User File and Folder Permissions changed to SYSTEM ownership

I have a user on our network who does have admin rights through our active directory and their local computer. They can login to our domain fine, load most files etc. However, they can no longer create new folders on C: , delete folders / files etc. I look at the permissions and they have all went to ownership of "SYSTEM" for some reason. The ones that are working are ones via network shares, or the users desktop.

Is there a mass way of taking ownership back of the files folders/files? One piece of software they can't get into due to this problem.

A little background on setup:
Client is running Windows 7 Pro.
Client logs into a Windows Server 2008 r2 with Active Directory
Client's user has admin rights on ad users/computers setup
Client is an administrator on the local machine as well

Thanks for any ideas you may have
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris HInfrastructure ManagerCommented:
Anytime I have a mass permissions sweep on a workstation, I immediately nuke it and restore from image.  Malware loves to do as you've described...

Takeown will replace ownership and cacls will change all the permissions.  Both will work with /s switch (recursive)

You can also right click and choose properties in explorer.  Under the security tab and Advanced are options to take ownership and set security permissions.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ZephyrMAuthor Commented:
Yeah I wasn't wanting to do that to every folder if I didn't have too.

If i do a takedown /a /f c: that will just put ownership back to administrator but it will do it to my clients user files as well I'm guessing...
NVITEnd-user supportCommented:
> If i do a takedown /a /f c: that will just put ownership back to administrator but it will do it to my clients user files as well

That may be a downside (cost of doing business) of giving user admin rights all the time. Does user need admin rights all the time?
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Chris HInfrastructure ManagerCommented:
Taking ownership doesn't DO anything.  It allows whoever is owner to do whatever.

It won't change current security permissoins, other than owner.  Owner only means you can now set security permissions.
ZephyrMAuthor Commented:
This specific one yes as a piece of software will not work without it. I hate it too...
Chris HInfrastructure ManagerCommented:
Right click c drive.  Click properties. click advanced.  click owner tab.  click edit.  click administrators.  Click the check box "replace owner on ....".  Click ok.

Double click and open C drive in My copmuter.  Right click each folder and choose properties.  Click security.  Add that user back.  this shouldn't effect anyone else that has access currently.
NVITEnd-user supportCommented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Operating Systems

From novice to tech pro — start learning today.