Skip to main content
The 2024 Developer Survey results are live! See the results
Super User

Return to Answer

added 50 characters in body
Source Link
grawity_u1686
grawity_u1686
  • 465.8k
  • 66
  • 978
  • 1.1k

Windows does have a "security bypass" privilege (SeBackupPrivilege aka "Back up files or folders" for unrestricted read access and SeRestorePrivilege for unrestricted write), which all Administrators actually have by default, but a process still needs to manually activate it; normally it is present "on demand". (PowerShell, for example, uses SeRestorePrivilege when you ask it to delete something that you don't have access to.)

Read/modify access is not determined by file ownership – it's determined by file ACL (access control list). While only one user (or group) can own a file, you can add as many users (or groups) with "Full Control" access to the file's ACL. For an external HDD, it would be simplest to add a single Everyone entry to the ACL, making ownership practically irrelevant.

(Ownership is mostly just for quota accounting and for emergency ACL reset access; the latter is actually why "taking ownership" is the first step of regaining access – but that's only the first step; the second step is to use owner privilege to set a new ACL.)

  1. Assign ownership of everything on the disk to the "Administrators" group. (Not strictly needed but makes things easier, as this group has the same SID on all Windows machines.)

    takeown /f Y:\ /s /a

  2. Reset ACLs on everything to the default "inherit from parent" mode.

    icacls Y:\ /reset /t

  3. Add "Everyone" with full access to the ACL. (Like the built-in Administrators or Users groups, the special "Everyone" identifier also has the same SID on all Windows systems.)

    icacls Y:\ /grant "Everyone:(OI)(CI)(F)"

    Specifying (OI)(CI) will set the entry as "inheritable" so it will automatically propagate to all files and subfolders underneath Y:\.

    SpecifyingOptionally, specifying :r in /grant:r will remove all other explicit entries (replacing the entire ACL with just "Everyone"). Normally /grant only adds to the list.

  4. Remove the other, now redundant ACL entries (Administrators, SYSTEM, &c).

Newly created files will once again have the current user as their owner, but that's not an issue – the files will inherit an ACL that grants Everyone full access.

Windows does have a "security bypass" privilege (SeBackupPrivilege aka "Back up files or folders" for unrestricted read access and SeRestorePrivilege for unrestricted write), which all Administrators actually have by default, but a process still needs to manually activate it; normally it is present "on demand". (PowerShell, for example, uses SeRestorePrivilege when you ask it to delete something that you don't have access to.)

Read/modify access is not determined by file ownership – it's determined by file ACL (access control list). While only one user (or group) can own a file, you can add as many users (or groups) with "Full Control" access to the file's ACL. For an external HDD, it would be simplest to add a single Everyone entry to the ACL, making ownership practically irrelevant.

(Ownership is mostly just for quota accounting and for emergency ACL reset access; the latter is actually why "taking ownership" is the first step of regaining access – but that's only the first step; the second step is to use owner privilege to set a new ACL.)

  1. Assign ownership of everything on the disk to the "Administrators" group. (Not strictly needed but makes things easier, as this group has the same SID on all Windows machines.)

    takeown /f Y:\ /s /a

  2. Reset ACLs on everything to the default "inherit from parent" mode.

    icacls Y:\ /reset /t

  3. Add "Everyone" with full access to the ACL. (Like the built-in Administrators or Users groups, the special "Everyone" identifier also has the same SID on all Windows systems.)

    icacls Y:\ /grant "Everyone:(OI)(CI)(F)"

    Specifying (OI)(CI) will set the entry as "inheritable" so it will automatically propagate to all files and subfolders underneath Y:\.

    Specifying :r in /grant:r will remove all other explicit entries (replacing the entire ACL with just "Everyone"). Normally /grant only adds to the list.

  4. Remove the other, redundant ACL entries.

Windows does have a "security bypass" privilege (SeBackupPrivilege aka "Back up files or folders" for unrestricted read access and SeRestorePrivilege for unrestricted write), which all Administrators actually have by default, but a process still needs to manually activate it; normally it is present "on demand". (PowerShell, for example, uses SeRestorePrivilege when you ask it to delete something that you don't have access to.)

Read/modify access is not determined by file ownership – it's determined by file ACL (access control list). While only one user (or group) can own a file, you can add as many users (or groups) with "Full Control" access to the file's ACL. For an external HDD, it would be simplest to add a single Everyone entry to the ACL, making ownership practically irrelevant.

(Ownership is mostly just for quota accounting and for emergency ACL reset access; the latter is actually why "taking ownership" is the first step of regaining access – but that's only the first step; the second step is to use owner privilege to set a new ACL.)

  1. Assign ownership of everything on the disk to the "Administrators" group. (Not strictly needed but makes things easier, as this group has the same SID on all Windows machines.)

    takeown /f Y:\ /s /a

  2. Reset ACLs on everything to the default "inherit from parent" mode.

    icacls Y:\ /reset /t

  3. Add "Everyone" with full access to the ACL. (Like the built-in Administrators or Users groups, the special "Everyone" identifier also has the same SID on all Windows systems.)

    icacls Y:\ /grant "Everyone:(OI)(CI)(F)"

    Specifying (OI)(CI) will set the entry as "inheritable" so it will automatically propagate to all files and subfolders underneath Y:\.

    Optionally, specifying :r in /grant:r will remove all other explicit entries (replacing the entire ACL with just "Everyone"). Normally /grant only adds to the list.

  4. Remove the other, now redundant ACL entries (Administrators, SYSTEM, &c).

Newly created files will once again have the current user as their owner, but that's not an issue – the files will inherit an ACL that grants Everyone full access.

added 166 characters in body
Source Link
grawity_u1686
grawity_u1686
  • 465.8k
  • 66
  • 978
  • 1.1k

Windows does have a "security bypass" privilege (SeBackupPrivilege aka "Back up files or folders" for unrestricted read access and SeRestorePrivilege for unrestricted write), which all Administrators actually have by default, but a process still needs to manually activate it; normally it is present "on demand". (PowerShell, for example, uses SeRestorePrivilege when you ask it to delete something that you don't have access to.)

Read/modify access is not determined by file ownership – it's determined by file ACL (access control list). While only one user (or group) can own a file, you can add as many users (or groups) with "Full Control" access to the file's ACL. For an external HDD, it would be simplest to add a single Everyone entry to the ACL, making ownership practically irrelevant.

(Ownership is mostly just for quota accounting and for emergency ACL reset access; the latter is actually why "taking ownership" is the first step of regaining access – but that's only the first step; the second step is to use owner privilege to set a new ACL.)

  1. Assign ownership of everything on the disk to the "Administrators" group. (Not strictly needed but makes things easier, as this group has the same SID on all Windows machines.)

    takeown /f Y:\ /s /a

  2. Reset ACLs on everything to the default "inherit from parent" mode.

    icacls Y:\ /reset /t

  3. Add "Everyone" with full access to the ACL. (Like the built-in Administrators or Users groups, the special "Everyone" identifier also has the same SID on all Windows systems.)

    icacls Y:\ /grant "Everyone:(OI)(CI)(F)"

    Specifying (OI)(CI) will set the entry as "inheritable" so it will automatically propagate to all files and subfolders underneath Y:\.

    Specifying :r in /grant:r will remove all other explicit entries (replacing the entire ACL with just "Everyone"). Normally /grant only adds to the list.

  4. Remove the other, redundant ACL entries.

Windows does have a "security bypass" privilege (SeBackupPrivilege aka "Back up files or folders" for unrestricted read access and SeRestorePrivilege for unrestricted write), which all Administrators actually have by default, but a process still needs to manually activate it; normally it is present "on demand". (PowerShell, for example, uses SeRestorePrivilege when you ask it to delete something that you don't have access to.)

Read/modify access is not determined by file ownership – it's determined by file ACL (access control list). While only one user (or group) can own a file, you can add as many users (or groups) with "Full Control" access to the file's ACL. For an external HDD, it would be simplest to add a single Everyone entry to the ACL, making ownership practically irrelevant.

(Ownership is mostly just for quota accounting and for emergency ACL reset access; the latter is actually why "taking ownership" is the first step of regaining access – but that's only the first step; the second step is to use owner privilege to set a new ACL.)

  1. Assign ownership of everything on the disk to the "Administrators" group. (Not strictly needed but makes things easier, as this group has the same SID on all Windows machines.)

    takeown /f Y:\ /s /a

  2. Reset ACLs on everything to the default "inherit from parent" mode.

    icacls Y:\ /reset /t

  3. Add "Everyone" with full access to the ACL. (Like the built-in Administrators or Users groups, the special "Everyone" identifier also has the same SID on all Windows systems.)

    icacls Y:\ /grant "Everyone:(OI)(CI)(F)"

    Specifying (OI)(CI) will set the entry as "inheritable" so it will automatically propagate to all files and subfolders underneath Y:\.

  4. Remove the other, redundant ACL entries.

Windows does have a "security bypass" privilege (SeBackupPrivilege aka "Back up files or folders" for unrestricted read access and SeRestorePrivilege for unrestricted write), which all Administrators actually have by default, but a process still needs to manually activate it; normally it is present "on demand". (PowerShell, for example, uses SeRestorePrivilege when you ask it to delete something that you don't have access to.)

Read/modify access is not determined by file ownership – it's determined by file ACL (access control list). While only one user (or group) can own a file, you can add as many users (or groups) with "Full Control" access to the file's ACL. For an external HDD, it would be simplest to add a single Everyone entry to the ACL, making ownership practically irrelevant.

(Ownership is mostly just for quota accounting and for emergency ACL reset access; the latter is actually why "taking ownership" is the first step of regaining access – but that's only the first step; the second step is to use owner privilege to set a new ACL.)

  1. Assign ownership of everything on the disk to the "Administrators" group. (Not strictly needed but makes things easier, as this group has the same SID on all Windows machines.)

    takeown /f Y:\ /s /a

  2. Reset ACLs on everything to the default "inherit from parent" mode.

    icacls Y:\ /reset /t

  3. Add "Everyone" with full access to the ACL. (Like the built-in Administrators or Users groups, the special "Everyone" identifier also has the same SID on all Windows systems.)

    icacls Y:\ /grant "Everyone:(OI)(CI)(F)"

    Specifying (OI)(CI) will set the entry as "inheritable" so it will automatically propagate to all files and subfolders underneath Y:\.

    Specifying :r in /grant:r will remove all other explicit entries (replacing the entire ACL with just "Everyone"). Normally /grant only adds to the list.

  4. Remove the other, redundant ACL entries.

added 48 characters in body
Source Link
grawity_u1686
grawity_u1686
  • 465.8k
  • 66
  • 978
  • 1.1k

Windows does have a "security bypass" privilege (SeBackupPrivilege aka "Back up files or folders" for unrestricted read access and SeRestorePrivilege for unrestricted write), which all Administrators actually have by default, but a process still needs to manually activate it; normally it is present "on demand". (PowerShell, for example, uses SeRestorePrivilege when you ask it to delete something that you don't have access to.)

Read/modify access is not determined by file ownership – it's determined by file ACL (access control list). While only one user (or group) can own a file, you can add as many users (or groups) with "Full Control" access to the file's ACL. For an external HDD, it would be simplest to add a single Everyone entry to the ACL, making ownership practically irrelevant.

(Ownership is mostly just for quota accounting and for emergency ACL reset access; the latter is actually why "taking ownership" is the first step of regaining access – but that's only the first step; the second step is to use owner privilege to set a new ACL.)

  1. Assign ownership of everything on the disk to the "Administrators" group. (Not strictly needed but makes things easier, as this group has the same SID on all Windows machines.)

    takeown /f Y:\ /s /a

  2. Reset ACLs on everything to the default "inherit from parent" mode.

    icacls Y:\ /reset /t

  3. Add "Everyone" with full access to the ACL. (Like the built-in Administrators or Users groups, the special "Everyone" identifier also has the same SID on all Windows systems.)

    icacls Y:\ /grant "Everyone:(OI)(CI)(F)"

    Specifying (OI)(CI) will set the entry as "inheritable" so it will automatically propagate to all files and subfolders underneath Y:\.

  4. Remove the other, redundant ACL entries.

Windows does have a "security bypass" privilege (SeBackupPrivilege aka "Back up files or folders" for unrestricted read access and SeRestorePrivilege for unrestricted write), which all Administrators actually have by default, but a process still needs to manually activate it; normally it is present "on demand". (PowerShell, for example, uses SeRestorePrivilege when you ask it to delete something that you don't have access to.)

Read/modify access is not determined by file ownership – it's determined by file ACL (access control list). While only one user (or group) can own a file, you can add as many users (or groups) with "Full Control" access to the file's ACL. For an external HDD, it would be simplest to add a single Everyone entry to the ACL, making ownership practically irrelevant.

(Ownership is mostly just for quota accounting and for emergency ACL reset access; the latter is actually why "taking ownership" is the first step of regaining access – but that's only the first step; the second step is to use owner privilege to set a new ACL.)

  1. Assign ownership of everything on the disk to the "Administrators" group. (Not strictly needed but makes things easier, as this group has the same SID on all Windows machines.)

    takeown /f Y:\ /s /a

  2. Reset ACLs on everything to the default "inherit from parent" mode.

    icacls Y:\ /reset /t

  3. Add "Everyone" with full access to the ACL. (Like the built-in Administrators or Users groups, the special "Everyone" identifier also has the same SID on all Windows systems.)

    icacls Y:\ /grant "Everyone:(OI)(CI)(F)"

    Specifying (OI)(CI) will set the entry as "inheritable" so it will automatically propagate to all files and subfolders underneath Y:\.

Windows does have a "security bypass" privilege (SeBackupPrivilege aka "Back up files or folders" for unrestricted read access and SeRestorePrivilege for unrestricted write), which all Administrators actually have by default, but a process still needs to manually activate it; normally it is present "on demand". (PowerShell, for example, uses SeRestorePrivilege when you ask it to delete something that you don't have access to.)

Read/modify access is not determined by file ownership – it's determined by file ACL (access control list). While only one user (or group) can own a file, you can add as many users (or groups) with "Full Control" access to the file's ACL. For an external HDD, it would be simplest to add a single Everyone entry to the ACL, making ownership practically irrelevant.

(Ownership is mostly just for quota accounting and for emergency ACL reset access; the latter is actually why "taking ownership" is the first step of regaining access – but that's only the first step; the second step is to use owner privilege to set a new ACL.)

  1. Assign ownership of everything on the disk to the "Administrators" group. (Not strictly needed but makes things easier, as this group has the same SID on all Windows machines.)

    takeown /f Y:\ /s /a

  2. Reset ACLs on everything to the default "inherit from parent" mode.

    icacls Y:\ /reset /t

  3. Add "Everyone" with full access to the ACL. (Like the built-in Administrators or Users groups, the special "Everyone" identifier also has the same SID on all Windows systems.)

    icacls Y:\ /grant "Everyone:(OI)(CI)(F)"

    Specifying (OI)(CI) will set the entry as "inheritable" so it will automatically propagate to all files and subfolders underneath Y:\.

  4. Remove the other, redundant ACL entries.

added 38 characters in body
Source Link
grawity_u1686
grawity_u1686
  • 465.8k
  • 66
  • 978
  • 1.1k
Source Link
grawity_u1686
grawity_u1686
  • 465.8k
  • 66
  • 978
  • 1.1k