How to display/change the owner of a file on Windows 7

14

8

Is there a way to display the owner of folders and files from the command line in Windoews 7 command prompt?

Can you change the owner of a folder or file to some "arbitrary" user which is not your own username?

I have some folders (and files) that are probably left over from an app that I have removed. If I try to view the contents of the folders I am that told I don't have permission to do so, even if I am running as an "Administrator".

I can "Take ownership" (I assume this will be successful but haven't tried it yet) of the folders (files), but if I need to revert the ownership to the previous owner, I need to know the username of the original owner, and I need to be able to "give ownership" to that user.

Is it possible to do this from the Windows command prompt (or if not, from a GUI-Tool)?

Kevin Fegan

Posted 2013-12-21T16:12:32.880

Reputation: 4 077

See here for a solution purely using cmd.exe: Get ownership information from command line by using wmic

– schletti2000 – 2016-07-21T12:10:53.137

Answers

18

You can take ownership from the command line via the takeown command and via the Windows GUI.

You can view the owner of a file/folder by using the DIR with a /q parameter

You can view (and take) ownership via the Windows GUI by right clicking the object in Windows Explorer (file or folder), selecting Properties and then navigating to the Security tab. On the Security tab, click the Advanced button and on the subsequently displayed Advanced Security Settings dialog, navigate to the Owner tab.

Once you have taken ownership of a file/folder, Windows does not track the previous owner, so there is no way to revert back to the previous owner. Also, there is no concept of ownership or file permissions if you are working with a file system type that does not support these extended attributes such as FAT16, FAT32, exFAT, etc.

Art

Posted 2013-12-21T16:12:32.880

Reputation: 1 357

5

You can use wmic to query the ownership information like this:

wmic path Win32_LogicalFileSecuritySetting where Path="C:\\windows\\winsxs" ASSOC /RESULTROLE:Owner /ASSOCCLASS:Win32_LogicalFileOwner /RESULTCLASS:Win32_SID

Don't use dir since the ownership info may be clipped, as with this example directory.

To get an output formatted with DOMAIN\USER you can use the following batch script:

@ECHO OFF
SETLOCAL EnableDelayedExpansion
REM Escpe the backslash with \\
SET ESCAPED=%~f1
SET ESCAPED=!ESCAPED:\=\\!

wmic path Win32_LogicalFileSecuritySetting where Path="!ESCAPED!" ASSOC /RESULTROLE:Owner /ASSOCCLASS:Win32_LogicalFileOwner /RESULTCLASS:Win32_SID > "%temp%\wmi.tmp"

for /F "skip=2 delims=€" %%G in ('type %temp%\wmi.tmp') do (call     :process_wmioutput "%%G")
goto :continue
:process_wmioutput
SET UNDELIMITED=%1
SET DELIMITED=!UNDELIMITED:  =€!
FOR /F "delims=€ tokens=10,12" %%G in ("!DELIMITED!") DO (ECHO %%H\%%G)
exit /B

:continue

schletti2000

Posted 2013-12-21T16:12:32.880

Reputation: 159

3

SubInACL.exe allows you to set the owner. The syntax looks something like:

SubInACL /file filename /setowner=NewOwner

If you don't have it, you can download it from Microsoft.

Of course you have to have the rights to be able to do this.

Itsme2003

Posted 2013-12-21T16:12:32.880

Reputation: 139

2

cacls and icalcs can edit permissions and takeown allows to take ownership. AFAIK they exist in Windows 7 as well. Typically, once you do a takeown, you follow it up with cacls or icalcs to grant yourself permissions to the object.

Microsoft’s security model doesn’t permit to give ownership to someone, only to take it. That way an admin (or otherwise privileged user) cannot take ownership of a file inaccessible to her directly, access or modify it, and give it back to the original owner without notice to the original owner.

Edit: Credit goes to Art for the description of the use of takeown.

David Foerster

Posted 2013-12-21T16:12:32.880

Reputation: 829

2I know this is old, but I thought that I would add that you can set the owner to someone else using icacls. icacls <path> /SETOWNER <name> works. Of course you need to be the owner or have appropriate permissions before you can do that so you could enact the scenario of taking ownership and giving it back provided you have the ability to take ownership in the first place. – palehorse – 2014-12-03T21:19:25.457

Last time I checked, Windows prohibits the transfer of ownership to another account except to the one that performs the transfer. – David Foerster – 2014-12-04T23:55:54.513

@DavidFoerster - According to this: Restoring 'TrustedInstaller' as owner for executable in Windows folder, it appears that it will work. I haven't tried it myself yet.

– Kevin Fegan – 2015-11-17T11:11:50.483

@palehorse did icacls <filename> /setowner <username>. got <filename>: Access is denied.. was running cmd.exe in Asminstrator: mode. Filename was like foo.png, username was like John. Filename was taken from cmd.exe. Username was taken from explorer.exe GUI and matched the directory name in the \Users directory. – n611x007 – 2016-01-23T07:11:32.137

I can confirm all three exist in Windows 7 Professional (not checked on Home). Cacls declares itself to be deprecated in favour of Icacls. – mwfearnley – 2017-07-10T14:51:41.143

@KevinFegan: Is this maybe related to TrustedInstaller being a system user? It's not like those can take ownership back themselves if you want to modify one of their files or benefit from the notice on the change of ownership. Plus they trust administrators by definition – unlike the human owner of a regular user account. – David Foerster – 2017-07-10T15:01:21.580

Microsoft’s security model doesn’t permit to give ownership to someone, only to take it. I am sorry, but this is just nonsense. I am doing exactly this constantly on all sorts of Windows server (back to 2008 R2) and client (back to Windows 7) operating systems. Once you are the owner of a file, you can assign yourself the full range of permissions to do everything with it, including changing the ownership to any other user. – Binarus – 2019-09-13T08:46:32.463

1

cacls does not allow one to change or view the owner of a file. You would use takeown to do that. Typically, once you do a takeown, you follow it up with calcs or icacls to grant yourself permissions to the object.

– Art – 2014-02-05T19:28:44.780

Thanks, you're entirely right. I guess it shows that I've been out of the Microsoft world for too long to remember those things. I'll edit my answer accordingly. – David Foerster – 2014-02-06T20:30:51.847

-1

If using just DIR in the Microsoft world, try the /Q option.

For example:

DIR *.xlsx /Q

user3029478

Posted 2013-12-21T16:12:32.880

Reputation: 1

This is a duplicate of Art's answer. – fixer1234 – 2018-04-28T03:09:07.700

Asked: 2013-12-21T16:12:32.880

Viewed: 98 610 times

Active: 2018-04-28T01:58:02.137