Denied set on users\folder?

  • Thread starter Thread starter Brad
  • Start date Start date
B

Brad

I have a PC where it appears a user has set DENY for administrators. I
cannot access or take ownership of this user's folder. anyway around
this in vista?

Brad
 
Depends. Try making your account a member of a group which HAS permissions
for the folder. Logg off and log in again. See if it works.
 
Depends. Try making your account a member of a group which HAS permissions
for the folder. Logg off and log in again. See if it works.
Click to expand...
Well, I'm domain admin, and as the local admin account, I still can't
take ownership.
 
If the flag is set to DENY, then it won't let admins access that. Some other
user group must have permissions though. Users, Everyone, Network,
System......Make your admin account a member of that group.
You must though realise that the option to deny access to the private
folders is there for a reason: privacy. If what you want to access is part of
that users private folders then you won't be able to gain access to it. This
forum is not the right place to ask for hacking advice.....
 
This is not hacking advice I'm seeking. Previously, NTFS rights would
allow an admin to take ownership of anything, just in case of things
like this. Now, in order to run backups on the system, admins need to
have access to this folder. No access, no backups. I also cannot
support any profile specific issues that occur for this user account.
Privacy is provided to users in their home dirs, not the desktop OS
and folders.
The point of the question here is that what I used to be able to do in
XP, I cannot do in Vista (at least not the same way).
Now, the user is not seeking privacy, she is setting this to see if
she can. My job as an admin is to determine how to override a user
modifying rights on things they shouldn't. This happens sometimes in
our environment of 28,000 users, and I need to know how to correct it
down the road when we deploy vista.
So yes, I think this is the right group...Thanks

now, following along your thought process, I would need to create a
new user account that was a member of some group that has access.
Admin won't do it because as part of administrators, the DENY would
take precedence. As a user, I probably don't have rights to modify the
permissions, but I'll check.
What I need to know is how to take ownership of something that
apparently I have no admin access to. Which is different than previous
versions.....
 
Right.
For backup purposes, if the account that starts the backup is a member of
the Backup Operaters group, which the domain admin should be by default, then
the backup can be performed regradless of the deny flag. In the backup copy
the same access flags will be set. This works with the built-in backup
software at least.
One way I found that allows me to take ownership of whatever I want in Vista
is to do it from the built-in Administrator account. You will first need to
enable that one in control panel AND DO NOT SET A PASSWORD or you'll be
locked out of the system. Then log into that account, start explorer in admin
mode, change ownership and finally change permissions. You will need to close
and reopen all the properties windows a couple of times before it will allow
you to change permissions, and permissions are not always inherited so you
might need to repeat the procedure first for the folder and then for every
file in it.
 
Hello,

I haven't heard of vista removing the ability of administrators to take
ownership of files they have no access to.

Have you disabled UAC? I have heard reports that sometimes if you disable
UAC the system won't let you take ownership of certain files. If this is the
case, try enabling UAC and taking ownership of the files.
 
Hello,

I haven't heard of vista removing the ability of administrators to take
ownership of files they have no access to.

Have you disabled UAC? I have heard reports that sometimes if you disable
UAC the system won't let you take ownership of certain files. If this is the
case, try enabling UAC and taking ownership of the files.
Click to expand...


I have disabled UAC, I'll try turning it back on and see if I can do
this. I imagine however that this feature will be disabled in our
environment once we go to production.
 
Back
Top