3

I have a very strange issue where a domain admin can not see the permissions of a file i.e. has no read permissions. This means I can not use takeown or icacls (even running as administrator) to alter permissions and ownership because access is always denied.

File Permissions

File Permissions

Having looked at google I can not see a way round this issue, any suggestions are very welcome

Greg Askew
  • 34,339
  • 3
  • 52
  • 81
Myles Rowley
  • 31
  • 1
  • 2
  • Well, the obvious answer is: Use a user that has the permissions. – Gerald Schneider Nov 24 '17 at 12:56
  • The user that created the file does not have the permission and nor does the network admin so I appreciate your obvious answer but if it was that simple I would not have asked! – Myles Rowley Nov 24 '17 at 13:01
  • I don't know what you mean by `network admin`. AFAIK there is no group, role or user by that name in Windows or in Active Directory. If you use a user that belongs to the `Administrators` group on the machine where the files reside, you should be able to change owners and permissions. If the machine belongs to an Active Directory domain, every Domain Administrator should be able to do this. – Gerald Schneider Nov 24 '17 at 13:15
  • I used the term network admin but the user in question is a domain administrator and also in the local administrators group on the server – Myles Rowley Nov 24 '17 at 13:25
  • I'm trying to reproduce this state. But even when I disable inheritance on a folder remove all permissions and add specific "deny" permissions for my domain admin user I still can take ownership with the domain admin user. Just out of curiosity, what file system do you have on that drive? Is it local, or is it a network drive? – Gerald Schneider Nov 24 '17 at 13:53
  • It is a local drive using NTFS, I appreciate your assistance – Myles Rowley Nov 24 '17 at 14:01
  • 1
    Sadly I'm out of ideas. For others this happened when a [process has a lock on the folder](https://serverfault.com/questions/32481/how-do-i-take-ownership-of-a-folder-when-access-is-denied-and-the-security-tab-i), or when [third party security software is installed](https://social.technet.microsoft.com/Forums/windows/en-US/4ff54a55-2fab-4ba9-b6b4-6315579640cc/unable-to-change-permissions-or-take-ownership-of-files-or-directories-as-administrator?forum=w7itprosecurity). Even an [fsck seems to have solved this for people](https://superuser.com/questions/79528/file-i-cant-take-ownership-of). – Gerald Schneider Nov 24 '17 at 14:06
  • What does `takeown /f` say? – bjoster Nov 29 '17 at 14:40
  • It gives an access denied error – Myles Rowley Nov 30 '17 at 14:53

2 Answers2

2

so I know this was asked a long time ago, but I had the exact same issue. I found that clearing the open files within compmgmt.msc > Shared Folders > Open Files for the affect folder(s) resolved the issue.

Jake O
  • 21
  • 2
0

In my case it was Sophos Central Server Lockdown that was denying me to take ownership of certain files. I could delete most files in the folder but 4 files refused to let me take ownership until I unlocked the Server in Sophos Central.