If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Acces My Folders
Struggling on a Win 7 PRO new laptop.
I need to get into all of my folders but the permissions is not letting me. I tried to change permissions but even though they are "Allow" they are grayed out and I cannot figure out how to fix this mess. I googled several procedures to change permissions but none of them worked. Is there some tool (free) that will allow me to automatically set all folders as I want. I am Admin and I am even Super Admin but that has not helped. |
Ads |
#2
|
|||
|
|||
Acces My Folders
Admin wrote:
Struggling on a Win 7 PRO new laptop. I need to get into all of my folders but the permissions is not letting me. I tried to change permissions but even though they are "Allow" they are grayed out and I cannot figure out how to fix this mess. I googled several procedures to change permissions but none of them worked. Is there some tool (free) that will allow me to automatically set all folders as I want. I am Admin and I am even Super Admin but that has not helped. From a previous post... ******* All about Takeown ******* You can solve some problems with Takeown. This shows Takeown usage in a script. To show the commands used. http://blogs.msdn.com/b/tims/archive...deletable.aspx Takeown added to right-click context menu. These are .reg files that you right-click and select "merge". The first installs Takeown, the second removes it if you don't want it. http://www.eightforums.com/tutorials...ndows-8-a.html http://www.eightforums.com/attachmen...ntext_menu.reg http://www.eightforums.com/attachmen...ntext_menu.reg ******* End - All about Takeown ******* *Do not* apply that to the entire C: drive. Using Takeown is mainly for user data drives you bring over from another computer. The "icacls" program can be used to record all the permissions on a partition. But using the information later isn't all that convenient. icacls c:\ /save "C:\Users\username\Downloads\ntfsCdrive.txt" /t /c K:\icacls_errors.txt That records all the permissions of the C: drive to the file "ntfsCdrive.txt". Since the icacls command may find folders with "Access Denied", you can record all the error output into a separate K:\icacls_errors.txt file. HTH, Paul |
#3
|
|||
|
|||
Acces My Folders
| Is there some tool (free) that will allow me to automatically set all
| folders as I want. http://www.jsware.net/jsware/nt6fix.php5#restfix It's a very simple, basic program. You drop a folder or file onto the window, choose whether to remove restrictions recursively, and click a button. Once freed for admins, folders/files can also be freed for non-admins. The code used in that utility, as well as an explanation of how it all works, is he http://www.jsware.net/jsware/vbcode.php5#perms2 If you're wary of 3rd-party software you can follow Paul's instructions. The basic situation is that MS makes it awkward deliberately, so that only sys-admins are likely to ever figure it out. Security through obscurity. You don't have permission as admin (which is no longer admin in the first place but is rather what used to be called "power user") to access your own files, but you do have the bizarre option of "taking ownership" of those files. Once you have ownership you can remove restrictions, including for yourself. (I can only imagine the laughter there must have been in the meetings where they cooked that one up. Sys-admins don't mind that they have to use convoluted, command-line nonsense like cacls and takeown. The abstruseness and tedium of such tools is what provides them with a job. |
#4
|
|||
|
|||
Acces My Folders
Tried you app NT Restriction Fix on
C:\Users\Administrator\SendTo User name is Administrator. Logged on as administrator, super user too. Inlcude subfolders checked. tried as Administrator and tried as All Users. Says Folders Processed 1 Clicking on that folder gives: Access Denied. Now, the folder seems to be a shortcut based on the icon with arrow. I guess that matters?? Got to find the real folder? Where? What did I do wrong? BTW, you and Paul and only one or two others I fully trust. |
#5
|
|||
|
|||
Acces My Folders
Admin wrote:
Tried you app NT Restriction Fix on C:\Users\Administrator\SendTo User name is Administrator. Logged on as administrator, super user too. Inlcude subfolders checked. tried as Administrator and tried as All Users. Says Folders Processed 1 Clicking on that folder gives: Access Denied. Now, the folder seems to be a shortcut based on the icon with arrow. I guess that matters?? Got to find the real folder? Where? What did I do wrong? BTW, you and Paul and only one or two others I fully trust. I happen to have run off a filelist on my Win8 machine a few minutes ago. And have it over here on the typing machine. This will have to do for "guessing" purposes. \Users\username\SendTo \Users\username\AppData\Roaming\Microsoft\Windows\ SendTo \Users\username\AppData\Roaming\Microsoft\Windows\ SendTo\Fax Recipient.lnk \Users\username\AppData\Roaming\Microsoft\Windows\ SendTo\Mail Recipient.MAPIMail \Users\username\AppData\Roaming\Microsoft\Windows\ SendTo\Compressed (zipped) Folder.ZFSendToTarget \Users\username\AppData\Roaming\Microsoft\Windows\ SendTo\Desktop (create shortcut).DeskLink \Users\username\AppData\Roaming\Microsoft\Windows\ SendTo\Desktop.ini My guess would be, the first one is a junction point. The other six references are the "real" item. \Users\username\SendTo -- \Users\username\AppData\Roaming\Microsoft\Windows\ SendTo https://en.wikipedia.org/wiki/Junction_point "An NTFS junction point is a symbolic link to a directory that acts as an alias of that directory." I don't have a real good handle on what a junction point is, so can't say more than that. Does it support file properties ? Or do the file properties actually belong to the *target* of the junction point. In a previous experiment, I got 62 "access denied" errors, and it's possible those were all junction points on C: . These junction points seem pretty pesky. If you use a naive tool on them, the tool goes into a CD loop, and keeps adding the name to the path like this. \Users\username\SendTo\SendTo\SendTo\... until path too long When you enable the super-administrator account, while I haven't checked that out in detail, it's my suspicion all that does is create (instantiate) C:\Users\Administrator. I don't really think it turns you into superman or anything. You can use these commands, in a command prompt window, to "learn about your superpowers". The whoami command is not available on every OS version, so YMMV. You can test this as ordinary user, elevated command prompt window, or while logged in as superman. And compare the "privs". whoami /priv /user whoami /all To deal with every possible "permission" on the machine, requires impersonation. Why they put us through this, I'll never know. I'm not convinced it is all that significant a feature from a security point of view. I bet machines still get infected. HTH, Paul |
#6
|
|||
|
|||
Acces My Folders
| tried as Administrator and tried as All Users.
| | Says Folders Processed 1 | | Clicking on that folder gives: Access Denied. A couple of things: As Paul noted, those aren't real folders. I've never been entirely clear about it. My assumption was that they're links for file virtualization, to prevent problems with older software that may be seeking hard- coded paths. The whole thing doesn't seem to make much sense. And despite being links the property page doesn't show a target. Also, if they're links then why doesn't clicking them lead to the real folder? If they're only for badly designed software then why are they visible. I don't get it. It all makes my head hurt. Second, you can free items for all users if you want to, but generally you have to do it for all admins first, then go through the process again, separately, for all users. It seems to be similar to the ownership thing: You can't give yourself permission, but you can take ownership and then give yourself permission as the owner. That permission seems to be required in order to give all users permission. It makes no sense, but there it is. I'm not sure I've ever run as Administrator. I guess maybe I'd set that account up as my normal login if I were using Win7 fulltime. But it creates a hassle: Once there's more than one user one can't just boot it and walk away. In any case, my impression is that Administrator is the single, real administrator. It should have free rein. But I've never tested it. I haven't found anything I can't free for all admins. I've even freed winsxs to test the possibility of getting rid of it. (Not much luck. All the drives disappeared from Explorer. And everything *seems* to be freeable for all users in the 2-step method described, but I haven't fully tested that. I wouldn't log on as non-admin, anyway, so there aren't many scenarios where all users would need freedom. Maybe something like software used by a child that won't work properly without having rights to the program folder? I can't think of many other possible cases. | | Now, the folder seems to be a shortcut based on the icon with arrow. | I guess that matters?? Got to find the real folder? Where? | I *think*, as noted above, that those are shortcuts for compatibility. XP has Application Data. I'm not sure offhand how it works in Win7. Something like Users/ AppData/Roaming, maybe? You should be able to test it out by just dropping a shortcut to, say, a folder into one of the SendTo folders in that mess. When one of them shows up in right-click you've found it. | BTW, you and Paul and only one or two others I fully trust. Thank you. That's good to know. There are people here who won't talk to me because I don't format my posts the way they like. There are others who seem to think there's supposed to be a pecking order. (I suspect the two groups overlap somewhat.) On top of that I tend to be a bit verbose. So I sometimes wonder if anyone is reading. Then I just figure that either way, it goes to the public record and might be helpful to someone at some point. But it's nice to know someone finds something useful. I know what you mean about Paul. Anyone with such passion for understanding is very unlikely to have ulterior motives or make many mistakes. Such people are self-policing. |
#7
|
|||
|
|||
Acces My Folders
| When you enable the super-administrator account, while
| I haven't checked that out in detail, it's my suspicion | all that does is create (instantiate) C:\Users\Administrator. | I don't really think it turns you into superman or anything. It's *supposed* to be the one and only *real* admin account. All other admins are what used to be called "power users". Administrator is hidden and can't be renamed, but if one unhides it, it should be just like running on earlier Windows. On the other hand, what does that mean? On Win9x one has full freedom. On XP one has to gut System File Protection by uninstalling PC Health in order to get full freedom. (Among the first things I always do.) Win7 has something similar -- Windows File Protection. So I'm not sure. I've never tested how much of a real admin the real admin is. I generally don't even run on NTFS when I don't need to. It's just too much hassle. |
#8
|
|||
|
|||
Acces My Folders
Paul's suggestion just worked on everything I tried it on.
There might be some info there for you to help your app with removing permission. If I knew how to capture the cmd window that pops up briefly during the "Takedown" I would post that. The .reg file looks like this, but Paul's post shows where to get it: Windows Registry Editor Version 5.00 ; Created by: Shawn Brink ; http://www.eightforums.com ; Tutorial: http://www.eightforums.com/tutorials...ndows-8-a.html [-HKEY_CLASSES_ROOT\*\shell\runas] [HKEY_CLASSES_ROOT\*\shell\runas] @="Take Ownership" "HasLUAShield"="" "NoWorkingDirectory"="" Position="middle" [HKEY_CLASSES_ROOT\*\shell\runas\command] @="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F /c /l" "IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F /c /l" [-HKEY_CLASSES_ROOT\Directory\shell\runas] [HKEY_CLASSES_ROOT\Directory\shell\runas] @="Take Ownership" "HasLUAShield"="" "NoWorkingDirectory"="" Position="middle" [HKEY_CLASSES_ROOT\Directory\shell\runas\command] @="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t /c /l /q" "IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t /c /l /q" [-HKEY_CLASSES_ROOT\dllfile\shell\runas] [HKEY_CLASSES_ROOT\dllfile\shell\runas] @="Take Ownership" "HasLUAShield"="" "NoWorkingDirectory"="" Position="middle" [HKEY_CLASSES_ROOT\dllfile\shell\runas\command] @="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F /c /l" "IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F /c /l" [-HKEY_CLASSES_ROOT\Drive\shell\runas] [HKEY_CLASSES_ROOT\Drive\shell\runas] @="Take Ownership" "HasLUAShield"="" "NoWorkingDirectory"="" Position="middle" [HKEY_CLASSES_ROOT\Drive\shell\runas\command] @="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t /c /l /q" "IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t /c /l /q" [-HKEY_CLASSES_ROOT\exefile\shell\runas] [HKEY_CLASSES_ROOT\exefile\shell\runas] "HasLUAShield"="" [HKEY_CLASSES_ROOT\exefile\shell\runas\command] @="\"%1\" %*" "IsolatedCommand"="\"%1\" %*" |
#9
|
|||
|
|||
Acces My Folders
| Paul's suggestion just worked on everything I tried it on.
| There might be some info there for you to help your app with removing | permission. | If I knew how to capture the cmd window that pops up briefly during the | "Takedown" I would post that. | That's fine if it works for you. I wrote my utility to avoid all of that. I can just drop a folder and clean it all up. Drop Program Files and de-restrict the whole lot if I want to. Either way, both methods are essentially the same: Take ownership and then use that to give oneself access permission. I suppose it might be possible to programmatically change permissions on those fake shortcut folders, but it doesn't seem to serve a purpose. They're not relevant: http://www.svrops.com/svrops/articles/jpoints.htm It might be a good idea to make Restriction Fix show an error on those folders, in order to avoid confusion. I guess I hadn't really thought about it. They have clear shortcut icons to indicate that they're not real folders. Also, the case of freeing the Administrator's personal folders is theoretical. They're already unrestricted. That's the whole point of user folders. They're the one place where software can depend on being able to write files. I don't know whether you've succeeded in making Admin's personal files available to all other users, but I wonder why you would want to do that. |
#10
|
|||
|
|||
Acces My Folders
That's fine if it works for you. I wrote my
utility to avoid all of that. I can just drop a folder and clean it all up. Drop Program Files and de-restrict the whole lot if I want to. Either way, both methods are essentially the same: Take ownership and then use that to give oneself access permission. I see that advantage. I suppose it might be possible to programmatically change permissions on those fake shortcut folders, but it doesn't seem to serve a purpose. They're not relevant: http://www.svrops.com/svrops/articles/jpoints.htm It might be a good idea to make Restriction Fix show an error on those folders, in order to avoid confusion. I guess I hadn't really thought about it. They have clear shortcut icons to indicate that they're not real folders. Yes, less confusing. Or maybe give path to real folder. Also, the case of freeing the Administrator's personal folders is theoretical. They're already unrestricted. That's the whole point of user folders. They're the one place where software can depend on being able to write files. I don't know whether you've succeeded in making Admin's personal files available to all other users, but I wonder why you would want to do that. I am ALL users. A personal PC I like to fiddle with. Have not blue screened it yet. -- -- No signature --- news://freenews.netfront.net/ - complaints: --- |
#11
|
|||
|
|||
Acces My Folders
| I am ALL users. A personal PC I like to fiddle with.
| Have not blue screened it yet. | That's impressive with Win7. If I might make a suggestion, give yourself control over winsxs and then delete it. But make sure you have time to reinstall. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|