I had to use takeown in cygwin to first take ownership of all the files. I ran cygwin in admin mode (right click). Taking ownership of the cygwin directory is tricky, because cygdrive will link to all your harddrives, so I'd suggest to not do it recursively on the cygwin folder. The syntax is:

takeown /F folder /R

where /R is recursive. So do that for all the files and folders in cygwin (or try it on the cygwin folder but I don't recommend).

After that I needed to set up my permissions through Windows explorer. Right-click on the "cygwin" folder, go to the "security" tab, make sure that your username is in the top window. I also removed the "unknown" user which I assume was my previous account. If you aren't in there: Click edit->Add-> Type your name in and click "Check Names". It should find who you think you are and then click "OK". Click the check-box for allow "Full Control" and it should check all the boxes. Click "OK".

Then you should still be in the security tab, click "Advanced"->"Change Permissions"->Highlight your username->"edit"->make sure all boxes are checked under "allow" and the Apply to is "This folder, subfolders and files" (the check box should not be checked). Press "OK" once, make sure that "Replace all child object permissions..." is checked, click "OK", "OK", "OK".

And you should be good to go.

Human names are irrelevant. Computers work with numbers.

In this particular case, the numbers are security identifiers, SIDs.

When you created the new account, it was given a new SID. The old SID of the old account wasn't re-used. (That would be a security mess.) All of your files and directories are marked with the old SID as their creator-owner. They also very probably grant access rights, in their ACLs, to either their creator-owners or directly to the old SID. Thus the old SID is what continues to have the access rights.

So, for example, if your old account had the SID S-1-5-21-90593156-579754539-1338337383-1002, your new account would have a different SID such as S-1-5-21-90593156-579754539-1338337383-1003. The files and directories grant read/write/search/whatever access to the -1002 SID, whereas the -1003 SID has no access.

Taking ownership, with a tool such as takeown is one answer to this, for the case where the ACLs grant access to creator-owner rather than directly to the old SID. Just change who the creator-owner is, and the ACLs that grant rights to the creator-owner automatically grant rights to the right SID. The problem is that in Windows NT permission to take ownership must be granted by the original owner to the intended new owner. Ownership cannot (without special privileges) be given away, nor assumed without permission. You've deleted the account with the old SID, so there's now no original owner to grant that right. Thus you have to use a three-pass procedure. First, an account with the ability to take ownership of anything (such as an Administrators account) must take ownership. Then that account must grant take ownership rights to your new account. Finally, your new account must take ownership from the Administrators account.

If the ACLs grant access directly to the old SID rather than indirectly via the creator-owner, then taking ownership is not the answer to this, although one might want to do that later for other reasons. Substituting the new SID for the old SID in the ACEs is. You do that with the subinacl tool, from the Resource Kit, and its /replace parameter.

Further reading

• Microsoft corporation (2004). Download SubInACL. Download Centre.
• Microsoft corporation (2003-03-08). Security Descriptors and Access Control Lists Tools and Settings. TechNet.
• Jesper M. Johansson (2008). Security Watch Tools for Managing ACLs. MSDN Maagazine. TechNet.
• Jesper M. Johansson (2005-11-08). How to Shoot Yourself in the Foot with Security, Part 2: To ACL or Not to ACL. TechNet.
• Microsoft corporation (2006-11-01). How To Migrate Objects from One Domain to Another in Windows NT. ID 301940. Microsoft KnowledgeBase.