Solved

Unable to display current owner - icacls and Long Filenames

Posted on 2010-09-01
20
2,976 Views
Last Modified: 2012-05-10
Im trying to ascertain file permissions, owner etc. Since the GUI doesnt work, Im using icacls but it cant handle long filenames or filenames with spaces so I want the filenames in 8.3 format. For filenames with spaces, I tried putting the full filename in quotes, that returned 'Access is denied'. Filena~1.exe returned 'file cannot be found' I dont want a .bat or a .vbs. I just want the file security settings in the least number of steps (KISS method). One file at a time using icacls at the command line is preferable.

Logged on as administrator, server 2003

Thank you.
0
Comment
Question by:disciple_of_chim-chim
  • 10
  • 6
  • 4
20 Comments
 
LVL 4

Expert Comment

by:pbarry1
ID: 33581920
Hi,

you need to put the filename in double-quotes (ex: icacls "C:\Filename with spaces.txt") and, but you already know that, you need to have access rights to the files being analyzed..  

Hope this helps.
0
 

Author Comment

by:disciple_of_chim-chim
ID: 33581977
Im at the E:\folder prompt. There is a copy of cmd.exe in the folder.    As I said,   I put the full filename in quotes
E:\folder>icacls full filename

Administrator apparently doesnt have access rights to the file, thats why I want to know who does before I take ownership.
0
 

Author Comment

by:disciple_of_chim-chim
ID: 33581985
#@*% Make that E:\folder>icacls "full filename"
0
 
LVL 4

Expert Comment

by:pbarry1
ID: 33582086
Sorry,

by quote, I though you meant '  ', not " " (English is not my native language).

Since Administrator doesn't seem to have access to the file, you can try running the command under the "SYSTEM" account.  The easiest way I know to do that is by creating a new Scheduled Task that uses this command:

icacls "full filename" /save c:\acl.txt

Make sure the owner of the scheduled task is SYSTEM (when prompt for a user name, just enter SYSTEM without password.  It will replace it with NT AUTHORITY\SYSTEM).  Since you're an Admin, it should let you do that.
0
 
LVL 5

Expert Comment

by:helpnet
ID: 33582812
Using the System Account in a scheduled task or a startup script is the way to go. As if an account does not have rights to the file, you will get an access denied if you try to run icacls (becuase f rights).  

By the way, icacls does not have a problem with long filenames, it is just spaces make it ambiguous.  I know you said one file at a time, but it is much easier to do it for the subdirectory structure want to do it one file at a time (a lot of typing and scheduled tasks to set),

icacls c:\*.* /T >c:\users\acl.txt

For a particular directory

icacls "c:\DirectoryName" /T >c:\users\acl.txt

The > does the same thing as /save, and redirects the output to the file after the prompt.

 Will generate a text file with rights for all files in the directory structure.

If you use >> instead of >, it appends the output to the file instead of writing over the top of it.

Eg

icacls "c:\DirectoryName\Filename1" /T >c:\users\acl.txt
icacls "c:\DirectoryName\Filename2" /T >>c:\users\acl.txt
icacls "c:\DirectoryName\Filename3" /T >>c:\users\acl.txt
icacls "c:\DirectoryName\Filename4" /T >>c:\users\acl.txt

The resulting c:\users\acl.txt would include the output for all four commands, one after another

0
 
LVL 5

Expert Comment

by:helpnet
ID: 33582833
Because you (Administrator) do not have rights, you will not be able to do it one file at a time at the command line, it will need to be in a batch file/script.
0
 
LVL 5

Expert Comment

by:helpnet
ID: 33582936
http://blogs.msdn.com/b/adioltean/archive/2004/11/27/271063.aspx

This suggests a way to run a command prompt as system interactively.  I tried the second method, and it didn't work for me.  


But psexec does actually open an interactive command prompt running under the system account, so you should be able to run icacls from here if the system account has rights to the files (and it is possible it doesn't).

0
 
LVL 5

Expert Comment

by:helpnet
ID: 33582966
http://rhyous.com/2009/12/03/how-to-open-a-command-prompt-running-as-local-system-on-windows-7/
Sorry wrong line above

Download pstools from here /en-us/sysinternals/bb897553.aspx

Extract PSexec and copy to a location you can run it from a cmd prompt.

open a cmd prompt as administrator
run psexec -i -s cmd.exe

This will open a second CMD window that is running as the system account.
0
 

Author Comment

by:disciple_of_chim-chim
ID: 33583854
I ran this:

at 00:09 /interactive cmd.exe

The title on the cmd window was C:\WINDOWS\system32\svchost.exe
The prompt was at C:\WINDOWS\system32>
On the processes tab in Task Manager, cmd.exe is running under SYSTEM.

I changed directories until I was in E:\folder where the file in question is. I cannot copy the file, that is why I must work from the E drive.

E:\folder>icacls "full filename.exe" /T >acl.txt
full filename.exe: Access is denied.

acl.txt was written to E:\folder it was blank


E:\folder>icacls "full filename.exe" /save e:\acl.txt
full filename.exe: Access is denied.
Successfully processed 0 files; Failed processing 1 files

acl.txt was written to E:\folder with the failure message in it.


E:\folder>icacls "E:\folder" /T >C:\acl.txt
E:\folder\full filename.exe: Access is denied.

acl.txt was written to C:\ it was blank

There is one other file in that folder but it is hidden, cannot change that either. Its not lookin good for the home team.
0
 
LVL 4

Expert Comment

by:pbarry1
ID: 33586406
You can try the 'Takeown /f "filename" /a' command.  You won't be able to view who's the current owner, but at least, you should be able to regain access.  And after, you will see what are the file permissions.

If using the filename doesn't work, try using the directory name (Unless resetting ownership on all files is unacceptable for you).
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 

Author Comment

by:disciple_of_chim-chim
ID: 33591709
So, I cannot see the present file permissions or the present owner?
0
 
LVL 4

Expert Comment

by:pbarry1
ID: 33595737
I just remembered another way to see the owners: try this

DIR "E:\folder\full filename.exe" /Q

IF it doesn't work, try it with wildcards.  Ex: DIR "E:\folder\*.exe*" /Q   (the last wildcard is just to make sure the filename is not corrupted.)
0
 

Author Comment

by:disciple_of_chim-chim
ID: 33599066

C:\Documents and Settings\Administrator>DIR "E:\folder\*.exe" /Q

Volume in drive E is Info

Volume Serial Number is A55E-A07E

Directory of E:\folder

11/20/2009  12:26 PM            14,999 ...                    full filename.exe

               1 File(s)         14,999 bytes
               0 Dir(s)  299,887,572,992 bytes free





C:\Documents and Settings\Administrator>DIR "E:\folder\*.exe*" /Q

Volume in drive E is Info

Volume Serial Number is A55E-A07E

Directory of E:\folder\

11/20/2009  12:26 PM            14,999 ...                    full filename.exe

               1 File(s)         14,999 bytes
               0 Dir(s)  199,887,572,992 bytes free
0
 
LVL 4

Expert Comment

by:pbarry1
ID: 33619566
Well, it seems the only way to regain access to this file is by taking ownership.  You can turn on the auditing on this file and see if it will display the old owner after you've taken ownership, but I have doubts.
0
 

Author Comment

by:disciple_of_chim-chim
ID: 33638067
When I go to the Auditing tab for the file, Add, Edit and Remove are not available.
0
 
LVL 4

Expert Comment

by:pbarry1
ID: 33638193
If this computer is part of a Domain, there might be a Group Policy restricting you to activate the auditing.  You'll need to remove that restriction first.  If this computer is not part of a domain, make sure your Local Security Policy allow you to turn on Auditing.

Then start the autiding on the E:\folder, not just the file.
0
 

Author Comment

by:disciple_of_chim-chim
ID: 33639143
I simplified the original question. There are way too many files and folders in that directory to audit everything.
0
 

Author Comment

by:disciple_of_chim-chim
ID: 33666917
Has another one of my questions reached the 'you cant get there from here' point?
0
 

Accepted Solution

by:
disciple_of_chim-chim earned 0 total points
ID: 35310941
Access denied? pfft. I deleted it with Malwarebytes's FileASSASSIN.


Me 1
Pain in the as* file 0
0
 

Author Closing Comment

by:disciple_of_chim-chim
ID: 35357048
It was actionable and in the final analysis, if I was able to delete it, then I was the owner. And after 7 months, thats good enough for me.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

After having deployed hundreds of thousands of Terminal Services seats worldwide, I still see all the time people asking me that same old question: "If TS/RDS is that reliable why are you telling me I should reboot it that often? My DC/SQL/Exchange/…
The environment that this is running in is SCCM 2007 R2 running on a Windows 2008 R2 server. The PXE Distribution point is running on its own Windows 2008 R2 box. This is what Event viewer showed after trying to start the WDS service:  An erro…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now