain\user /P password /F share\filename
TAKEOWN /S system /U user /P password /F Doc\Report.doc /A
TAKEOWN /S system /U user /P password /F Myshare\*
TAKEOWN /S system /U user /P password /F Home\Logon /R
TAKEOWN /S system /U user /P password /F Myshare\directory /R /A



NOTE: Cacls is now deprecated, please use Icacls.

Displays or modifies access control lists (ACLs) of files

CACLS filename [/T] [/M] [/L] [/S[:SDDL]] [/E] [/C] [/G user:perm]
[/R user [...]] [/P user:perm [...]] [/D user [...]]
filename Displays ACLs.
/T Changes ACLs of specified files in
the current directory and all subdirectories.
/L Work on the Symbolic Link itself versus the target
/M Changes ACLs of volumes mounted to a directory
/S Displays the SDDL string for the DACL.
/S:SDDL Replaces the ACLs with those specified in the SDDL string
(not valid with /E, /G, /R, /P, or /D).
/E Edit ACL instead of replacing it.
/C Continue on access denied errors.
/G user:perm Grant specified user access rights.
Perm can be: R Read
W Write
C Change (write)
F Full control
/R user Revoke specified user's access rights (only valid with /E).
/P user:perm Replace specified user's access rights.
Perm can be: N None
R Read
W Write
C Change (write)
F Full control
/D user Deny specified user access.
Wildcards can be used to specify more than one file in a command.
You can specify more than one user in a command.

Abbreviations:
CI - Container Inherit.
The ACE will be inherited by directories.
OI - Object Inherit.
The ACE will be inherited by files.
IO - Inherit Only.
The ACE does not apply to the current file/directory.
ID - Inherited.
The ACE was inherited from the parent directory's ACL.

5 comments:

lala said...

Thanks for your post and welcome to check: here
.

Anonymous said...

Thanks. But you have to go to your start menu, and where the search bar is you put "takeown /R /f C:\An Example" without the quotes of course! (I did this on Windows 7)

Orv said...

Thanks for this post! It really helped me out,.

Anonymous said...

you are my saviour! thanks! :)

AL said...

This helped me so many times. Thank you!