Non-existant account is owner of folders/files

Posted on 2004-11-15
Medium Priority
Last Modified: 2013-12-04
Last summer we moved from a multiple domain NT 4.0  structure to a single domain Windows 2000 and AD. I have now found some folders and files in the users home folder that neither the user, administrator or domain administrator is able to access. Most of them are in thier ...\history\history.ie5 folders. I think that the owner of these folders/files is their account from the old NT domain that no longer exists. The only way we can gain access to them is by having an administrator take ownership of them and then change the acls on them so the user can get access to them again.
My question is... is there a command-line utility that would allow me to script this en-mass? I've tried xcacls.exe, subinacl.exe, fileowner.pl and takeowner.exe. The only one that seems to work is takeowner.exe but it doesn't have a resurse subdirectory option. I'd even settle for a way to 'blow-away' the folders if that's as good as I can get.
Thanks in advance for any help you can provide.
Question by:tom-harmon
  • 3
  • 2
LVL 14

Expert Comment

ID: 12590573
xcacls will do this recursively

something like> xcacls *.* /T /E /G administrator:F;O /Y
(the /T recurses subdirectories, /E is edit so you don't wipe out existing permissions, /Y will stop it asking you for confirmation,  F is Full Access, O is Ownership)
but check the syntax out to see exactly what you want.

Author Comment

ID: 12599109
Yes, I've tried xcacls data /t /e /c /g administrator:f;o /y  
It works on all the folders and files up to the point of the first folder or file that I trying to change. It then stops and gives me a "unable to perform a security operation on an object that has no associated security."
If I run it without the /e for edit I get the message "The filename, directory name, or volume label syntax is incorrect" when it gets to the first folder or file that I'm having the problem with.
LVL 14

Expert Comment

ID: 12601125
ok - possibly a silly question but is your partition FAT or NTFS?
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

LVL 14

Expert Comment

ID: 12601170
If your partition is NTFS (which is what I hope it is) and you're having no joy with xcacls you could try another tool like supercacls http://www.trustedsystems.com/scacls.htm

Another thing to try is getting filemon from www.sysinternals.com and checking what's happening when the failure occurs (i.e. exactly what your problem file/folder is called).
Check you are able to view the ACL/take ownership on the problem file/folder directly (i.e. right-click, properties, security, etc)


Accepted Solution

swinterborn earned 1000 total points
ID: 12640425
Try out one of the chown utilities. It only changes the owner, but once thats changed, you should be able to use xcacls. We use one as part of our standard toolset.

Theres loads around,

Chown is a standard unix tool, theres been loads of ports into Windows. If none of these 3 do the trick, a google for "chown download windows" returned 77000 results, so one of them has to work.



Author Comment

ID: 12660360
The chown utility from the uk link did the trick.

Thanks much for all of your help!

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question