Recursively change ownership to another user in windows

Question

In Windows (particularly, Windows server 2012) I have to change ownership of a folder with a bunch of subfolders and files.

Here: recursively change owner windows 7 (and in other places) people suggest to use 'takeown' command for that. The problem is that I need to set another user as the owner, not myself. But I don't know their password, as well as I don't want to tell them the admin password so that they can run this command with the administrator privileges on their own.

When I tried to specify a target user to the 'takeown' command: takeown /S 127.0.0.1 /U someuser /F somedir /R, it has responded that the user credentials cannot be used for local connections.

How can I set another user as a directory/file owner recursively in Windows?

Answer 1

A user doesn't need administrator rights to use takeown if you grant them the "Take Ownership" permission on the objects first. (This is WO in icacls, and is included in "Full Control" F set.)

:: Grant "Full Control" (inheritable):
icacls C:\foo /grant "DOM\user:(oi)(ci)f"

:: Or, grant "Write Owner" only (inheritable):
icacls C:\foo /grant "DOM\user:(oi)(ci)(wo,s)"

:: Now the user can takeown the folder.

In recent Windows versions, you can also use icacls /setowner to directly assign ownership to another user:

icacls C:\foo /setowner "DOM\user" /t /l

This is not part of takeown because it performs the actual change through a completely different operation than just taking ownership, and does require administrator rights regardless of what permissions you currently have on the file.

(Specifically, /setowner requires the "Back up files" and "Restore files" system-wide rights, which only Administrators and Backup Operators have by default. In comparison, takeown only uses the "Take ownership" system-wide right and/or the file-level permission.)