1

This surface pro 4 has two bootable partitions, C and D. Both have a Win10 installed. I wanted the "C" partition to be unaccessible to users of the "D" partition for security reasons.

The "tech guy" who tried to help has done it the hard way: removing the permissions from the "admin group". This makes the C partition unavailable to users of the C drive. When entering troubleshooting mode from the D partition, I've attempted the following

  • with diskpart, mount the volume to "j:"
  • takeown /F j:
  • j: -> access denied
  • icacls j -> access is denied

Before damage, I'd rather have the expert's advice :-)

N.B. I hope to avoid a "full reinstall".

Thanks in advance,

Improve this question
4
  • 3
    I believe your only option to have the correct ACLs again is to reinstall. You cannot hide the Windows partitions from each other without encrypting them.
    – Daniel B
    Commented Oct 18, 2019 at 9:09
  • Thanks @DanielB; I'll follow your advice regarding encryption. Will see what my options are with the "cloud recovery" as the onboard image can't seem to be found.
    – Jem
    Commented Oct 18, 2019 at 9:15
  • 3
    These drastic permission changes weren't a good way to approach this situation. Savvy users could easily take ownership and give themselves full access in seconds, just as you would for a flash drive. Fortunately, no data was lost. It's easily fixed. Hopefully he learns from this. We learn most from our mistakes!
    – Mr Ethernet
    Commented Oct 18, 2019 at 9:29
  • Hi @MrEthernet, thanks for your input - what commands should that savvy user input :-) ? My understanding is limited to "takeown" which didn't help. Suggestions welcome :-)
    – Jem
    Commented Oct 18, 2019 at 9:36

1 Answer 1

Reset to default
2

Restore access:

  1. Boot into the Windows installation on the D drive.
  2. Open Windows Explorer and right click on the C drive: Properties -> Security -> Advanced -> Owner (Change). Make yourself the owner. Enable Replace owner on subcontainers and objects. Click Ok and wait a moment for the ownership to be updated on every file on the C drive.
  3. From the Properties window, go to Advanced then enable Replace all child object with inheritable permissions from this object then give the Administrators group full access again to the entire C drive, as it normally has by default. Wait a few seconds for the permission changes to be applied to every file on the C drive.
  4. Reboot and boot back into Windows on the C drive.

Security and stability implications:

Once all data from the first boot partition has been successfully backed up, Windows should be reinstalled/re-imaged on it in order to restore the correct owner and NTFS permissions across all Windows system files and folders.

Improve this answer
4
  • 4
    While this may work to recover access to the Windows installation, it will not return the permissions to their correct state and will make this Windows instance terribly insecure. After backing up any needed data, Windows should be reinstalled.
    – I say Reinstate Monica
    Commented Oct 18, 2019 at 10:12
  • 1
    Agreed. I would back up the data and do a clean install after recovering from something like this.
    – Mr Ethernet
    Commented Oct 18, 2019 at 10:16
  • 1
    That info belongs in the answer.
    – I say Reinstate Monica
    Commented Oct 18, 2019 at 11:53
  • 1
    Excellent, this solved the issue; I've been able to ensure all was backed up. Reinstall in progress with the original built-in image. Thanks so much!
    – Jem
    Commented Oct 18, 2019 at 12:15

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .