1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Accidently restriced permissions for all users on drive D-Windows 7

Discussion in 'Windows 7' started by iTrey, Feb 18, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. iTrey

    iTrey Thread Starter

    Joined:
    Feb 18, 2010
    Messages:
    22
    I was messing around with my security settings on my second hard drive (D), and i locked myself out. Below is an image of what happens:
    [​IMG]http://itrey30.angelfire.com/GetAttachment.jpg
    IF you can't see it, it says "cant access drive d, access is denied". Please HELP! i had like 30gb worth of info on it and i cant afford to lose it. ive never run system restore before, so that option is out. Reformatting it will lose all data. If you know what to do please post your thoughts. Ive run out of ideas.
     
  2. DaveA

    DaveA Trusted Advisor Spam Fighter

    Joined:
    Nov 16, 1999
    Messages:
    16,077
    First Name:
    David
    What program were you using when you locked up the drive?

    And there is nothing but the "AngelFire" image at your link.
     
  3. TheOutcaste

    TheOutcaste

    Joined:
    Aug 7, 2007
    Messages:
    9,028
    What did you change in the permissions?
    Did you delete a group, or set a Deny permission?
    Have you tried bypassing the root of the drive and going directly to a folder?
    So instead of clicking on the D: drive, in the location bar delete any existing text, then type D:\<name of folder> and press Enter.
     
  4. iTrey

    iTrey Thread Starter

    Joined:
    Feb 18, 2010
    Messages:
    22
    Thank you for your replies. I didn't use any program, i just right clicked, opened preferences, went to the security tab and denied all permissions(on accident). I didn't know that as soon as i clicked ok it would deny my (as an admin) permission also. Yes, i have tried that, outcaste.







    Here's a differnt link to the picture: http://www.mediafire.com/?b3mzhnzjonm
     

    Attached Files:

  5. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    78,257
    First Name:
    Terry
    If that "not accessible" is the result of a right click I have no idea what to do (in Windows).

    If you can right click it maybe you can Take Ownership.
     
  6. TheOutcaste

    TheOutcaste

    Joined:
    Aug 7, 2007
    Messages:
    9,028
    Deny permissions can get you in trouble in a hurry.
    This procedure may fix it if that is what was done. I've walked two people through this on Vista to recover their C: drive, and it should work the same on Win 7, but I've never tried it.

    As this isn't the system drive, might be easiest to just backup the data using a Live CD, then delete the partition and recreate it, then copy the data back. It's more intended for recovering the C: drive, so you won't have the hassle of re-installing Windows and all programs.

    If done on the Windows drive, it does change permissions from the defaults so there may be some issues with permissions, but I haven't heard of any in the two cases I've dealt with.

    If you want to give this a try just for fun and education though, here's the procedure.

    I would recommend you first backup your data AND system drive either using a Live CD to boot the system, or image the drives so you can restore things back to the state they are now. I'm not sure if connecting it to another system to copy your data off will work, the other system may be denied access as well. The same may be true with the Windows based Live CDs, so a Linux version would be my first choice, as it generally ignores NTFS permissions.

    Live CDs:
    Ultimate Boot CD for Windows
    BartPE CD/DVD
    Ultimate Boot CD
    Knoppix
    Ubuntu
    Puppy Linux
    Linux Mint
    The first two require access to a Windows XP Disk
    The Ultimate Boot CD does not include SATA drivers, so you'll need to be able to change the BIOS setting for the SATA controller to ATA instead of AHCI, or Compatibility mode instead of Enhanced (wording will vary)
    Note: A Vista/Win7 DVD can also be used to recover files and make some repairs. A Vista RE disk can be downloaded from one of these links:
    Vista Recovery Environment CD
    64 bit Vista
    32 bit Vista
    Windows 7 from here:
    Recovery Environment CD

    • Boot with the DVD
    • Select your language and click Next
    • Click Repair your Computer
    • After it scans for Windows installations click Next (Win7: Select Top option first)
    • Click Command Prompt.

    You can use Copy, Xcopy, or Robocopy to copy files to an external drive, a different partition, or a different internal hard drive.

    Once the data is safe, give this a whirl:

    Is the Administrator account displayed on the Welcome screen?
    If not, follow these steps to activate it:

    Boot to Safe Mode and log in with the Administrator account if available.
    If not, use any other Admin account.
    Open a Command Prompt (Should say Administrator in the Title bar)
    If not, open an Elevated Prompt by clicking Start, type cmd, when cmd.exe appears in the list, right click it and choose Run as administrator

    type the following (there is a space between the different colors):
    Net User Administrator /active:yes
    You should see The command completed successfully

    Reboot to Normal mode and log in with the Administrator account

    If it's never been used before, it may take a minute as the profile is created.

    Click on Start, type regedit in the Search box, press Enter
    Navigate to this key:
    Code:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
    In the right pane, find EnableLUA
    If it's not 0 (zero), double click and change it to 0
    You may get a pop up from the tray that UAC has been turned off, you can ignore it.
    Collapse the tree back to HKEY_LOCAL_MACHINE
    Right click on HKEY_CLASSES_ROOT, click Permissions...
    Highlight CREATOR OWNER
    Check Full Control under Allow
    Highlight SYSTEM
    Check Full Control under Allow
    Highlight Administrators
    Check Full Control under Allow
    Highlight Users
    Click Remove
    If It Shows, Highlight Your Username
    Click Remove
    Click OK

    Reboot the system, then Log into the Administrator account
    Right click Computer, then click Explore
    Right click the D: drive, click Properties.
    Click the Security tab
    Click the Advanced button
    Click the Owner tab
    Click the Edit... button
    Highlight Administrators
    Make sure the box for Replace owner on subcontainers and objects is Unchecked
    Click OK, OK the Pop-up, then OK on the remaining property windows to close them
    Right click the D: drive, click Properties.
    Click the Security tab
    Click the Edit... button
    Highlight Administrators, and click Full Control under the Allow column
    Check all other entries, and remove any Deny permissions.
    Default Groups/Allow Permissions:
    Code:
    [B]Authenticated Users [COLOR=DarkRed]Special[/COLOR][/B]
    [B]System              [COLOR=DarkRed]Full Control[/COLOR][/B]
    [B]Administrators      [COLOR=DarkRed]Full Control[/COLOR][/B]
    [B]Users               [COLOR=DarkRed]Read & execute[/COLOR]
                        [COLOR=DarkRed]List folder contents[/COLOR]
                        [COLOR=DarkRed]Read[/COLOR][/B]
    Click OK, then click Yes on the Popup
    You will get several error Popups, click Continue on all of them
    Click OK on the Properties window.

    Open a Command Prompt
    Type the following two lines (there is a space between the different colors):
    CD /D D:\
    icacls * /C /T /reset


    This will reset the default inherited permissions, but will not remove any Deny permissions that have been set on individual items. It's normal to see Access Denied messages, and some files will fail to be processed.
    This should restore the ability to take ownership to remove any deny permissions that may be set on individual files/folders.

    Close the Command Prompt when it finishes.
    Start Regedit
    Right click on HKEY_CLASSES_ROOT, click Permissions...
    Click Add..., type Users, then click the Check Names button
    Click OK
    Click the Advanced button
    Highlight Users and click the Edit... button
    Check the following boxes under Allow:

    • Query Value
    • Enumerate Subkeys
    • Notify
    • Read Control

    If you wish to re-enable the User Account Control (the Enable LUA value we changed earlier)
    Control Panel | User Accounts
    Click Turn user Account Control On or Off
    Check the box and Click OK
    (This does require a Reboot)

    Reboot, log into the User Account and test.

    Once everything is working, we need to restore TrustedInstaller as the owner of D:\
    Right click Computer, then click Explore
    Right click the D: drive, click Properties.
    Click the Security tab
    Click the Advanced button
    Click the Owner tab
    Click the Edit... button
    Click the Other users or groups... button
    Type in NT SERVICE\TrustedInstaller
    Click the Check Names button
    Click OK
    Highlight TrustedInstaller
    Make sure the box for Replace owner on subcontainers and objects is Unchecked
    Click OK, OK the Pop-up, then OK on the remaining property windows to close them

    To disable the Built-in Administrator account (Good idea):
    Open a Command Prompt
    type the following (there is a space between the different colors):
    Net User Administrator /active:no
    You should see The command completed successfully
     
  7. iTrey

    iTrey Thread Starter

    Joined:
    Feb 18, 2010
    Messages:
    22
    Ok thank-you. when i try it, ill get back to you.(y)
     
  8. Syst3mSh0ck

    Syst3mSh0ck

    Joined:
    Jul 11, 2009
    Messages:
    356
    Nice post, very informative :)
     
  9. iTrey

    iTrey Thread Starter

    Joined:
    Feb 18, 2010
    Messages:
    22
    Crap. I only made it worse. I got to this point and then it wouldn't let me get into explorer.
    http://www.mediafire.com/imageview.php?quickkey=hmt3yymy3mz
    Fortunately, i can access stuff through run.
    Also, there is no security tab anymore and when i go into advanced sharing it still says the administrator has blocked access to this folder.
    Im going to try reinstalling windows...
    [​IMG][​IMG]
     
  10. TheOutcaste

    TheOutcaste

    Joined:
    Aug 7, 2007
    Messages:
    9,028
    So at this point we should have these steps done:
    Enabled the Builtin Administrator account
    Turned off UAC
    Gave Full Control Allow permissions to System, Administrators, Creator_Owner on the HKEY_Classes_Root Key
    Removed the Users group from the HKEY_Classes_Root Key

    I'm not sure how that could keep Explorer from being able to open. It's already running, as you have the Start menu.
    Can you start Regedit from the Run box? If so, try adding the Users group back to the HKEY_Classes_Root key With Full Control Allow permission.
    You can also try restarting Explorer.
    Open the Task Manager (CTRL+ALT+DEL, or right click the Taskbar)
    Click Start, hold down CTRL+SHIFT, now right click a blank area of the Start Menu, between Shut Down and Run.. is a good spot.
    Click Exit Explorer
    In Task Manager click File | New Task (Run...) and type Explorer.exe, see if that allows you to open an explorer window
     
  11. iTrey

    iTrey Thread Starter

    Joined:
    Feb 18, 2010
    Messages:
    22
    Thanks! Adding Users back worked, but now im afraid to try the whole thing again. Should i try the "Recovery Environment CD"? Would it fix the problem?
     
  12. TheOutcaste

    TheOutcaste

    Joined:
    Aug 7, 2007
    Messages:
    9,028
    I'd be leery of trying it again myself, unless I had a new image to restore if it messed up again.

    You could use one of the Recovery Environment CDs to copy every thing over to the C: Drive or a USB drive. You'd have to do that from the command prompt using Xcopy or Robocopy, or you can open two Notepad windows and use the file Open dialogs as kind of a mini File explorer and drag and drop files between them.

    A Linux CD would be a more user friendly option as well. If I had to choose one, I think Puppy Linux is a bit easier than Ubuntu or Mint for someone new to Linux. It would let you copy the files to the C: drive, an external, over a network to another PC, or you can burn them to CD.

    Once the files are backed up, you can delete the D: partition, create a new one, and format it. That should take care of any permission problems, at least for the D: Drive.

    I still don't understand why removing the Users group would have had the effect it did. Makes me wonder just what other oddities are lurking in the shadows. Might not hurt to start planing for a re-install at some point in the future to get a clean start with everything, before something comes up and you have to do it "unplanned".
     
  13. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    78,257
    First Name:
    Terry
    If you are going to experiment with permissions start with a test folder with just a few files and sub-folders--maybe a copy of a real one. Take notes of what you do, and if you end up with permissions that work as desired you have a procedure. If not, remove the test folder and start over. :)

    Are you just experimenting with permissions, or is there a problem you are addressing?
     
  14. iTrey

    iTrey Thread Starter

    Joined:
    Feb 18, 2010
    Messages:
    22
    Nah, i was just messing around i guess.
     
  15. iTrey

    iTrey Thread Starter

    Joined:
    Feb 18, 2010
    Messages:
    22
    ok. i found out something did work. i still cant access the drive, but i can access the files in the drive if i have a shortcut already made
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Accidently restriced
  1. ozegirl
    Replies:
    10
    Views:
    1,193
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/903941

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice