How do I gain access to files that Windows says I don’t have permission to access?

When transferring NTFS formatted disks from one machine to another, permissions can restrict access. I'll cover both Widows and Command Line solutions.

//

In one of your articles on recovering files after a hard disk crash you stated: “Another alternative is to take the old drive and place it into an external USB enclosure, …”

I’ve done that – even though all my old files are on the HD, I can’t access them due to Windows 7 file permissions. Is there a simplistic command I can execute to change all file permissions on the ext hard drive so I can finally access them? Thanks in advance for your time and response.

Yes, there are a couple of approaches. I’ll touch briefly on the Windows GUI approach, but then I’ll show you how I really do it, using the Windows Command Prompt.

Windows 7 has (apparently) tightened up some of the file-level security so that frequently when sharing hard drives and removable media across machines this scenario comes up more often than just when recovering files from a damaged hard drive.

The “Windows Way” is to open up Windows Explorer, locate and the right click on the folder containing the files you want to access, and click on properties. That’ll take you to the properties dialog:

Folder Security Properties

(In the example above I right clicked on a folder called “drivers” to get this dialog.)

If you’re having problems, it’s not uncommon to find odd entries in the “Groups or user names” field. Those are typically the id numbers of users or groups from the machine on which the drive was originally installed on. It’s those users or groups that have permission, not you. That’s often where recovery efforts are stymied.

So we’ll open up permissions.

Click the Edit button – note that it has the shield icon indicating that Administrative access is required – you must be administrator and depending on your UAC settings you may be prompted after clicking.

On the next dialog press “Add”, and you’ll be presented with something like this:

Select Users or Groups dialog for file permissions

In this example, I’m taking the sledgehammer approach and have typed in “Everyone” – click Check Names and it’ll become underlined indicating that it’s valid.

I choose “Everyone” in these examples because, in my case, I control who has access to my machines and my network. Particularly in data recovery operations, it’s also simpler to just make everything accessible to, literally, everyone. In this case “Everyone” is every account that can login to my machine, including all users and if enabled, the Guest account. In a mixed environment where you have less control over the accounts that might be attempting to access your machine you might consider selecting a different account or group such as Administrators to get permissions.

Click OK and you’ll be returned to the Permissions dialog. Click on “Everyone“, and then click on the “Full Control” checkbox below:

Giving Everyone Full Control on a folder

Click on OK. If it asks if permissions should be assigned to all files and subfolders, say yes.

You should now be able to access the files.

Now, that’s not what I do.

I’m a command-line kinda guy, and thus I use the Windows Command Prompt.

The first step is to get one with Administrative privileges. Typically, that means you can right click on the icon and click on Run as administrator. If the icon is in your Windows 7 Taskbar, right click on it, then right click on the Command Prompt in the popup many that appears to get the option:

Windows 7 Taskbar, two step process to run as admin

Now you have a Windows Command Prompt with full administrative access.

“CD” to the location of the folder who’s contents you want to access. In my example, case that’s (keystrokes shown in blue):

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:Windowssystem32>cd /d c:dell

c:dell>

There are two commands that are extremely useful in this scenario; often either one alone is sufficient, but both pretty much guarantee access:

c:dell>takeown /F *
/R
SUCCESS: The file (or folder): “c:delldrivers” now owned by user
“NOTENXPSLeoN”….

The “takeown” command shown above takes ownership of the named folder, or in this case “/F *” means all files and folders in the current folder. Ownership is assigned to the account you are currently logged in as.

“/R” means to also recurse into any folders and keep assigning ownership to everything found in any and all subfolders. You’ll see a long list of “SUCCESS” messages as ownership is reassigned.

“takeown /?” will display a full list of options.

The other approach is to use a more complicated program called “icacls”. Icacls is a command line utility for managing access control lists – i.e. file access permissions. It has plethora of options that are fairly confusing.

Here’s what I use:

c:dell>icacls * /grant:r
everyone:f /t

processed file: drivers

Successfully processed 66 files; Failed processing 0 files

Once again “*” means all the files and folders in the current folder, “/grant” means we’re granting permissions, “:r” means we’re replacing any existing permissions, “everyone” means that everyone gets the permission we’re about to grant, “:f” indicates that we’re granting full control, and finally “/t” means to perform the operation on all subfolders as well.

“icacls” without any arguments at all will print the lengthy list of things you can do with it.

ICacls should be used with caution. It’s very easy to accidentally remove or assign permissions that boil down to no permission at all. If you do that to the wrong files or folders you could cause some serious problems.

Caveat: I’ll reiterate that I’ve used “Everyone” in the examples throughout this article because nine times out of ten it really is a fine thing to do – quick and easy access to files that you’re attempting to access from some kind of media that’s been transferred from another machine. However, depending on your situation you may want to choose another account or group if you have other login accounts on your machine, or other machines on your local network that might gain access via networked shares.

And a final note: everything here applies to drives that are formatted with the NTFS file system. This level of permission and ownership does not exist on drives formatted as FAT and thus none of this applies. (FAT file systems are the equivalent of “everyone has full access” by default.) But then you also shouldn’t have had any problems accessing the files in the first place.
Smile

There are 33 comments:

  1. Marty Reply

    Nuqel.E sneaked into my system win7.
    I cannot get rid of it. PC Tools doesn’t help. It
    seems like it has to be loaded first. Cannot do that.
    I thank you in advance.

    Marty

  2. Dell Reply

    Leo, do you have a similar process for XP Home platform?

    I’ve never been able to resolve my HPFUD50.dll file issue, and therefore can’t update. If I could delete that file, I could update my machine.

    Best,
    Dell

  3. Carlos Malferrari Reply

    I found a .REG file that creates a shell command to automatically grant full rights to a file or folder. See below. It’s been very useful and, I hope, not dangerous.

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT*shellrunas]
    @=”Grant Admin Full Control”
    “NoWorkingDirectory”=””

    [HKEY_CLASSES_ROOT*shellrunascommand]
    @=”cmd.exe /c takeown /f “%1″ && icacls “%1″ /grant administrators:F”
    “IsolatedCommand”=”cmd.exe /c takeown /f “%1″ && icacls “%1″ /grant administrators:F”

    [HKEY_CLASSES_ROOTexefileshellrunas2]
    @=”Grant Admin Full Control”
    “NoWorkingDirectory”=””

    [HKEY_CLASSES_ROOTexefileshellrunas2command]
    @=”cmd.exe /c takeown /f “%1″ && icacls “%1″ /grant administrators:F”
    “IsolatedCommand”=”cmd.exe /c takeown /f “%1″ && icacls “%1″ /grant administrators:F”

    [HKEY_CLASSES_ROOTDirectoryshellrunas]
    @=”Grant Admin Full Control”
    “NoWorkingDirectory”=””

    [HKEY_CLASSES_ROOTDirectoryshellrunascommand]
    @=”cmd.exe /c takeown /f “%1″ /r /d y && icacls “%1″ /grant administrators:F /t”
    “IsolatedCommand”=”cmd.exe /c takeown /f “%1″ /r /d y && icacls “%1″ /grant administrators:F /t”

  4. Jim de Graff Reply

    cacls * /e /g everyone:f

    /e says to edit the existing permissions instead of replacing them (less likely to cause problems)

    /g grants permissions

    everyone:f grants full access to everyone

    cacls has been deprecated in Windows 7

  5. Gigi Duru Reply

    Actually the easiest solution is to just ditch the source of the problem – Windows.
    Leave the hard disk in the pc and boot from a Linux live-cd – in there you can access all your files without the fear of infecting another pc.

  6. Lalit Reply

    My office computer has an admin control. The power option has been set for ‘turn off in 20 mins’ if I tried to change to ‘never’ but it says access is denied. It is win XP. All settings are denied. How can I stop shutting off every 20 mins. Thanks

  7. Michael Reply

    I am the only user of my computer. I have Win XP Home w/SP3. I would like to be able to do a “whole sale” edit of the reqistry to grant full access to everything in the reqistry rather than having to change one entry at a time when I try to modify or delete a key. One good area where this is a nuisance is in the area of the registry that deals with “Legacy” keys. Thanks.

  8. Dennis Reply

    Thanks for the great article, now I have a couple other ways to get access to files on drives from other computers, while backing up or restoring folders and files.

    What I would like to know is why sometimes I have access to the shared drives and sometimes I do not. I have experienced the access denied using an XP machine and trying to access both XP and Vista disk from other machines attached via a SATA/IDE to USB adapter. Sometimes the XP machine adds the Admin account to the disk without any action taken by me, sometimes I have to take ownership and add the account to the folder I need to get access. Makes no sense?

  9. Ashley Reply

    OMG i love you this has just saved about 4 yrs of my stuff, i could not be more thankful, i wish i could had found this sooner.

  10. Just me Reply

    the main options I recommend is whenever a system requires a reformat and a backup of user files is to either
    a> first put the files in question on a FAT32 volume / partition / disk
    - file ownership & permissions don’t follow files to anything that’s formatted with FAT32
    or
    b> restore said file(s) from the backup to a FAT32 volume / partition / disk
    same thing applies the backup program will usually restore the files and the file ownership / permissions lockout info will not follow the file and you will have full access to the file(s)
    or
    c> archive the files on CD/DVD which is
    CDFS for Data CD’s or UDF for Data DVDs
    neither format supports the NTFS permissions, which is where the problem happens to be.

  11. Yaru Reply

    I have the same problem as the article, but the thing is after I’ve unlocked the folder, the files inside are still locked. In order to unlock it, I have to repeat the same process but on each individual file before I get to use.

    Thing is, one of these locked folders have ALOT of files, so unlocking them one by one is a bit impractical. Are there ways to do this faster or multiple files folders at a time? I am using Windows 7 64 Bit Home

    The command line examples operate on all files and subfolders in the current folder.

    Leo
    01-Feb-2011

  12. Larry Reply

    Thanks for the artical. On A win 7 64 bit system you have to take control of the folder and all the sublets folders. Make sure you have the right person to do it. There are several persons it the ownership window. Make sure you pick the right owner when you take ownership. Hope this helps.

  13. N-Ray Reply

    Leo,
    Thanks a million! Had tried everything – even Microsoft Help, which, of course, used the “See your Administrator” fudge when it got down to the nitty-gritty of giving a helpful answer. Why MS can’t give the instructions like you did is beyond me.
    Thanks Again, N-Ray

  14. Dawn Reply

    Thank you so much for the helpful information! The command prompt solution was so useful and finally unlocked my files and relieved me of so much stress. Thank you Leo.

  15. Johnny Reply

    I just wanted to say thank you for such a helpful and easy to understand guide.
    I put the HDD from my dead desktop into an enclosure but couldn’t access the files – but now I can!

  16. Phil Squire Reply

    Leo
    Many thanks for this. I went the “windows” route and it worked for me. I had been searching for a solution to this problem for over three hours, literally! Many thanks, again.
    Phil

  17. Zinc Reply

    None of this works on W7 with a FAT32 drive, I wish I could find a similar article about that. “takeown” just gets me “ERROR: File ownership cannot be applied on insecure file systems; there is no support for ACLs.” and attempting to delete a file on the drive gives me “You require permission from Everyone to make changes to this file.” It’s a write protect problem of some kind, and all I’ve found so far is a registry policy setting for write protect on StorageDevicePolicies that also didn’t fix the problem.
    I’ve been searching through all kinds of forums and articles with no success so far…

    Takeown doesn’t apply at all on FAT drives – there’s no real concept of ownership. Same for access permissions – FAT is limited to read-only or not. I’d a) make sure you were running as administrator (run a command prompt as administrator), and if that doesn’t work either try booting into safe mode, or booting into a differnet OS such as from a Linux live CD of some sort.

    Leo
    14-Nov-2011
  18. Sean T. Reply

    I did the command prompt path and it said success on taking ownership of the files, but I still can’t view them or move the folder over to my other hard drive. It still says that I don’t have the permissions.

  19. Sean Reply

    Hi man

    Thanks you’re a life saver.

    One last question – most of the folders still have padlocks on them, and although I can access them, I have to manually change the permissions to move them.

    Any way of bulk changing that?

    Many thanks

  20. seun osinuga Reply

    Hello everyone, i discovered another simple and alternative way of getting your file permission and control. All i did was to select all the files (not the folder),
    *clicked on Share with(this can be found on the property bar)
    *clicked specific people,
    *in the file sharing interface, i typed everyone, clicked add, also changed permission level to read/write
    *finally clicked share.

  21. Corey Reply

    How do I make it ask me to add settings for all containing files/folders if it is not asking me?

  22. Notkrap Reply

    Worked like charm! I have 3 desktops networked and could only access Public files from each, this did the trick!

  23. radiopipes Reply

    Thanks so much! This issue was driving me crazy. Had lots of data and files.

  24. Tom K Reply

    I am trying to script a solution that would do the equivalent of adding an Everyone group to the security, and then giving full control (clicking all the allow boxes in the everyone permissions). This is exactly what you do in the first part of the article. When, however, I try using some combination of the command line takeown and icacls, it does not quite do the same thing. It adds the Everyone, but does not check any of the permissions in that part of the GUI. Any suggestions what I may be doing wrong?

  25. Dave Reply

    I tried this and although the permissions changed to allow all access, I can’t copy my old files to my new laptop. I still get the same error message about needing admin permission. My old laptop is XP and my new one is Win 8 but I also tried it on a Win 7 desktop and got the same message.

  26. Brad Reply

    I tried this in Windows 8 and had the same issue as Dave in that the permissions (when using the “Windows Way”) seemed to work but I could still not access the files. I tried the command shell and it 1) it did not have a “takedown” command. 2) icacls gave me an Access denied error. Some more detail (in case it is relevant): I’m trying to copy files from a harddrive extracted from an old computer. I would like to access: “…/users/myaccount/Local Settings” Local Settings is a link which may be causing additional problems. Can anybody offer insight as to whether this can be done in Windows 8? Thanks.

    It’s takeown, as in “TAKE OWNership”, not takeDown.

    Leo
    26-Dec-2012
  27. hamza Reply

    hello there :)
    i used your method but i cant access files still i have photos that are not opening
    please help

  28. Arvin Reply

    Thanks again Sir this is a complete tutorial be it windows or command prompt, you’ve helped me again and again, where others can’t, you have it complete. God bless.

  29. Helmuth Reply

    What can be done when the acces is denied not only in a file, in the local hard drive indeed?

  30. Zach Reply

    What if processing a file is failed in the “what you use” approach? I tried all of the approaches listed above, yet one failed still and I have no idea what to do now

  31. Bob Reply

    I have a similar issue with a portable 1Tb drive (and increasingly, with high-capacity USB sticks) that I use on both my desktop PC and my laptop. Every time I swap from one to the other, I get the “you don’t have permissions” problem.
    Do I have to add ‘everyone’ from EACH machine I intend using a device on, and do I need to do it every time I add files to the device? This seems very time-consuming…

Leave a reply:

Before commenting please:

  • Read the article. Seriously. You'd be shocked at how many people make comments that prove they didn't.
  • Comment only on the article. If you have a new, unrelated question start with the search box at the top of the page.
  • Don't post personal information. Email addresses, phone numbers and such will be removed.

VERY IMPORTANT: because of a rise an comment spam that's making it through our filters any comments that do not add to the discussion - typically off topic or content-free comments - run a very high risk of being flagged as spam and removed.

If you have a new question unrelated to the article above, ask it on the Ask Leo! ask-a-question page.