Helping people with computers... one answer at a time.
When transferring NTFS formatted disks from one machine to another, permissions can restrict access. I'll cover both Widows and Command Line solutions.
In one of your articles on recovering files after a hard disk crash you stated: "Another alternative is to take the old drive and place it into an external USB enclosure, ..."
I've done that - even though all my old files are on the HD, I can't access them due to Windows 7 file permissions. Is there a simplistic command I can execute to change all file permissions on the ext hard drive so I can finally access them? Thanks in advance for your time and response.
Yes, there are a couple of approaches. I'll touch briefly on the Windows GUI approach, but then I'll show you how I really do it, using the Windows Command Prompt.
Windows 7 has (apparently) tightened up some of the file-level security so that frequently when sharing hard drives and removable media across machines this scenario comes up more often than just when recovering files from a damaged hard drive.
The "Windows Way" is to open up Windows Explorer, locate and the right click on the folder containing the files you want to access, and click on properties. That'll take you to the properties dialog:
(In the example above I right clicked on a folder called "drivers" to get this dialog.)
If you're having problems, it's not uncommon to find odd entries in the "Groups or user names" field. Those are typically the id numbers of users or groups from the machine on which the drive was originally installed on. It's those users or groups that have permission, not you. That's often where recovery efforts are stymied.
So we'll open up permissions.
Click the Edit button - note that it has the shield icon indicating that Administrative access is required - you must be administrator and depending on your UAC settings you may be prompted after clicking.
On the next dialog press "Add", and you'll be presented with something like this:
In this example, I'm taking the sledgehammer approach and have typed in "Everyone" - click Check Names and it'll become underlined indicating that it's valid.
I choose "Everyone" in these examples because, in my case, I control who has access to my machines and my network. Particularly in data recovery operations, it's also simpler to just make everything accessible to, literally, everyone. In this case "Everyone" is every account that can login to my machine, including all users and if enabled, the Guest account. In a mixed environment where you have less control over the accounts that might be attempting to access your machine you might consider selecting a different account or group such as Administrators to get permissions.
Click OK and you'll be returned to the Permissions dialog. Click on "Everyone", and then click on the "Full Control" checkbox below:
Click on OK. If it asks if permissions should be assigned to all files and subfolders, say yes.
You should now be able to access the files.
Now, that's not what I do.
I'm a command-line kinda guy, and thus I use the Windows Command Prompt.
The first step is to get one with Administrative privileges. Typically, that means you can right click on the icon and click on Run as administrator. If the icon is in your Windows 7 Taskbar, right click on it, then right click on the Command Prompt in the popup many that appears to get the option:
Now you have a Windows Command Prompt with full administrative access.
"CD" to the location of the folder who's contents you want to access. In my example, case that's (keystrokes shown in blue):
There are two commands that are extremely useful in this scenario; often either one alone is sufficient, but both pretty much guarantee access:
The "takeown" command shown above takes ownership of the named folder, or in this case "/F *" means all files and folders in the current folder. Ownership is assigned to the account you are currently logged in as.
"/R" means to also recurse into any folders and keep assigning ownership to everything found in any and all subfolders. You'll see a long list of "SUCCESS" messages as ownership is reassigned.
"takeown /?" will display a full list of options.
The other approach is to use a more complicated program called "icacls". Icacls is a command line utility for managing access control lists - i.e. file access permissions. It has plethora of options that are fairly confusing.
Here's what I use:
Once again "*" means all the files and folders in the current folder, "/grant" means we're granting permissions, ":r" means we're replacing any existing permissions, "everyone" means that everyone gets the permission we're about to grant, ":f" indicates that we're granting full control, and finally "/t" means to perform the operation on all subfolders as well.
"icacls" without any arguments at all will print the lengthy list of things you can do with it.
ICacls should be used with caution. It's very easy to accidentally remove or assign permissions that boil down to no permission at all. If you do that to the wrong files or folders you could cause some serious problems.
Caveat: I'll reiterate that I've used "Everyone" in the examples throughout this article because nine times out of ten it really is a fine thing to do - quick and easy access to files that you're attempting to access from some kind of media that's been transferred from another machine. However, depending on your situation you may want to choose another account or group if you have other login accounts on your machine, or other machines on your local network that might gain access via networked shares.
And a final note: everything here applies to drives that are formatted with the NTFS file system. This level of permission and ownership does not exist on drives formatted as FAT and thus none of this applies. (FAT file systems are the equivalent of "everyone has full access" by default.) But then you also shouldn't have had any problems accessing the files in the first place.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.