"Unable to Display Current Owner" & Access Denied when trying to take ownership
Solution 1
I just discovered that if Administrators is the owner and there are multiple users with administrator privileges, ownership cannot be displayed.
Solution 2
If you need to assume the same rights as SYSTEM than I can think of no better tool to use than Psexec by Sysinternals. found here: http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx Psexec can allow you to run with higher priviledges than Admin by using the -s funtion. For instance: Psexec -s regedit will allow you to edit registry keys with SYSTEM level authority. It can do all sorts of things to remote computers as well (or at least it used to until Microsoft put higher security on its machines). Just so you know, its a REAL bad idea running around your file system as SYSTEM (or Admin for that matter) malware or other beasties could gain the same rights as the current user and if that user is running as SYSTEM ...game over. I have poor eyesight. whats the name of the files? I too am curious to know why you cant view the owner. at the very least it should say "trusted installer" (gets me suspicious)
Related videos on Youtube
Dhiwakar Ravikumar
QA Automation Engineer with over 7 years of experience. I worked on delivering several features and products to customers with a high degree of quality. I have designed automation frameworks from scratch & automated several test cases to help boost productivity and increase test coverage while simultaneously improving QA standards. I used to work at Commvault and now I work at Cohesity.
Updated on September 18, 2022Comments
-
Dhiwakar Ravikumar over 1 year
I'm facing a problem where I (logged in as the Administrator) am unable to view file attributes.
Please see the screenshot below.
I'm not interested in taking ownership (even if I wanted to I'd to contend with the fact that"Access is Denied"). But if seeing the current owner can only be done by taking ownership its pretty pointless since the current owner would be me :) ?
What I want to see is who is the current owner. I guess I could log in as the current owner (If its SYSTEM) & change permissions with SYSTEM ACCOUNT.
But how do I do this ?
UPDATE
psexec -s cmd /c dir "E:\System Volume Information\" /a /q
E:\System Volume Information>psexec -s cmd /c dir "E:\System Volume Information\" /a /q PsExec v2.11 - Execute processes remotely Copyright (C) 2001-2014 Mark Russinovich Sysinternals - www.sysinternals.com Volume in drive E is Local Disk Volume Serial Number is D8FC-3BF4 Directory of E:\System Volume Information 08-10-2014 10:30 <DIR> BUILTIN\Administrators . 08-10-2014 10:30 <DIR> BUILTIN\Administrators .. 21-10-2014 09:30 136 BUILTIN\Administrators MountPointManagerRemoteDatabase 14-10-2014 11:21 20,480 NT AUTHORITY\SYSTEM tracking.log 22-09-2014 11:13 34,986,184,704 ... {060ece96-3720-11e4-bce5-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} 19-06-2014 17:00 65,536 ... {3808876b-c176-4e48-b7ae-04046e6cc752} 14-07-2014 15:17 91,275,264 ... {7204971e-0b1a-11e4-a348-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} 14-07-2014 15:17 475,136 ... {72049720-0b1a-11e4-a348-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} 23-07-2014 11:27 2,591,211,520 ... {720497be-0b1a-11e4-a348-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} 25-09-2014 13:02 2,768,896 ... {720497c0-0b1a-11e4-a348-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} 28-07-2014 10:35 24,944,459,776 ... {7204a0f0-0b1a-11e4-a348-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} 22-10-2014 19:10 10,192,150,528 ... {7fb66a64-4e0a-11e4-b756-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} 08-10-2014 00:11 3,145,728,000 ... {7fb66a66-4e0a-11e4-b756-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} 14-07-2014 14:45 9,163,296,768 ... {a8789375-f60c-11e3-90a9-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} 14-07-2014 14:45 1,589,248 ... {a8789376-f60c-11e3-90a9-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} 13 File(s) 85,119,225,992 bytes 3 Dir(s) 182,760,902,656 bytes free cmd exited on DHIWAKAR-PC with error code 0.
How do I see the owner where it shows ... ?
There is a folder name I've blacked out. Please don't mind that.
-
Dhiwakar Ravikumar over 9 yearsStill doesn't work :( . See the update for my answer.
-
sloshnmosh over 9 yearsWell. theres always AccessEnum by sysinternals and some other access checking tools in that suite. the owner might not be on the same domain and it wont list the owner. at most you might only get a sid.
-
sloshnmosh over 9 yearsSomeone wrote a script to do exactly what you want: blogs.technet.com/b/heyscriptingguy/archive/2004/10/07/… it cross references the sid with the sid class to get proper names.
-
Dhiwakar Ravikumar over 9 yearsWill try it & notify / update this comment with the result
-
Dhiwakar Ravikumar over 9 yearsNope , Even with that Script I can't see the owner. At this point I'm pretty sure its owned by this user - nt authority\system S-1-5-18 . It happens to be a System File. What frustrates me is that I can't confirm this. Is there any indirect way of confirming ? Like getting the SID of the owner at least ?