Solved

Repair File Permissions after Backup Restore

Posted on 2011-09-02
8
947 Views
Last Modified: 2016-10-27
I recently rebuilt my Win 7 Home Pro laptop and restored files from an original backup using Acronis True Image 2011. Files from Acronis have odd permissions and I can't always move or delete them. I'm not sure what the permissions should be and I need to restore them from the top level down.

I have my disk partitioned so my OS sits on the C drive and all data including My Documents, the restored files, a Dropbox directory are on the E: drive.

At one point, I added my own user, Bob, to the E drive permissions then removed it. Now I'm not sure where I am or how to fix the permissions.

There are no other users on this laptop.

Bob
0
Comment
Question by:imthefunone
8 Comments
 
LVL 30

Assisted Solution

by:ded9
ded9 earned 50 total points
ID: 36475478
If your are not able to access files or folder then you need to take ownership.

http://www.blogsdna.com/2159/how-to-take-ownership-grant-permissions-to-access-files-folder-in-windows-7.htm



Ded9
0
 

Author Comment

by:imthefunone
ID: 36475729
Ok, ownership was some of the problem and I now took ownership of all the files on the E drive.

I still can't change their permissions though. Most files have full permissions by:

System
Administrators
Bob (me)
Authenticated Users
Users

Some files also have one or more unknown users.

E drive itself shows just SYSTEM its owner.

I believe that only SYSTEM, Administrators, and Bob should own my files. That is who owns files I download from the internet.

However, when I try to remove either Users or Authenticated Users from a file or directory, I can't do it because the file is inheriting permissions from its parent. When I try to undo that, I've had problems possibly related to the ownership problem.

Am I correct about who should have permissions to my files and how do I eliminate others?
0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 400 total points
ID: 36476443
You only have 1 Owner.....

You shouldnt need to remove Users/Auth Users from the folders, as thats a standard.... Under no circumstances should you attempt to remove these on the OS drive. If you Right Click E>Security>Advanced>Owner>Edit>Change it to YourUserID>and make sure to click the check box "Replace owner on subcontainers and objects". This might take some time, depending on the amount of data you have.....

Then, on Permissions, set what you want. If this is a DATA drive, Security>Edit>Add YourUserID>"Full Control", and click OK.

If you want to change permissions on a subfolder, go to Security>Advanced>"Change Permissions" and UNCHECK the top box at the bottom labeled "Include inheritable permissions from this oject's parent". You will be prompted for a dialog with "Add", "Remove" or "Cancel". If you REMOVE, you strip ALL permissions. If you click "Copy", it duplicates them at that folder, but without inheriting from the parent. Once you apply these changes, you check-boxes on the main Security Tab are no longer "greyed out", and you can check/uncheck them. <~~~~ THIS IS THE KEY HERE to be able to edit the permissions.

"Some files also have one or more unknown users."

Unknown Users are from a previous installation, that are not configured on THIS PC. They can be removed if you do not plan on plugging the drive back in as an OS drive.

Normally the default permissions are fine, but you can easily change ownership and add yourself EXPLICITLY if needed. In your environment, might it be safe to remove the default groups? Maybe, but it is best to be safe and leave them alone.

0
 
LVL 66

Assisted Solution

by:johnb6767
johnb6767 earned 400 total points
ID: 36476446
And in a top level folder, Security>Advanced>"Change Permissions" and CHECK the bottom box at the bottom labeled "Replace all child object permissions with inheritable permissions from this object". This will apply what you set in THIS folder, to all the subfolders and files. Common to be done after granting yourself ownership of a folder, to apply to teh subfolders.... I suspect you might not have done this part....
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:imthefunone
ID: 36476819
Ok, I'm able to adjust the permissions now and I understand breaking the inheritance from above. That leaves me two questions.

1 - The files that have Authenticated Users/Users in the security entry have read, execute, modify permissions etc. That seems to say any user I might add to the computer would have access to "my" files. That is wrong. Also, when I download a file from the web, the only security members are SYSTEM, Administrators, and me. That suggests the Authenticated Users/Users are not defaults and "most?" files should not have them.

2 - Is there a way to impress downward ONLY the permissions I set at a high level will be on the children below? I'd like to do that to force all the "unknown" and junk users in the permission lists to go away.
0
 
LVL 66

Assisted Solution

by:johnb6767
johnb6767 earned 400 total points
ID: 36476859
If you remove the unknown users from the top folder (C Drive), and once the permissions are set, see the directions in http:#36476446, which will propogate teh permissions downwards to the subfolders, and should remove the unknown SIDS from the ACL.

Remember, NTFS permissions can be complex. The most restrictive right wins.

As for the defaults,Youre right, I was a bit vague. Sounds right for the Root of C:. Various Folders will have explicit permissions set. Remember, a user in the Users group, with "Read and Execute" is the most restrictive.

If you wanted to look at the defaults, you would need to open the default security template....

%windir%\inf\defltbase.inf

You can also reset them to defaults.....

http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/d09a393b-68df-43de-9f31-735f83242497/
0
 
LVL 30

Assisted Solution

by:IanTh
IanTh earned 50 total points
ID: 36477503
in windows 7 you have to do proper permissions through safe mode as its 'locked out' even from local admin in full win 7
0
 

Author Closing Comment

by:imthefunone
ID: 36478468
The final answer included several parts because I asked it in several parts. I appreciate the help, especially from jonb6767.
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Suggested Solutions

First some basics on Windows 7 Backup.  It has 2 components one is a file based backup which is stored in .zip files each zip is split at around 200 Megabytes and there is the Image Backup which is as the name implies a total image of the partition …
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now