"Unable to Display Current Owner" & Access Denied when trying to take ownership

windows-7 linux permissions file-permissions

7,826

Solution 1

I just discovered that if Administrators is the owner and there are multiple users with administrator privileges, ownership cannot be displayed.

Solution 2

If you need to assume the same rights as SYSTEM than I can think of no better tool to use than Psexec by Sysinternals. found here: http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx Psexec can allow you to run with higher priviledges than Admin by using the -s funtion. For instance: Psexec -s regedit will allow you to edit registry keys with SYSTEM level authority. It can do all sorts of things to remote computers as well (or at least it used to until Microsoft put higher security on its machines). Just so you know, its a REAL bad idea running around your file system as SYSTEM (or Admin for that matter) malware or other beasties could gain the same rights as the current user and if that user is running as SYSTEM ...game over. I have poor eyesight. whats the name of the files? I too am curious to know why you cant view the owner. at the very least it should say "trusted installer" (gets me suspicious)

7,826

Dhiwakar Ravikumar

QA Automation Engineer with over 7 years of experience. I worked on delivering several features and products to customers with a high degree of quality. I have designed automation frameworks from scratch & automated several test cases to help boost productivity and increase test coverage while simultaneously improving QA standards. I used to work at Commvault and now I work at Cohesity.

Updated on September 18, 2022

Comments

Dhiwakar Ravikumar over 1 year

I'm facing a problem where I (logged in as the Administrator) am unable to view file attributes.

Please see the screenshot below.

enter image description here I'm not interested in taking ownership (even if I wanted to I'd to contend with the fact that"Access is Denied"). But if seeing the current owner can only be done by taking ownership its pretty pointless since the current owner would be me :) ?

What I want to see is who is the current owner. I guess I could log in as the current owner (If its SYSTEM) & change permissions with SYSTEM ACCOUNT.

But how do I do this ?

UPDATE

psexec -s cmd /c dir "E:\System Volume Information\" /a /q

E:\System Volume Information>psexec -s cmd /c dir "E:\System Volume Information\" /a /q

PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com


 Volume in drive E is Local Disk
 Volume Serial Number is D8FC-3BF4

 Directory of E:\System Volume Information

08-10-2014  10:30    <DIR>          BUILTIN\Administrators .
08-10-2014  10:30    <DIR>          BUILTIN\Administrators ..
21-10-2014  09:30               136 BUILTIN\Administrators MountPointManagerRemoteDatabase
14-10-2014  11:21            20,480 NT AUTHORITY\SYSTEM    tracking.log
22-09-2014  11:13    34,986,184,704 ...                    {060ece96-3720-11e4-bce5-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752}
19-06-2014  17:00            65,536 ...                    {3808876b-c176-4e48-b7ae-04046e6cc752}
14-07-2014  15:17        91,275,264 ...                    {7204971e-0b1a-11e4-a348-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752}
14-07-2014  15:17           475,136 ...                    {72049720-0b1a-11e4-a348-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752}
23-07-2014  11:27     2,591,211,520 ...                    {720497be-0b1a-11e4-a348-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752}
25-09-2014  13:02         2,768,896 ...                    {720497c0-0b1a-11e4-a348-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752}
28-07-2014  10:35    24,944,459,776 ...                    {7204a0f0-0b1a-11e4-a348-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752}
22-10-2014  19:10    10,192,150,528 ...                    {7fb66a64-4e0a-11e4-b756-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752}
08-10-2014  00:11     3,145,728,000 ...                    {7fb66a66-4e0a-11e4-b756-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752}
14-07-2014  14:45     9,163,296,768 ...                    {a8789375-f60c-11e3-90a9-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752}
14-07-2014  14:45         1,589,248 ...                    {a8789376-f60c-11e3-90a9-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752}
              13 File(s) 85,119,225,992 bytes
               3 Dir(s)  182,760,902,656 bytes free
cmd exited on DHIWAKAR-PC with error code 0.

How do I see the owner where it shows ... ?

There is a folder name I've blacked out. Please don't mind that.

Dhiwakar Ravikumar over 9 years

Still doesn't work :( . See the update for my answer.
sloshnmosh over 9 years

Well. theres always AccessEnum by sysinternals and some other access checking tools in that suite. the owner might not be on the same domain and it wont list the owner. at most you might only get a sid.
sloshnmosh over 9 years

Someone wrote a script to do exactly what you want: blogs.technet.com/b/heyscriptingguy/archive/2004/10/07/… it cross references the sid with the sid class to get proper names.
Dhiwakar Ravikumar over 9 years

Will try it & notify / update this comment with the result
Dhiwakar Ravikumar over 9 years

Nope , Even with that Script I can't see the owner. At this point I'm pretty sure its owned by this user - nt authority\system S-1-5-18 . It happens to be a System File. What frustrates me is that I can't confirm this. Is there any indirect way of confirming ? Like getting the SID of the owner at least ?