36

Every so often I run into a file that I need to take ownership of. I normally use cacls for changing ntfs permissions, but it doesn't seem to do ownership. Under *nix I would run something like chown me:me <file>. Is there a windows equivalent to chown?

Joe
  • 1,535
  • 1
  • 10
  • 15
  • too bad setACL isn't working with the script above. errormessages on Win XP, 7 and 8 and you need to be a proffesor to find what's wrong with it –  May 31 '13 at 12:40

10 Answers10

28

You're looking for "TAKEOWN.EXE", which was first in Windows Server 2003 as a standard component, and I believe a resource-kit item prior. It is available on Windows 7, and perhaps newer systems.

takeown /f <some-file-or-folder> /r

/r performs the operation recursively on all children of the specified folder. Unlike subinacl, you must log in as the user you are trying to take ownership with; or, you can simply assign ownership to the "Administrators" group.

Here's a copy of its documentation, as preserved on SS64:

Syntax TAKEOWN [/s Computer [/u [Domain]UserName [/p [Password]]]] /f FileName [/a] [/r [/d {Y|N}]]

Key /s Computer The name or IP address of a remote computer (do not use backslashes). default = local computer. This parameter applies to all of the files and folders specified in the command.

/u [Domain]UserName Run the script with the permissions of the specified user account. default = system permissions.

/p [Password] The password of the user account that is specified in the /u parameter.

/f FileName The file name, UNC path or directory name pattern. Accepts the wildcard character *

/a Give ownership to the Administrators group instead of the current user.

/r Perform a recursive operation on all files in the specified directory and subdirectories.

/d {Y | N} Suppress the confirmation prompt that is displayed when the current user does not have the "List Folder" permission on a specified directory, and instead use a default value: Y: Take ownership of the directory. N: Skip the directory. Note that you must use this option in conjunction with the /r option. If the /a parameter is not specified, file ownership is given to the user who is currently logged on to the computer.

Mixed patterns using (? and *) are not supported by the takeown command.

After changing the owner for a file/folder, you can then assign full permissions to the files and subsequently read or delete them.

jpaugh
  • 231
  • 5
  • 15
Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
25

subinacl is a Windows sysadmin's power tool for doing everything to do with ownership and ACLs. You can change the ownership to anyone other than just you (you can't do this with the GUI).

subinacl /file test.txt /setowner=domain\foo

This lets you set the permission to any user you like, without having to be an administrator (as I believe takeown.exe requires).

crb
  • 7,928
  • 37
  • 53
  • Not valid for ***windows xp*** Can I download SUBINACL.exe (Windows 2003 Resource kit) and use it in Windows XP ? – Kiquenet Feb 23 '17 at 19:28
  • Sure you can! That's probably where I got it from. Try [here](https://www.microsoft.com/en-us/download/details.aspx?id=23510). – crb Feb 24 '17 at 21:18
19

Take ownership and full rights of folder and everything inside:

takeown /F somedir /A /R
icacls somedir /grant:r User:F /T

Make sure to start the Command Prompt as Administrator!

I had to start a Command Prompt as Administrator, it worked for me in Windows 8.1. With Windows 8.1 awkwardness, I had to search for "command", right click on the Command Prompt icon. For me in order to see the "Run as Administrator" option. I had a Command Prompt pinned to my Taskbar, but right clicking on it would not show the "run as Administrator" option.

In Windows 10, "Run as Administrator" should be available to you as a right click option.

Takeown Syntax:

takeown [/s <Computer> [/u [<Domain>\]<User name> [/p [<Password>]]]] /f <File name> [/a] [/r [/d {Y|N}]]

takeown Reference.

Icacls Syntax:

icacls <FileName>[/GRANT [: r] <Sid>: <Perm> [...]] [/ Denegar <Sid>: <Perm> [...]] [/Remove [:g|:d]] <Sid> [...]] [/ t] [/ c] [/ l] [/ q] [/ setintegritylevel <Level>: <Policy> [...]]Icacls <Directory>[/ sustituir <SidOld><SidNew>[...]] [/ restore <ACLfile>[/ c] [/ l] [/q]]

icacls Reference.

chipiik
  • 291
  • 2
  • 2
  • 1
    Be aware that icacls chokes on long path names. The error message "file not found" is a bit misleading, worse icalcs aborts processing the rest of the tree with no message. You can use the trick of creating a SUBST volume deeper in the tree to work around this sometimes. Takeown.exe does tolerate long names. – Andrew Dennison Nov 01 '16 at 19:45
  • Not valid for ***Windows XP*** – Kiquenet Feb 23 '17 at 19:25
9

I know this is a really old post, but there is a way built into Windows 7 and newer (may be in Windows Vista, but I am not sure). Run the following from an escalated command prompt in the folder that you want reset. /t tells icacls to perform the operation recursively.

icacls .\* /setowner %UserDomain%\%UserName% /t
icacls .\* /reset /t

The first command resets the owner to who ever is logged on via the environment variables. Of course, a specific name can be used instead.

The second command then forces the permissions to be reinherited down the tree to all of the child folders and files.

Hope this helps someone in the future.

Jim
  • 191
  • 1
  • 2
6

You might want to take a look at SetACL, the swiss army knife of permission management. Here is an example of how to assign ownership of all files on drive C: to "Administrators" and remove protection of inheritance from all child objects in one go:

SetACL.exe -on "C:\\" -ot file -actn setprot
           -op "dacl:np;sacl:nc"
           -rec cont_obj
           -actn setowner -ownr "n:S-1-5-32-544;s:y"

You can also add -silent.

kungfooman
  • 103
  • 3
Helge Klein
  • 2,031
  • 1
  • 15
  • 22
3

In Windows Server 2003 R2 (and later) you can take advantage of the built-in tool icacls.exe to change ownership from the command line, as well as all of the traditional cacls.exe manipulations upon which it expands...

Note that icacls.exe defaults to "edit" mode, while cacls.exe defaults to "replace" mode--a welcome change to those of us bitten (more than once) by that little nuance of cacls!

jnaab
  • 965
  • 6
  • 11
  • icacls is nice because it is included in recent versions of windows and allows assigning ownership to any user. – David Aug 27 '14 at 17:03
3

For Windows 2003, 2008 or Vista or 7 use Takeown.

For Windows 2000 use Fileowners.pl.

Roatin Marth
  • 103
  • 3
Dave Drager
  • 8,315
  • 28
  • 45
1

Another alternative is fileacl It is small and can set/unset "inherit/don't inherit" flag on the object, unlike most windows utils.

Skelewir
  • 11
  • 1
0

I've found a solution using Windows Tools: cacls

cacls <file or directory> /E /T /G <user>:F
chepseskaf
  • 143
  • 1
  • 6
0
  1. open command prompt as admin user and change to problematic directory
  2. take ownership of all files there ... example: takeown /f *.jpg
  3. grant access rights to users of your choice ... example: icacls *.jpg /grant "Everyone":F (note that in non-english Windows "Everyone" might not exist, e.g. in german Windows it only works with "Jeder" - real bummer that Windows translates command options!)
Jörg
  • 103
  • 1
  • 5