Vista File Permissions

Y

yossarian

Gawd
Joined
Nov 2, 2004
Messages
799
Been using Vista over a month and have been pretty happy with. Until last night. :mad:

I restored a backup of My Pictures and its subdirectories from my previous XP setup. I placed them under a temporary root subdirectory. The problem is I couldn't access ANY of the files after restoring them. Clicking on the various jpegs just gave me a file not found error. Eventually, I discovered that I had to set permissions on each subdirectory for me as a user to Modify or Full Control before they became accessible. One directory with various stored web pages and associated images would not even allow me to set permissions by directory...I had to individually set permissions for EACH FILE! :rolleyes: I noticed that those files did not list me as a user, but instead it had some number string as a user. I had to add myself as a user first, then give myself permissions. That took me over two hours.

What's the deal with permissions? Do I have to do this for all data I restore from XP? I never had permissions issues in XP... This is a royal PITA if there's not a workaround for it.
 
If the files have been made 'Private' under XP then they won't be accessible under Vista until after you've taken ownership. If they've been created under XP but not made 'Private' you should have read-access only until after you've taken Ownership.

Save the following as a .reg file, open it with registry editor and merge it into your registry. That'll add a 'Take ownership' entry to the right-click context menu, and allow you to easily take ownership of folders and their contents:


Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\*\shell\runas]
@="Take Ownership"
"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\*\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"

[HKEY_CLASSES_ROOT\Directory\shell\runas]
@="Take Ownership"
"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\Directory\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"
 
Thanks for the tip. I modified the registry and the option is in the menu. I found another directory that is screwed up like the previous one, but the Take Ownership won't phase it. These tough ones don't list me as a user, but have a number string with a user icon. I have to add myself to each one as before to access them. Luckily I don't seem to have a huge number of these. Maybe the thing to do is go back to XP and remove restrictions there and back them up again, eh? :confused:
 
Another option that worked for me (at least, it worked for moving protected files in one WinXP install to another): Copy to a FAT32 partition. From my underestanding, FAT32 does not support the same permissions as NTFS does. When copied over, most of the permissions will be stripped. You may need to take ownership, but thats about it.
 
heh heh.....

Oooska, that sorta sounds about as cumbersome as using a CD burner and blank CDs to transfer files from one PC to another, just because you don't have a network cable plugged in!
 
Assuming he has a FAT32 partition already setup, or a thumb drive, it's not to bad (unless he's talking about gigs of files, which it doesn't appear to be the case). But yeah, I agree, it is a little bit circuitous (but then again, setting each individual permission isn't exactly quick either :p).
 
Did you have specific rules as to who could and could not access those files on the machine you transferred them from?

It sounds like it. Vista is just enforcing those rules still (exactly as another XP install would if you had transfered it there - I had this issue with a directory I moved from a Win2K to a different Win2K directory in the past), but since the user is not in its list of users you are experiencing issues. I believe you should be able to remove the GUID/User from the original machine and add "Authenticated Users" with "Full Control" or something, then force a propagation down to all child objects. That might need some command line action to actually accomplish, especially if you had a subfolder(s) that stopped inheritance, creating new restrictions from then on, somewhere in the folder structure. I went through that some time ago with Win2K on both the source and destination machines. You need to think about Security when you transfer files in an NTFS environment. Not much or maybe even often, but sometimes.

I suppose if that is not the issue it could potentially be something else, but I can't think of anything that matches those symptoms so precisely ATM.
 
I never knowingly had any protections set up in XP. I placed various pictures and images in the My Pictures folder. Eventually I created folders under that for photos and other graphic images. The images under the My Pictures folder were accessible when restored from the backup, the files in the subsubfolders became inaccessible until I took ownership. It seems the directories that won't let me take ownership of all the files in the directory at once are associated with whole web pages that were saved. The directories are the folders for the images on the webpage. So, I've never established anything, but somehow permissions were set up without my knowledge or knowing consent.

For these webpages, it sounds like I can try to copy them to my 4GB FAT 32 USB drive to scrub out permissions, then copy back. I'll let you know how it works when I get the opportunity. Thanks for the tip. :D
 
Interesting problem, yossarian. Was the browser used to save those web pages, or a capture program/tool? I've had no problems taking 'ownership' of saved web page files, either manually or using the context menu tweak I posted above. But all the web pages I've saved had been saved via either IE or Firefox.
 
For future reference, wouldn't there have been two easy ways to avoid this problem?

1) Always use the same username and password combination on all of your installs.

2) Don't use the damn kiddie "My Blah Blah" folders. I've always stored data on a second drive/partition, and I have never been able to recreate this "take ownership" access denied issue.
 
djnes said:
For future reference, wouldn't there have been two easy ways to avoid this problem?

1) Always use the same username and password combination on all of your installs.

2) Don't use the damn kiddie "My Blah Blah" folders. I've always stored data on a second drive/partition, and I have never been able to recreate this "take ownership" access denied issue.
Click to expand...

That won't work - the GUID / SSID Windows creates for file permissions has an element of randomness. At least in my experience.

You can correct the issue by going to the object (file or folder) properties -> advanced -> take ownership -> propagate ownership to all child object. i.e., http://www.youtube.com/watch?v=BLgvpJ20_h8
 
So then would it be safe to assume that I've never been able to recreate this issue because I don't use the My "Stuff" folders?
 
djnes said:
So then would it be safe to assume that I've never been able to recreate this issue because I don't use the My "Stuff" folders?
Click to expand...

Probably :)

The problem is always on My... folders or hidden/system flagged folders.
 
I've never noticed ownership issues in XP using the My folders. If I had, I wouldn't have used them. Not even when I've saved folders and placed them into new XP builds during computer upgrades, different versions of XP, and so on. It's only been an issue since I've tried moving them into Vista. I'm not blaming Vista, it's just that this is the first time I've ever run into this issue, and I've done many system builds, rebuilds, for me and others.

The web pages were simply saved (using Firefox) by Save Page As...Web Page Complete.
 
Curious, yossarian. I have no idea why those folders would be giving you problems. But yes. Considering it's not a huge amount of data copying them to a FAT32 thumb drive and then back in to your system is an easy workaround to use for them.

djnes said:
Don't use the damn kiddie "My Blah Blah" folders. I've always stored data on a second drive/partition, and I have never been able to recreate this "take ownership" access denied issue.
Click to expand...
Whilst I appreciate what you're saying, don't you think you're being a bit condescendingly dismissive of people who prefer to use the "My ....." structure as the base level for their data storage? There are benefits to be had in doing so, after all. Especially for people who use OS-included features to perform productive work. And it sure isn't hard to 'move' the actual location of that structure, to point it at data stored on a different drive or partition.

Taking ownership of files isn't (or shouldn't be) a big problem for the end user. If I've migrated a rig to Vista I take ownership of the files on the entire data storage drive straight up front. You get a couple of confirmation prompts early in the process, where you need to enable the "Apply to all instances..." option, and then it just runs until completed.
 
Catweazle said:
Taking ownership of files isn't (or shouldn't be) a big problem for the end user.
Click to expand...
You're right, it shouldn't be a big deal, but how many times do we see this happen, even across XP installs? I do understand that it's possible to point those folders over to another physical location, but even then it's more work than just storing them on a data drive already. I also like having my data and my OS drive separate. It makes backup methods easier, and recovery efforts much much easier, should I ever have to re-image my system drive.
 
More work? You make it sound like a term of hard labour! For goodness sake, it's basically just a once-off that you confront when you're first configuring the new install. A few mouse-clicks to browse to the relevent folder and then click 'OK'.

People who find it such an impost to click the finger a few more times here and there REALLY need to get up out of that chair and go outside a while, IMO!


The 'taking ownership' issue, whilst it was present in XP under certain circumstances, is something new to a lot of people in Vista. Sobeit. User account protections are being enforced. That's part of what Vista introduces. Again, it isn't a big deal, really. Again, just a few mouse clicks when forst configuring the rig.

It's a damned shame, actually, that the developers didn't consider the situation of the many users upgrading (and who have files stored elsewhere) by including a "Do you want to take ownership of the files you created in XP?" prompt in the installation routine. But they're geeks. Geeks don't think of practical things like that!
 
Catweazle said:
More work? You make it sound like a term of hard labour! For goodness sake, it's basically just a once-off that you confront when you're first configuring the new install. A few mouse-clicks to browse to the relevent folder and then click 'OK'.

People who find it such an impost to click the finger a few more times here and there REALLY need to get up out of that chair and go outside a while, IMO!
Click to expand...
I said that because I've been accused, not by you, in the past of making more work with my suggestions, in an attempt to simplify. However, if you give me a choice between changing system paths, or just simple creating a folder on my D drive, I'm always going to opt for the latter. It's not about the amount of work for me...it's just about simplification. By keeping all of my data on a separate drive, I can back that entire drive up to my server in one process. It also keeps my data separate from the system volume, should I need to restore my image. I don't need to even edit the paths, because once I save a document in Word, Excel, etc to my D:\Documents folder, the apps remember this and always point back to there.
 
You must log in or register to reply here.
Back
Top