Solved

Taking ownership of a user folder?

Posted on 2014-04-01
7
406 Views
Last Modified: 2014-04-08
Normally if I pull a c: drive out of one computer and dock or connect it to another Windows 7 computer I will need to take ownership of the user folder before I can read or move files from the attached drive to the system drive I booted from.

Oddly I have a Windows 7 work-station in my shop that I can attach a system drive pulled from another computer and I can immediately open the User folder and see and open files and folders without having to ever take ownership of the folder on the attached D: drive.

Does anyone know how my magic Windows 7 computer is configured to allow me to see and move folders from another users hard drive without having to take ownership of files and folders?

Thanks -
Scott
0
Comment
Question by:scottjnorris
  • 3
  • 3
7 Comments
 
LVL 18

Expert Comment

by:web_tracker
ID: 39971040
Have you ever looked at that drive before, if you docked that particular drive in the past it is possible that you already gave the system rights to access the drive.
0
 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 39971049
Perhaps the drive is FAT instead of NTFS.  

If NTFS, perhaps there isn't a DACL.  If there is, then duplicate ACE SIDs exists.

If a Windows object does not have a discretionary access control list (DACL), the system allows everyone full access to it. If an object has a DACL, the system allows only the access that is explicitly allowed by the access control entries (ACEs) in the DACL. If there are no ACEs in the DACL, the system does not allow access to anyone. Similarly, if a DACL has ACEs that allow access to a limited set of users or groups, the system implicitly denies access to all trustees not included in the ACEs.

Ref: http://msdn.microsoft.com/en-us/library/windows/desktop/aa446597%28v=vs.85%29.aspx

If the discretionary access control list (DACL) that belongs to an object's security descriptor is set to NULL, a null DACL is created. A null DACL grants full access to any user that requests it; normal security checking is not performed with respect to the object. A null DACL should not be confused with an empty DACL. An empty DACL is a properly allocated and initialized DACL that contains no access control entries (ACEs). An empty DACL grants no access to the object it is assigned to.

The following are well-known SIDs:

SID: S-1-0
Name: Null Authority
Description: An identifier authority.

SID: S-1-1-0
Name: Everyone
Description: A group that includes all users, even anonymous users and guests.

Ref: http://support.microsoft.com/kb/243330

Verify by running cacls x:\path\
0
 

Author Comment

by:scottjnorris
ID: 39971237
"Have you ever looked at that drive before, if you docked that particular drive in the past it is possible that you already gave the system rights to access the drive."

No ... the funny thing is I can and have pulled drives from dozens of customers computers and docked them to this one Windows 7 machine and have always been able to have access to user files and folders without ever first taking ownership?

Scott
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 39973068
Run cacls x:\ on the drive letter of the mounted drive, any entries that resolve translate to well-known SIDs which exist between systems.
0
 

Author Comment

by:scottjnorris
ID: 39973190
" Run cacls x:\ on the drive letter of the mounted drive, any entries that resolve translate to well-known SIDs which exist between systems. "

I cacls x:\ on a docked drive that I can read without taking ownership.
Do these results mean anything?

C:\Users>cacls g:\
g:\ BUILTIN\Administrators:F
    BUILTIN\Administrators:(OI)(CI)(IO)F
    NT AUTHORITY\SYSTEM:F
    NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
    BUILTIN\Users:(OI)(CI)R
    NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)C
    NT AUTHORITY\Authenticated Users:(special access:)
                                     FILE_APPEND_DATA

Scott
0
 
LVL 14

Accepted Solution

by:
Giovanni Heward earned 500 total points
ID: 39973654
Yes, since the user/group names resolve (meaning you're not seeing any orphaned security identifiers (e.g. Account Unknown (S-1-5-21-1796170229-294937551-3999959926-1026))), this means you have matching security identifiers on your own system.

In other words, Windows 7 views the group Users (S-1-5-32-545) as being present on your existing system, and therefore permits Read access.  This is because S-1-5-32-545 exists on both the customers system and your system.  It also resolves the Administrators group (S-1-5-32-544) and recognizes that identifier on your system, so you receive Full Control (if an Administrator.)  No need to have ownership of the objects, as you've already been granted permissions based on these well-known built-in SIDs.

SID: S-1-5-32-545
Name: Users
Description: A built-in group. After the initial installation of the operating system, the only member is the Authenticated Users group.

SID: S-1-5-32-544
Name: Administrators
Description: A built-in group. After the initial installation of the operating system, the only member of the group is the Administrator account.
0
 

Author Comment

by:scottjnorris
ID: 39976900
Giovanni -

I appreciate your expertise and thorough response to my question.  Unfortunately I probably do not have the necessary background to fully appreciate how this works.

What I really want to know practically speaking is ... How do I configure my other Windows 7 workstations to be able to see a docked system drive (pulled from any-other workstation) and have permission to open and read the documents folder or the pictures folder etc (without having to take ownership)?

Is there a set of step by step instructions that can guide me thru this task?

Scott
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now