Repair File Permissions after Backup Restore

I recently rebuilt my Win 7 Home Pro laptop and restored files from an original backup using Acronis True Image 2011. Files from Acronis have odd permissions and I can't always move or delete them. I'm not sure what the permissions should be and I need to restore them from the top level down.

I have my disk partitioned so my OS sits on the C drive and all data including My Documents, the restored files, a Dropbox directory are on the E: drive.

At one point, I added my own user, Bob, to the E drive permissions then removed it. Now I'm not sure where I am or how to fix the permissions.

There are no other users on this laptop.

Who is Participating?
johnb6767Connect With a Mentor Commented:
You only have 1 Owner.....

You shouldnt need to remove Users/Auth Users from the folders, as thats a standard.... Under no circumstances should you attempt to remove these on the OS drive. If you Right Click E>Security>Advanced>Owner>Edit>Change it to YourUserID>and make sure to click the check box "Replace owner on subcontainers and objects". This might take some time, depending on the amount of data you have.....

Then, on Permissions, set what you want. If this is a DATA drive, Security>Edit>Add YourUserID>"Full Control", and click OK.

If you want to change permissions on a subfolder, go to Security>Advanced>"Change Permissions" and UNCHECK the top box at the bottom labeled "Include inheritable permissions from this oject's parent". You will be prompted for a dialog with "Add", "Remove" or "Cancel". If you REMOVE, you strip ALL permissions. If you click "Copy", it duplicates them at that folder, but without inheriting from the parent. Once you apply these changes, you check-boxes on the main Security Tab are no longer "greyed out", and you can check/uncheck them. <~~~~ THIS IS THE KEY HERE to be able to edit the permissions.

"Some files also have one or more unknown users."

Unknown Users are from a previous installation, that are not configured on THIS PC. They can be removed if you do not plan on plugging the drive back in as an OS drive.

Normally the default permissions are fine, but you can easily change ownership and add yourself EXPLICITLY if needed. In your environment, might it be safe to remove the default groups? Maybe, but it is best to be safe and leave them alone.

ded9Connect With a Mentor Commented:
If your are not able to access files or folder then you need to take ownership.

imthefunoneAuthor Commented:
Ok, ownership was some of the problem and I now took ownership of all the files on the E drive.

I still can't change their permissions though. Most files have full permissions by:

Bob (me)
Authenticated Users

Some files also have one or more unknown users.

E drive itself shows just SYSTEM its owner.

I believe that only SYSTEM, Administrators, and Bob should own my files. That is who owns files I download from the internet.

However, when I try to remove either Users or Authenticated Users from a file or directory, I can't do it because the file is inheriting permissions from its parent. When I try to undo that, I've had problems possibly related to the ownership problem.

Am I correct about who should have permissions to my files and how do I eliminate others?
johnb6767Connect With a Mentor Commented:
And in a top level folder, Security>Advanced>"Change Permissions" and CHECK the bottom box at the bottom labeled "Replace all child object permissions with inheritable permissions from this object". This will apply what you set in THIS folder, to all the subfolders and files. Common to be done after granting yourself ownership of a folder, to apply to teh subfolders.... I suspect you might not have done this part....
imthefunoneAuthor Commented:
Ok, I'm able to adjust the permissions now and I understand breaking the inheritance from above. That leaves me two questions.

1 - The files that have Authenticated Users/Users in the security entry have read, execute, modify permissions etc. That seems to say any user I might add to the computer would have access to "my" files. That is wrong. Also, when I download a file from the web, the only security members are SYSTEM, Administrators, and me. That suggests the Authenticated Users/Users are not defaults and "most?" files should not have them.

2 - Is there a way to impress downward ONLY the permissions I set at a high level will be on the children below? I'd like to do that to force all the "unknown" and junk users in the permission lists to go away.
johnb6767Connect With a Mentor Commented:
If you remove the unknown users from the top folder (C Drive), and once the permissions are set, see the directions in http:#36476446, which will propogate teh permissions downwards to the subfolders, and should remove the unknown SIDS from the ACL.

Remember, NTFS permissions can be complex. The most restrictive right wins.

As for the defaults,Youre right, I was a bit vague. Sounds right for the Root of C:. Various Folders will have explicit permissions set. Remember, a user in the Users group, with "Read and Execute" is the most restrictive.

If you wanted to look at the defaults, you would need to open the default security template....


You can also reset them to defaults.....
IanThConnect With a Mentor Commented:
in windows 7 you have to do proper permissions through safe mode as its 'locked out' even from local admin in full win 7
imthefunoneAuthor Commented:
The final answer included several parts because I asked it in several parts. I appreciate the help, especially from jonb6767.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.