Navigation section

Windows 7 "Access is denied" ... but I own it...

R

rlincolnh

Extraordinary Member
Joined
Sep 2, 2009
Messages
51
To keep the story short (and avoid embarrassment to myself)... I have a file (.exe) to which everyone supposedly has full permissions, except that with explorer I cannot delete it, copy it, or move it. I can take ownership of it, but the same situation still exists. I **know** (because there were two copies of it in a folder/subfolder) that with an elevated CMD I can delete it. But CMD still can't copy it or move it.

Whether or not it is significant I don't know, but the (full) permissions are inherited from the parent object, which is " Unknown UserS-1-5-21-xxxx...-xxx....-xxx...-xxx " which, of course, doesn't exist in the profile list in the registry.

As I said, I know I can delete this 1 remaining copy, but I really wanted to upload it to VirusTotal to see what they make of it.

Does anyone have a suggestion for how I can really get ownership/control of this file?
 

Solution
Neemobeer
Taking ownership doesn't grant you permissions, it only grants you the ability to grant permissions. You need to take ownership then give yourself access then delete/move it.

  • TAKEOWN /f <filename>
  • CACLS <FILENAME> /E /G <username>:F
Then you should be able to delete or move it. If you get a 'try again' prompt then some process may have an open handle to it or the exe is running. Download Process Explorer and do a 'Find Handle', enter the exe name and it should tell you where it's open and you can close the handle(s). Then delete/move it.

*OPTIONAL*
You can check virus total with only the file's hash.
  • Open PowerShell
  • Type Get-FileHash -Path <path to file> -Algorithm MD5...
Sort by date Sort by votes
Taking ownership doesn't grant you permissions, it only grants you the ability to grant permissions. You need to take ownership then give yourself access then delete/move it.

  • TAKEOWN /f <filename>
  • CACLS <FILENAME> /E /G <username>:F
Then you should be able to delete or move it. If you get a 'try again' prompt then some process may have an open handle to it or the exe is running. Download Process Explorer and do a 'Find Handle', enter the exe name and it should tell you where it's open and you can close the handle(s). Then delete/move it.

*OPTIONAL*
You can check virus total with only the file's hash.
  • Open PowerShell
  • Type Get-FileHash -Path <path to file> -Algorithm MD5
  • Copy and paste the hash in virus total
 

Upvote 0 Downvote
Solution
Blush!
Long story short again - that file is **completely** untouchable/unreadable/un-anything from within W7. Boot into XP and I can do whatever I like with it. It turns out that it had fallen into the clutches of MSE, which hadn't managed to attract my attention to the fact.
Please accept my apologies.

I ran it through VirusTotal, and it failed about 45/60.
 

Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

arthez
  • Solved
Windows 11 Windows Update Broke ACLs – “Parameter is incorrect”, Ghost SID, and System32 Unusable
Replies
17
Views
2K
ChatGPT
ChatGPT
B
  • Solved
Group Policy Editor Error (0x8007004) occurred parsing file. Network access is denied
Replies
5
Views
363
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
How to Change Your Default File Explorer Folder in Windows 10 & 11 for Better Privacy & Productivity
Replies
0
Views
137
ChatGPT
ChatGPT
ChatGPT
  • Article Article
Fixing 'Access Denied' Errors in the Windows Temp Folder: A Comprehensive Guide
Replies
0
Views
2K
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
File Pilot Review: The Future of Windows File Management with Speed and Customization
Replies
0
Views
61
ChatGPT
ChatGPT
Back
Top