12

In Windows 10, I have a folder that has lost every permission and even the ownership.

If I choose right-click > Security, all lists of permissions are empty and it says the owner could not be evaluated. If I try to add a permission, e.g. of System, or try to change the owner, the settings are not stored.

I would like either to fix the folder or to delete and recreate it. But the system doesn't allow to delete, even if I start a shell or a file explorer as administrator.

What is the correct way in Windows to clean up such orphans?

Thanks a lot for any hint.

Edit Please see the picture below that illustrates how important option controls are missing. Also, chkdsk seems not possible immediately (but it can be scheduled).

enter image description here

Improve this question

5 Answers 5

Reset to default
10

I would first suggest running chkdsk /f on the disk, which will make sure the security information isn't corrupted. It should restore the directory to some 'standard' permissions.

If you're an administrator, you should be always able to take ownership using takeown, and then write new ACL using e.g. icacls … /reset.

Improve this answer
3
  • 3
    takeown /F was our rescue here :-)
    – peter_the_oak
    Commented Jan 6, 2017 at 14:25
  • 7
    I am getting ERROR: Access is denied. with takeown /F <foldername>.
    – user2173353
    Commented Nov 2, 2017 at 14:39
  • Restarting Windows removed the file. Seems it was a ghost file or sth...
    – user2173353
    Commented Nov 2, 2017 at 14:59
4

Restart your computer. This may be a folder that has failed to delete, it should disapear on a restart and can be re-created safely

Improve this answer
2
  • I don't know why this got a downvote - I had this issue, and this was exactly the solution in my case. Same for user2173353 according to the comment on the accepted answer.
    – Syndic
    Commented Feb 28, 2019 at 7:47
  • I have this strange problem that when I try to delete a resource (let's say an exe file) that is being used by another process, the file loses ownership. Every single time. Example: A .NET console project. After I build, then clean the directory, my exe loses ownership. As a result, I have to update the output directory. Obviously I can't restart my computer every time this happens. How can I prevent this from happening?
    – Shervin Shahrdar
    Commented Jun 4, 2020 at 21:31
3

On the parent folder, right click, choose properties, security.

From there go to Advanced

If you are using a standard user, press the button Change permissions and supply administrative credentials.

You should now see a checkmark at the bottom stating:

[ ] Replace all child object permission entries with inheritable permission entries from this object.

Check this checkbox and press Apply.

Every subfolder will now get their permissions reset, including the one you lost access to.

If you can't afford any other folder to be affected, you can try to move the folder in question to a new folder and try it as such, or move all other folders away.

Improve this answer
4
  • Important controls are missing, please see the picture I've added. That's why I'm stuck with the context menu way. However your suggestion is the right start. Would it make sense to dig deeper with powershell?
    – peter_the_oak
    Commented Jan 3, 2017 at 9:58
  • You need to go higher in the directory tree until you find a folder you have access to. Do note that the inetpub folder is part of IIS and altering permissions may cause IIS to stop working correctly.
    – LPChip
    Commented Jan 3, 2017 at 11:03
  • If you're an administrator, you should be always able to take ownership using takeown, and then write new ACL using e.g. icacls … /reset.
    – grawity_u1686
    Commented Jan 3, 2017 at 11:04
  • @LPChip thanks for the extra explanation. You are right in mentioning IIS. Some of the folders there have additional write permissions for the IIS_IUSRS. By reinitializing the permissions from the parent, I have to correct those permissions. Would be easy if I had direct access to the machine. So this way became the fallback solution. Luckily, takeown worked.
    – peter_the_oak
    Commented Jan 6, 2017 at 14:41
1

I just had a similar issue where ICACLS and the TAKEOWN commands were not getting it done. I was using ICACLS and after finding this post I also tried TAKEOWN:

icacls N:\* /grant UserName:(oi)(ci)f
takeown /F N:\*

What finally corrected the issue was explicitly setting the INHERITANCE switch in ICACLS:

icacls N:\* /grant UserName:(oi)(ci)f /inheritance:e
Improve this answer
0

From the command prompt or powershell with admin privileges, try either of the following:

robocopy [source directory] [dest directory] /COPYALL /SECFIX /SEC

or if that fails, try:

robocopy [source directory] [dest directory] /COPY:S

In recent versions of robocopy, the /TIMFIX or /SECFIX switches are no longer supported. If you have scripts that use these switches you must edit them to use /COPY: instead. /COPY:T replaces the old /TIMFIX, and /COPY:S replaces the old /SECFIX.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .