NTFS Permission issue with TAKEOWN & ICACLS

Most of us using TAKEOWN or ICACLS for taking ownership from command prompt, and both of them are simple to use.

We generally use TAKEOWN or ICACLS with following switches to taking the ownership.
takeown /F “PATH” /R /D Y /A
icacls “PATH” /T /setowner Administrators

But unfortunately, TAKEOWN & ICACLS both might failed on certain scenario, as there are some undocumented limitation. We had incident where we tried to take ownership of a shared location hosted on NetApp Filer. While using TAKEOWN, we are getting following error.

ERROR: The data area passed to a system call is too small.

And, while using ICACLS, we are getting Access Denied error, we are also getting same error while using windows GUI for taking the ownership. We tried almost everything, but still no luck. Additionally if we are using TAKEOWN command to take the ownership of a shared location, all existing permission getting replaced by Administrators group.

Finally we found SubInACL, which is a command-line tool from Microsoft that enables administrators to view / modify security information about files, registry keys, and services. This tool is much more complex and powerful than TAKEOWN & ICACLS. To execute this tool, user must be the member of the Administrators group of that shared location. We tried this tool with following switch to obtain the ownership.

First we took the root folder ownership using following
subinacl /file “PATH”ย /setowner=Administrators
Later we use following switches to take the ownership on all subfolders & files.
subinacl /subdirectories “PATH*.*”ย  /setowner=Administrators

Once done, you will get following message.

output

Note: Using this tool unlike TAKEOWN, your existing permission will be intact.

Update: If you want to update permission of any folder, where you are not the owner, you can use this tool to update the permission without taking the ownership of that folder. You just have to be the member of local administrator group of that server or CIFS.

 

9 thoughts on “NTFS Permission issue with TAKEOWN & ICACLS

  1. Thank you, I was having this issue with our NetApp share where the take ownership recursive wouldn’t work and was incredibly annoying.

  2. Hi

    in different languages the admin is written in a different way.
    it would be easyer to make the job with the id

    e.q. subinacl /subdirectories “PATH*.*” /setowner=ย“S-1-5-10?

    its more secure ๐Ÿ˜‰

      • That doesn’t always fix the problem.

        There are two more reasons I can think of that would give access denied even running subinacl as admin.

        1. There is a process holding an open file handle to the file.

        2. Ntfs corruption

        Fixes:

        1. Can generally be fixed with unlocker or similar program that can close file handles

        2. Do a chkdsk /f and repeat until the errors are fixed. If that doesn’t fix it, backup the files and wipe / reload

        • I am not sure about locked files, I never got Access Denied during applying permission on on-line file server during peak hours, but in case of corrupted files, it is true.

Leave a Reply

Your email address will not be published. Required fields are marked *