Helping people with computers... one answer at a time.

When transferring NTFS formatted disks from one machine to another, permissions can restrict access. I'll cover both Widows and Command Line solutions.

In one of your articles on recovering files after a hard disk crash you stated: "Another alternative is to take the old drive and place it into an external USB enclosure, ..."

I've done that - even though all my old files are on the HD, I can't access them due to Windows 7 file permissions. Is there a simplistic command I can execute to change all file permissions on the ext hard drive so I can finally access them? Thanks in advance for your time and response.

Yes, there are a couple of approaches. I'll touch briefly on the Windows GUI approach, but then I'll show you how I really do it, using the Windows Command Prompt.

Windows 7 has (apparently) tightened up some of the file-level security so that frequently when sharing hard drives and removable media across machines this scenario comes up more often than just when recovering files from a damaged hard drive.

The "Windows Way" is to open up Windows Explorer, locate and the right click on the folder containing the files you want to access, and click on properties. That'll take you to the properties dialog:

Folder Security Properties

(In the example above I right clicked on a folder called "drivers" to get this dialog.)

If you're having problems, it's not uncommon to find odd entries in the "Groups or user names" field. Those are typically the id numbers of users or groups from the machine on which the drive was originally installed on. It's those users or groups that have permission, not you. That's often where recovery efforts are stymied.

So we'll open up permissions.

Click the Edit button - note that it has the shield icon indicating that Administrative access is required - you must be administrator and depending on your UAC settings you may be prompted after clicking.

On the next dialog press "Add", and you'll be presented with something like this:

Select Users or Groups dialog for file permissions

In this example, I'm taking the sledgehammer approach and have typed in "Everyone" - click Check Names and it'll become underlined indicating that it's valid.

I choose "Everyone" in these examples because, in my case, I control who has access to my machines and my network. Particularly in data recovery operations, it's also simpler to just make everything accessible to, literally, everyone. In this case "Everyone" is every account that can login to my machine, including all users and if enabled, the Guest account. In a mixed environment where you have less control over the accounts that might be attempting to access your machine you might consider selecting a different account or group such as Administrators to get permissions.

Click OK and you'll be returned to the Permissions dialog. Click on "Everyone", and then click on the "Full Control" checkbox below:

Giving Everyone Full Control on a folder

Click on OK. If it asks if permissions should be assigned to all files and subfolders, say yes.

You should now be able to access the files.

Now, that's not what I do.

I'm a command-line kinda guy, and thus I use the Windows Command Prompt.

The first step is to get one with Administrative privileges. Typically, that means you can right click on the icon and click on Run as administrator. If the icon is in your Windows 7 Taskbar, right click on it, then right click on the Command Prompt in the popup many that appears to get the option:

Windows 7 Taskbar, two step process to run as admin

Now you have a Windows Command Prompt with full administrative access.

"CD" to the location of the folder who's contents you want to access. In my example, case that's (keystrokes shown in blue):

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>cd /d c:\dell

c:\dell>

There are two commands that are extremely useful in this scenario; often either one alone is sufficient, but both pretty much guarantee access:

c:\dell>takeown /F * /R

SUCCESS: The file (or folder): "c:\dell\drivers" now owned by user "NOTENXPS\LeoN".

...

The "takeown" command shown above takes ownership of the named folder, or in this case "/F *" means all files and folders in the current folder. Ownership is assigned to the account you are currently logged in as.

"/R" means to also recurse into any folders and keep assigning ownership to everything found in any and all subfolders. You'll see a long list of "SUCCESS" messages as ownership is reassigned.

"takeown /?" will display a full list of options.

The other approach is to use a more complicated program called "icacls". Icacls is a command line utility for managing access control lists - i.e. file access permissions. It has plethora of options that are fairly confusing.

Here's what I use:

c:\dell>icacls * /grant:r everyone:f /t
processed file: drivers
...
Successfully processed 66 files; Failed processing 0 files

Once again "*" means all the files and folders in the current folder, "/grant" means we're granting permissions, ":r" means we're replacing any existing permissions, "everyone" means that everyone gets the permission we're about to grant, ":f" indicates that we're granting full control, and finally "/t" means to perform the operation on all subfolders as well.

"icacls" without any arguments at all will print the lengthy list of things you can do with it.

ICacls should be used with caution. It's very easy to accidentally remove or assign permissions that boil down to no permission at all. If you do that to the wrong files or folders you could cause some serious problems.

Caveat: I'll reiterate that I've used "Everyone" in the examples throughout this article because nine times out of ten it really is a fine thing to do - quick and easy access to files that you're attempting to access from some kind of media that's been transferred from another machine. However, depending on your situation you may want to choose another account or group if you have other login accounts on your machine, or other machines on your local network that might gain access via networked shares.

And a final note: everything here applies to drives that are formatted with the NTFS file system. This level of permission and ownership does not exist on drives formatted as FAT and thus none of this applies. (FAT file systems are the equivalent of "everyone has full access" by default.) But then you also shouldn't have had any problems accessing the files in the first place. Smile

Article C4262 - April 7, 2010 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

33 Comments
Marty
April 8, 2010 7:46 AM

Nuqel.E sneaked into my system win7.
I cannot get rid of it. PC Tools doesn't help. It
seems like it has to be loaded first. Cannot do that.
I thank you in advance.

Marty

Dell
April 13, 2010 8:30 AM

Leo, do you have a similar process for XP Home platform?

I've never been able to resolve my HPFUD50.dll file issue, and therefore can't update. If I could delete that file, I could update my machine.

Best,
Dell

Carlos Malferrari
April 13, 2010 8:56 AM

I found a .REG file that creates a shell command to automatically grant full rights to a file or folder. See below. It's been very useful and, I hope, not dangerous.

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\*\shell\runas]
@="Grant Admin Full Control"
"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\*\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"

[HKEY_CLASSES_ROOT\exefile\shell\runas2]
@="Grant Admin Full Control"
"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\exefile\shell\runas2\command]
@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"

[HKEY_CLASSES_ROOT\Directory\shell\runas]
@="Grant Admin Full Control"
"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\Directory\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"

Jim de Graff
April 13, 2010 9:14 AM

cacls * /e /g everyone:f

/e says to edit the existing permissions instead of replacing them (less likely to cause problems)

/g grants permissions

everyone:f grants full access to everyone

cacls has been deprecated in Windows 7

Gigi Duru
April 13, 2010 9:27 AM

Actually the easiest solution is to just ditch the source of the problem - Windows.
Leave the hard disk in the pc and boot from a Linux live-cd - in there you can access all your files without the fear of infecting another pc.

Lalit
April 13, 2010 10:44 AM

My office computer has an admin control. The power option has been set for 'turn off in 20 mins' if I tried to change to 'never' but it says access is denied. It is win XP. All settings are denied. How can I stop shutting off every 20 mins. Thanks

Michael
April 13, 2010 8:28 PM

I am the only user of my computer. I have Win XP Home w/SP3. I would like to be able to do a "whole sale" edit of the reqistry to grant full access to everything in the reqistry rather than having to change one entry at a time when I try to modify or delete a key. One good area where this is a nuisance is in the area of the registry that deals with "Legacy" keys. Thanks.

Dennis
April 14, 2010 7:33 AM

Thanks for the great article, now I have a couple other ways to get access to files on drives from other computers, while backing up or restoring folders and files.

What I would like to know is why sometimes I have access to the shared drives and sometimes I do not. I have experienced the access denied using an XP machine and trying to access both XP and Vista disk from other machines attached via a SATA/IDE to USB adapter. Sometimes the XP machine adds the Admin account to the disk without any action taken by me, sometimes I have to take ownership and add the account to the folder I need to get access. Makes no sense?

Ashley
April 22, 2010 2:46 PM

OMG i love you this has just saved about 4 yrs of my stuff, i could not be more thankful, i wish i could had found this sooner.

Just me
July 7, 2010 11:41 AM

the main options I recommend is whenever a system requires a reformat and a backup of user files is to either
a> first put the files in question on a FAT32 volume / partition / disk
- file ownership & permissions don't follow files to anything that's formatted with FAT32
or
b> restore said file(s) from the backup to a FAT32 volume / partition / disk
same thing applies the backup program will usually restore the files and the file ownership / permissions lockout info will not follow the file and you will have full access to the file(s)
or
c> archive the files on CD/DVD which is
CDFS for Data CD's or UDF for Data DVDs
neither format supports the NTFS permissions, which is where the problem happens to be.

Yaru
February 1, 2011 1:36 PM

I have the same problem as the article, but the thing is after I've unlocked the folder, the files inside are still locked. In order to unlock it, I have to repeat the same process but on each individual file before I get to use.

Thing is, one of these locked folders have ALOT of files, so unlocking them one by one is a bit impractical. Are there ways to do this faster or multiple files folders at a time? I am using Windows 7 64 Bit Home

The command line examples operate on all files and subfolders in the current folder.
Leo
01-Feb-2011

Larry
August 16, 2011 11:13 AM

Thanks for the artical. On A win 7 64 bit system you have to take control of the folder and all the sublets folders. Make sure you have the right person to do it. There are several persons it the ownership window. Make sure you pick the right owner when you take ownership. Hope this helps.

N-Ray
August 24, 2011 11:50 AM

Leo,
Thanks a million! Had tried everything - even Microsoft Help, which, of course, used the "See your Administrator" fudge when it got down to the nitty-gritty of giving a helpful answer. Why MS can't give the instructions like you did is beyond me.
Thanks Again, N-Ray

Dawn
August 31, 2011 1:26 PM

Thank you so much for the helpful information! The command prompt solution was so useful and finally unlocked my files and relieved me of so much stress. Thank you Leo.

Johnny
September 21, 2011 7:25 AM

I just wanted to say thank you for such a helpful and easy to understand guide.
I put the HDD from my dead desktop into an enclosure but couldn't access the files - but now I can!

Phil Squire
October 10, 2011 1:58 PM

Leo
Many thanks for this. I went the "windows" route and it worked for me. I had been searching for a solution to this problem for over three hours, literally! Many thanks, again.
Phil

Zinc
November 14, 2011 8:28 AM

None of this works on W7 with a FAT32 drive, I wish I could find a similar article about that. "takeown" just gets me "ERROR: File ownership cannot be applied on insecure file systems; there is no support for ACLs." and attempting to delete a file on the drive gives me "You require permission from Everyone to make changes to this file." It's a write protect problem of some kind, and all I've found so far is a registry policy setting for write protect on StorageDevicePolicies that also didn't fix the problem.
I've been searching through all kinds of forums and articles with no success so far...

Takeown doesn't apply at all on FAT drives - there's no real concept of ownership. Same for access permissions - FAT is limited to read-only or not. I'd a) make sure you were running as administrator (run a command prompt as administrator), and if that doesn't work either try booting into safe mode, or booting into a differnet OS such as from a Linux live CD of some sort.

Leo
14-Nov-2011
Sean T.
December 20, 2011 2:40 AM

I did the command prompt path and it said success on taking ownership of the files, but I still can't view them or move the folder over to my other hard drive. It still says that I don't have the permissions.

Sean
March 8, 2012 6:28 AM

Hi man

Thanks you're a life saver.

One last question - most of the folders still have padlocks on them, and although I can access them, I have to manually change the permissions to move them.

Any way of bulk changing that?

Many thanks

seun osinuga
March 25, 2012 8:50 AM

Hello everyone, i discovered another simple and alternative way of getting your file permission and control. All i did was to select all the files (not the folder),
*clicked on Share with(this can be found on the property bar)
*clicked specific people,
*in the file sharing interface, i typed everyone, clicked add, also changed permission level to read/write
*finally clicked share.

Corey
April 2, 2012 8:58 PM

How do I make it ask me to add settings for all containing files/folders if it is not asking me?

Notkrap
May 6, 2012 10:21 AM

Worked like charm! I have 3 desktops networked and could only access Public files from each, this did the trick!

radiopipes
August 30, 2012 10:40 AM

Thanks so much! This issue was driving me crazy. Had lots of data and files.

Tom K
September 5, 2012 3:42 AM

I am trying to script a solution that would do the equivalent of adding an Everyone group to the security, and then giving full control (clicking all the allow boxes in the everyone permissions). This is exactly what you do in the first part of the article. When, however, I try using some combination of the command line takeown and icacls, it does not quite do the same thing. It adds the Everyone, but does not check any of the permissions in that part of the GUI. Any suggestions what I may be doing wrong?

Dave
December 3, 2012 3:24 PM

I tried this and although the permissions changed to allow all access, I can't copy my old files to my new laptop. I still get the same error message about needing admin permission. My old laptop is XP and my new one is Win 8 but I also tried it on a Win 7 desktop and got the same message.

joe
December 9, 2012 1:15 PM

Thanks.... worked for me...

Brad
December 26, 2012 6:44 AM

I tried this in Windows 8 and had the same issue as Dave in that the permissions (when using the "Windows Way") seemed to work but I could still not access the files. I tried the command shell and it 1) it did not have a "takedown" command. 2) icacls gave me an Access denied error. Some more detail (in case it is relevant): I'm trying to copy files from a harddrive extracted from an old computer. I would like to access: ".../users/myaccount/Local Settings" Local Settings is a link which may be causing additional problems. Can anybody offer insight as to whether this can be done in Windows 8? Thanks.

It's takeown, as in "TAKE OWNership", not takeDown.
Leo
26-Dec-2012

hamza
February 13, 2013 4:03 AM

hello there :)
i used your method but i cant access files still i have photos that are not opening
please help

Arvin
February 16, 2013 1:12 AM

Thanks again Sir this is a complete tutorial be it windows or command prompt, you've helped me again and again, where others can't, you have it complete. God bless.

Helmuth
March 10, 2013 4:41 PM

What can be done when the acces is denied not only in a file, in the local hard drive indeed?

Zach
March 16, 2013 8:30 PM

What if processing a file is failed in the "what you use" approach? I tried all of the approaches listed above, yet one failed still and I have no idea what to do now

Bob
April 18, 2013 6:18 AM

I have a similar issue with a portable 1Tb drive (and increasingly, with high-capacity USB sticks) that I use on both my desktop PC and my laptop. Every time I swap from one to the other, I get the "you don't have permissions" problem.
Do I have to add 'everyone' from EACH machine I intend using a device on, and do I need to do it every time I add files to the device? This seems very time-consuming...

Ranjeet
April 21, 2013 9:40 AM

Thnx a lot dear...
It helped a lot to me ..
u r genius...

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.