Solved

Repair File Permissions after Backup Restore

Posted on 2011-09-02
8
965 Views
Last Modified: 2016-10-27
I recently rebuilt my Win 7 Home Pro laptop and restored files from an original backup using Acronis True Image 2011. Files from Acronis have odd permissions and I can't always move or delete them. I'm not sure what the permissions should be and I need to restore them from the top level down.

I have my disk partitioned so my OS sits on the C drive and all data including My Documents, the restored files, a Dropbox directory are on the E: drive.

At one point, I added my own user, Bob, to the E drive permissions then removed it. Now I'm not sure where I am or how to fix the permissions.

There are no other users on this laptop.

Bob
0
Comment
Question by:imthefunone
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 30

Assisted Solution

by:ded9
ded9 earned 50 total points
ID: 36475478
If your are not able to access files or folder then you need to take ownership.

http://www.blogsdna.com/2159/how-to-take-ownership-grant-permissions-to-access-files-folder-in-windows-7.htm



Ded9
0
 

Author Comment

by:imthefunone
ID: 36475729
Ok, ownership was some of the problem and I now took ownership of all the files on the E drive.

I still can't change their permissions though. Most files have full permissions by:

System
Administrators
Bob (me)
Authenticated Users
Users

Some files also have one or more unknown users.

E drive itself shows just SYSTEM its owner.

I believe that only SYSTEM, Administrators, and Bob should own my files. That is who owns files I download from the internet.

However, when I try to remove either Users or Authenticated Users from a file or directory, I can't do it because the file is inheriting permissions from its parent. When I try to undo that, I've had problems possibly related to the ownership problem.

Am I correct about who should have permissions to my files and how do I eliminate others?
0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 400 total points
ID: 36476443
You only have 1 Owner.....

You shouldnt need to remove Users/Auth Users from the folders, as thats a standard.... Under no circumstances should you attempt to remove these on the OS drive. If you Right Click E>Security>Advanced>Owner>Edit>Change it to YourUserID>and make sure to click the check box "Replace owner on subcontainers and objects". This might take some time, depending on the amount of data you have.....

Then, on Permissions, set what you want. If this is a DATA drive, Security>Edit>Add YourUserID>"Full Control", and click OK.

If you want to change permissions on a subfolder, go to Security>Advanced>"Change Permissions" and UNCHECK the top box at the bottom labeled "Include inheritable permissions from this oject's parent". You will be prompted for a dialog with "Add", "Remove" or "Cancel". If you REMOVE, you strip ALL permissions. If you click "Copy", it duplicates them at that folder, but without inheriting from the parent. Once you apply these changes, you check-boxes on the main Security Tab are no longer "greyed out", and you can check/uncheck them. <~~~~ THIS IS THE KEY HERE to be able to edit the permissions.

"Some files also have one or more unknown users."

Unknown Users are from a previous installation, that are not configured on THIS PC. They can be removed if you do not plan on plugging the drive back in as an OS drive.

Normally the default permissions are fine, but you can easily change ownership and add yourself EXPLICITLY if needed. In your environment, might it be safe to remove the default groups? Maybe, but it is best to be safe and leave them alone.

0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 66

Assisted Solution

by:johnb6767
johnb6767 earned 400 total points
ID: 36476446
And in a top level folder, Security>Advanced>"Change Permissions" and CHECK the bottom box at the bottom labeled "Replace all child object permissions with inheritable permissions from this object". This will apply what you set in THIS folder, to all the subfolders and files. Common to be done after granting yourself ownership of a folder, to apply to teh subfolders.... I suspect you might not have done this part....
0
 

Author Comment

by:imthefunone
ID: 36476819
Ok, I'm able to adjust the permissions now and I understand breaking the inheritance from above. That leaves me two questions.

1 - The files that have Authenticated Users/Users in the security entry have read, execute, modify permissions etc. That seems to say any user I might add to the computer would have access to "my" files. That is wrong. Also, when I download a file from the web, the only security members are SYSTEM, Administrators, and me. That suggests the Authenticated Users/Users are not defaults and "most?" files should not have them.

2 - Is there a way to impress downward ONLY the permissions I set at a high level will be on the children below? I'd like to do that to force all the "unknown" and junk users in the permission lists to go away.
0
 
LVL 66

Assisted Solution

by:johnb6767
johnb6767 earned 400 total points
ID: 36476859
If you remove the unknown users from the top folder (C Drive), and once the permissions are set, see the directions in http:#36476446, which will propogate teh permissions downwards to the subfolders, and should remove the unknown SIDS from the ACL.

Remember, NTFS permissions can be complex. The most restrictive right wins.

As for the defaults,Youre right, I was a bit vague. Sounds right for the Root of C:. Various Folders will have explicit permissions set. Remember, a user in the Users group, with "Read and Execute" is the most restrictive.

If you wanted to look at the defaults, you would need to open the default security template....

%windir%\inf\defltbase.inf

You can also reset them to defaults.....

http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/d09a393b-68df-43de-9f31-735f83242497/
0
 
LVL 30

Assisted Solution

by:IanTh
IanTh earned 50 total points
ID: 36477503
in windows 7 you have to do proper permissions through safe mode as its 'locked out' even from local admin in full win 7
0
 

Author Closing Comment

by:imthefunone
ID: 36478468
The final answer included several parts because I asked it in several parts. I appreciate the help, especially from jonb6767.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question