Administrator account lost write permission in C:\Program Files ? Windows 7

I noticed that on my Windows 7 64 PC I've lost write/modify permissions, but only under C:\Program Files and C:\Program Files (x86).

I know this because suddenly
1) I can't "Save" any documents under those folders or any sub folders.  I can create "New Folders", just can do much in else.  It's not simply UAC warnings, it's access denied where any "Save" reverts to a "Save As" and not in those folders.    And
2)  I also noticed that in Windows Explorer, right click in one of those folders, menu Item "New" only shows one item "New folder" with an interesting little shield icon...   In all other folders I get a full list of "New" items I usually see such as New Word Document, etc.
My Windows 7 User ID is the same I've always used, and is "Administrator".  The PC is clean, up-to-date with WUS, and virus-free.

Solution I found, which I think is unacceptable:   Under Control Panel , Users, if I change UAC (user account control) to the Minimum everything works AOK.    Any setting higher then the bottom setting then I'm back to losing the access to C:\Program Files and C:\Program Files (x86).

Since I haven't changed anything that I'm aware of on my PC I suspect either  a) a recent Windows Update or b) something impacted the access rights of these folders where my windows user ID got demoted somehow.

500 points.    I can reply with more info or print screens if that would be helpful.
LVL 1
JReamAsked:
Who is Participating?
 
jerseysamCommented:
It seems the program files folders permissions are tied into the UAC settings.

The 2 "Program Files" folders have super-duper protections on them. Unfortunately in Windows8 I don't think there is a way to remove it because it is tied in to UAC and you can't turn off UAC any more.

The workaround is that while you cannot directly save to the "Program Files" folders (for example, from notepad) you can copy files into it. So to change a ini file or something like that you have to:

    load the file
    edit it
    save it to desktop or "My Documents"
    move it from its location to the Program Files area
    Answer the UAC prompt that yes, you really do know what you are doing and yes, you really do actually want to do it

This is why I created a "c:\MyPrograms" folder and install everything into it


Taken from post:

http://social.technet.microsoft.com/Forums/windows/en-US/7b3ada32-181d-4c55-9259-ee44f5f83b82/cant-write-to-program-files-folder?forum=w8itprogeneral
0
 
Raheman M. AbdulSenior Infrastructure Support Analyst & Systems DeveloperCommented:
Try to run the dos command:

TAKEOWN /F "c:\program files" /R /A
0
 
arnoldCommented:
From which application are you trying to save files into those locations?
UAC likely prevents the application from running as Administrator (lowers/lowered privileges)

if you navigate to the location, and use notepad/wordpad or simply right-click in the folder and select create a new file, does it give you the same error?
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
Darr247Commented:
The default owner in the Program Files, Program Files (x86) and Windows trees is the special user "TrustedInstaller."

Typically you're not supposed to be saving files to those locations with programs that don't understand User Account Control access restrictions. e.g. Notepad.
Try starting the program you're using by right-clicking its shortcut and choosing Run as administrator and I bet you'll be able to save the files where you want. But if it's Notepad you're using, forget it... Notepad is not ownership aware (I'm not sure why microsoft still includes it if they're not going to fix it). You'll have to take ownership of the folders to make Notepad work there.

You should not be running the Administrator account as an everyday user, by the way. Microsoft disables it by default for good reason... using it is like running as root all the time in linux distros.
0
 
McKnifeCommented:
Hi.

You say you are using the built-in Administrator account. By default, for this account, the UAC is off, while being on for other accounts. Please note I wrote "by default". So the defaults have been changed. Please verify this: http://technet.microsoft.com/en-us/library/dd834795.aspx
0
 
McKnifeCommented:
@Darr247
"Notepad is not ownership aware" - what are you talking about, starting notepad elevated will lead to successful saving just as with any other program.
0
 
JReamAuthor Commented:
I'm still researching and trying things.    I really think something changed, probably via WUS, for UAC and Windows accounts and access to many folders, including C:\ root.

I created a brand new TempAdmin account, an Administrator account, to check for newly created accounts to see if also restricted to C:\.  Yes, also restricted.

So my not-so-good solution remains:  Under Control Panel , Users, change UAC (user account control) to the Minimum everything works AOK.  

Two print screens:  

1) The working FULL list of  Windows Explorer, right click, menu Item "New" shows everything I would normally expect to see.

2)  And only when I have UAC at the minimum setting as shown.

Windows Explorer "New" shows everything as expected
UAC at the minimum setting
0
 
arnoldCommented:
If you need to install an application and run as administrator the setup. Do you get a deny error?

Do you have any Enterprise class anti-virus.

If you navigate to any location, right click in the folder and select new file, is the file created or do you get an error?

cacls c:\
xcacls c:
what is being returned?
0
 
McKnifeCommented:
Why no feedback on my comment? You would not need to turn off UAC if you indeed use the built-in administrator and the policy is reset to defaults.
0
 
JReamAuthor Commented:
Wow, McKnife, sorry for the delay?    We all do multiple things in our lives.  Thanks for your patience.
0
 
JReamAuthor Commented:
OP.   Final post.    I guess I was mistaken from the start.  

I've thoroughly re-tested Administrator Account vs User in Administrators group.  

For the User in Administrators group it does appear that the User UAC settings do control and limit the access rights to the system & Program Files folders.    To me this seems illogical since if the User is in the Administrators group he really should have Administrators Access regardless of UAC.  

So the UAC levels determine the access for the User in Administrators group.   But the UAC level screen doesn't offer any hint or imply this big step up or denial of access from the bottom setting to the next one up.  

Adding to my confusion, Windows Explorer does NOT honor "Run As Administrator", while Notepad does.  So Explorer's menu item 'New' is basically empty.

Bottom line:   The User, despite the fact that he's in Admin group, can't go into Program File application sub folders via Windows Explorer Right Click and create an innocent Notes.Txt file.....  big boo.
0
 
McKnifeCommented:
That's how UAC works, and I would call it everything else but "big boo". Treat admins as users until they actively elevate. Exception: Accounts "System" and "Administrator" - those run elevated by default.

As Explorer is the whole shell and not only file explorer (or a single process like notepad), logically it should not be made possible to run it elevated.
The only nasty thing we see here is that some applications are UAC aware (explorer), while others are not (notepad for example). Notepad does not trigger elevation.
0
 
JReamAuthor Commented:
My final original poster comment summerizes the solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.