Human names are irrelevant. Computers work with numbers.
In this particular case, the numbers are security identifiers, SIDs.
When you created the new account, it was given a new SID. The old SID of the old account wasn't re-used. (That would be a security mess.) All of your files and directories are marked with the old SID as their creator-owner. They also very probably grant access rights, in their ACLs, to either their creator-owners or directly to the old SID. Thus the old SID is what continues to have the access rights.
So, for example, if your old account had the SID S-1-5-21-90593156-579754539-1338337383-1002
, your new account would have a different SID such as S-1-5-21-90593156-579754539-1338337383-1003
. The files and directories grant read/write/search/whatever access to the -1002
SID, whereas the -1003
SID has no access.
Taking ownership, with a tool such as takeown
is one answer to this, for the case where the ACLs grant access to creator-owner rather than directly to the old SID. Just change who the creator-owner is, and the ACLs that grant rights to the creator-owner automatically grant rights to the right SID. The problem is that in Windows NT permission to take ownership must be granted by the original owner to the intended new owner. Ownership cannot (without special privileges) be given away, nor assumed without permission. You've deleted the account with the old SID, so there's now no original owner to grant that right. Thus you have to use a three-pass procedure. First, an account with the ability to take ownership of anything (such as an Administrators account) must take ownership. Then that account must grant take ownership rights to your new account. Finally, your new account must take ownership from the Administrators account.
If the ACLs grant access directly to the old SID rather than indirectly via the creator-owner, then taking ownership is not the answer to this, although one might want to do that later for other reasons. Substituting the new SID for the old SID in the ACEs is. You do that with the subinacl
tool, from the Resource Kit, and its /replace
parameter.
Further reading
2Look at
TAKEOWN
in Windows help. – None – 2012-01-25T00:50:03.190