Link to home
Start Free TrialLog in
Avatar of JReam
JReamFlag for United States of America

asked on

Administrator account lost write permission in C:\Program Files ? Windows 7

I noticed that on my Windows 7 64 PC I've lost write/modify permissions, but only under C:\Program Files and C:\Program Files (x86).

I know this because suddenly
1) I can't "Save" any documents under those folders or any sub folders.  I can create "New Folders", just can do much in else.  It's not simply UAC warnings, it's access denied where any "Save" reverts to a "Save As" and not in those folders.    And
2)  I also noticed that in Windows Explorer, right click in one of those folders, menu Item "New" only shows one item "New folder" with an interesting little shield icon...   In all other folders I get a full list of "New" items I usually see such as New Word Document, etc.
My Windows 7 User ID is the same I've always used, and is "Administrator".  The PC is clean, up-to-date with WUS, and virus-free.

Solution I found, which I think is unacceptable:   Under Control Panel , Users, if I change UAC (user account control) to the Minimum everything works AOK.    Any setting higher then the bottom setting then I'm back to losing the access to C:\Program Files and C:\Program Files (x86).

Since I haven't changed anything that I'm aware of on my PC I suspect either  a) a recent Windows Update or b) something impacted the access rights of these folders where my windows user ID got demoted somehow.

500 points.    I can reply with more info or print screens if that would be helpful.
ASKER CERTIFIED SOLUTION
Avatar of jerseysam
jerseysam
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Try to run the dos command:

TAKEOWN /F "c:\program files" /R /A
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
@Darr247
"Notepad is not ownership aware" - what are you talking about, starting notepad elevated will lead to successful saving just as with any other program.
Avatar of JReam

ASKER

I'm still researching and trying things.    I really think something changed, probably via WUS, for UAC and Windows accounts and access to many folders, including C:\ root.

I created a brand new TempAdmin account, an Administrator account, to check for newly created accounts to see if also restricted to C:\.  Yes, also restricted.

So my not-so-good solution remains:  Under Control Panel , Users, change UAC (user account control) to the Minimum everything works AOK.  

Two print screens:  

1) The working FULL list of  Windows Explorer, right click, menu Item "New" shows everything I would normally expect to see.

2)  And only when I have UAC at the minimum setting as shown.

User generated image
User generated image
If you need to install an application and run as administrator the setup. Do you get a deny error?

Do you have any Enterprise class anti-virus.

If you navigate to any location, right click in the folder and select new file, is the file created or do you get an error?

cacls c:\
xcacls c:
what is being returned?
Why no feedback on my comment? You would not need to turn off UAC if you indeed use the built-in administrator and the policy is reset to defaults.
Avatar of JReam

ASKER

Wow, McKnife, sorry for the delay?    We all do multiple things in our lives.  Thanks for your patience.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
That's how UAC works, and I would call it everything else but "big boo". Treat admins as users until they actively elevate. Exception: Accounts "System" and "Administrator" - those run elevated by default.

As Explorer is the whole shell and not only file explorer (or a single process like notepad), logically it should not be made possible to run it elevated.
The only nasty thing we see here is that some applications are UAC aware (explorer), while others are not (notepad for example). Notepad does not trigger elevation.
Avatar of JReam

ASKER

My final original poster comment summerizes the solution.