Reset NTFS permissions

[richjamacian]

I don't know how, but I completely managed to FUBAR my permission settings on my Data (E:\) drive. I tried looking up how to reset the permissions, and most sites told me to look into the icacls.exe command. I tried to use it, but it won't run because the folders I'm trying to reset permissions keeps getting a "not accessible" error. I thought that was the entire purpose of icacls?

Here's a cap of the error message: http://www.imagebam.com/image/8d2679166219273

How to I fix this/fix the permission settings without erasing all the data?

Thanks

 

[Bubbaleone]

Aaron Stebner is the "go to" guy. I keep this batch file handy for just such occasions:

Solving setup errors by using the SubInACL tool to repair file and registry permissions

Note: Don't be put-off that this article is about "Solving setup errors...". Installing Microsoft's SubInACL.exe then running Aaron's batch file restores the correct registry, folder, and file permissions regardless of the particular file security/permission problem you're experiencing.

 

[Motorheader]

I concur with Bubbaleone. It has worked multiple times for me when malware/virus/data corruption has made a mess of things.

 

[richjamacian]

I noticed that the batch has

cd /d "%programfiles%\Windows Resource Kits\Tools"

Since I am running Windows 7, would I put

cd /d "Program Files (x86)\Windows Resource Kits\Tools"?

I'm mostly confused as to what the "/d" tag does? I know what the cd means, but not what the /d tag does.

 

[Bubbaleone]

I noticed that the batch has

cd /d "%programfiles%\Windows Resource Kits\Tools"

Since I am running Windows 7, would I put

cd /d "Program Files (x86)\Windows Resource Kits\Tools"?

I'm mostly confused as to what the "/d" tag does? I know what the cd means, but not what the /d tag does.

/d : Disables execution of AutoRun commands.

If you do not specify /d in the string, Cmd.exe looks for the following registry subkeys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun\REG_SZ

HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun REG_EXPAND_SZ

If either one or both registry subkeys are present, they are executed before all other variables.

So when you use the /d parameter it ensures that nothing else runs before the batch file executes.

 

[richjamacian]

I ran the script and everything, but I guess I should have been more clear. The permissions are fine on my Windows (C:\) drive, but the errors arise of my Data (E:\) drive. From what I noticed, it didn't help with the errors on my E:\ drive. Do I have to restart my computer to see if it worked?

Sorry if I sound so technologically illiterate :|

 

[Bubbaleone]

I ran the script and everything, but I guess I should have been more clear. The permissions are fine on my Windows (C:\) drive, but the errors arise of my Data (E:\) drive. From what I noticed, it didn't help with the errors on my E:\ drive. Do I have to restart my computer to see if it worked?

Sorry if I sound so technologically illiterate :|

Yup, (most) registry changes don't take effect until you reboot. To answer your earlier question regarding %programfiles%:

(That damn smilie :\, I hope you recognize, is supposed to be DriveLetter;Colon;backslash...that's really irritating.)

%programfiles% is an environment variable. If your Program Files directory is located at CProgram Files (which is the default) then cmd.exe will read the environment variable and execute subinacl.exe. If your Program Files directory is not in the default location, you'll need to edit that line in the batch file to point to the actual location.

Here's the same batch file. I've added an additional line (at the bottom) to accomodate your E:\ drive. As before save it with the .bat extension:

cd /d "%programfiles%\Windows Resource Kits\Tools"
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f /grant=restricted=r /grant=YOURUSERNAME=f /setowner=administrators > %temp%\subinacl_output.txt
subinacl /keyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f /grant=restricted=r /grant=YOURUSERNAME=f /setowner=administrators >> %temp%\subinacl_output.txt
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators >> %temp%\subinacl_output.txt
subinacl /keyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators >> %temp%\subinacl_output.txt
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f /grant=users=r /setowner=administrators >> %temp%\subinacl_output.txt
subinacl /keyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f /grant=users=r /setowner=administrators >> %temp%\subinacl_output.txt
subinacl /subdirectories %programfiles%\ /grant=administrators=f /grant=system=f /grant=users=e >> %temp%\subinacl_output.txt
subinacl /subdirectories %windir%\ /grant=administrators=f /grant=system=f /grant=users=e >> %temp%\subinacl_output.txt
subinacl /subdirectories E:\*.* /grant=administrators=f /grant=system=f /grant=users=e >> %temp%\subinacl_output.txt

By the way, proper use of command line is an advanced area and does not mean you're "technologically illiterate". We are all illiterate until we learn how to read and then put that knowledge to use! :thumbsup:

 

[richjamacian]

I finally figured out how to fix it. I did some more digging, and apparently all I had to do was reassign myself as the owner of the folders/files. So I just did

takeown /R /F E:\*
icacls E:\* /T /C /Q /RESET

Problem solved and extremely aggravating knowing how easy the solution really was lol. Thank you so much, Bubbaleone for your help, I really appreciated it

 

[Bubbaleone]

:thumbsup: :thumbsup: good job!

 

[Snapshot1]

I noticed that the batch has

cd /d "%programfiles%\Windows Resource Kits\Tools"

Since I am running Windows 7, would I put

cd /d "Program Files (x86)\Windows Resource Kits\Tools"?

I'm mostly confused as to what the "/d" tag does? I know what the cd means, but not what the /d tag does.

/d : Disables execution of AutoRun commands.

If you do not specify /d in the string, Cmd.exe looks for the following registry subkeys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun\REG_SZ

HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun REG_EXPAND_SZ

If either one or both registry subkeys are present, they are executed before all other variables.

So when you use the /d parameter it ensures that nothing else runs before the batch file executes.

I am late to the party and thankfully the problem is solved, but just to clarify I think there was a miscommunication in the messages above.

The message from Bubbaleone refers to the /d behaviour of the cmd command, the question was about the cd command.

On the cd command /d indicates that a drive letter in addition to a directory is being specified.

 

[richjamacian]

I am late to the party and thankfully the problem is solved, but just to clarify I think there was a miscommunication in the messages above.

The message from Bubbaleone refers to the /d behaviour of the cmd command, the question was about the cd command.

On the cd command /d indicates that a drive letter in addition to a directory is being specified.

That explains why it wouldn't change drives until the /d was added when I was trying to run some of the fixes originally. Thanks again to everyone for their responses and I hope this helps other people in the future.