It's impossible to restore permissions for drives since those are top-level and have no parent. You have to copy those permissions from a working drive, or redo them manually. My Clear_Ownership.reg does it as mentioned before. Try it out on a small directory. It should remove all previous permissions and sets new ones recursively. Folders on the other hand can inherit permissions from their parent, and can be restored recursively. My Take_Ownership.reg does it as mentioned before. Try it out on the same small directory - it should re-add back parent permissions recursively and remove custom defined ones.
clear ownership.reg is able to restore the owner and file permission at drive (partition) level. but in doing this it is also changing default permission and owner of $RECYCLE.BIN and System Volume Information, and it shouldnt do that. also the script is not restoring the default windows permission. i suppose this is default user list in permission in windows os but the script is making this user list, also permission for users is also different
Ofc it's not default Windows permissions, it's customized for less annoyances. Everyone is Read+Execute only, Users is Modify - these two are a more explicit alternative to Authenticated Users item (everyone actually includes authenticated users). System and Administrators are the same. Owner Rights is a placeholder to give FullControl to whoever takes ownership of the item (as it should be). Recycle.bin and System Volume Information could and should be filtered, you're right about that. Will do so
Updated scripts! ClearOwnership.reg drive option ignores $RECYCLE.BIN and System Volume Information Rules changed to be more in-line with default permissions, but still not crippling: Owner Rights:FullControl Authenticated Users:Modify System:FullControl Administrators:FullControl Users:ReadAndExecute Thanks @ShiningDog for suggestions
@BAU thanks, but i think there is still a room for improvement. clearownership.reg now ignores $RECYCLE.BIN and System Volume Information but if anybody already messed up those folder permission then in that case script should be able to restore 'default' permission to those folders as well. note that recycle bin and inside folders of it both have different permissions, so its tricky. user list in permission tab make additional 'owner rights' user and giving it full access. i think this should be removed as i suppose it can give permission to even guest and non admin accounts to change permissions. and thus it posses a security risk. i dont know much about permission and security thats why i think it should be default as ms intended it. so pls suggest a way to remove owner rights user. by default a partition's owner is set to SYSTEM but this script is changing it to Users (DESKTOP-IDNM5TJ\Users) pls also set the owner to system at partition level. by default when a folder or file is created in a partition, windows set the owner to Windows10 (DESKTOP-IDNM5TJ\Windows 10), where windows 10 is my admin user account name. but the script is changing the owner to Users (DESKTOP-IDNM5TJ\Users) pls also set it to default. thank you very much.
The new scripts using Powershell work excellent for me!! When I run the ClearOwnership on a drive letter, it completely removes all those Unknown entries from any folder or file I check at any location on that drive. Excellent work!! I say "Bloody Marvelous !!"
That's actually not an issue, since you can use the directory entry directly. It's only skipped when run from drive context menu, as it should (still somehow corrupting the Recycle bin, but Windows will fix it). That account should actually be seen as a plus. It's simply a placeholder account, passing the set rights to whoever gains ownership. So for example when you directly change owner to TrustedInstaller, you don't need to explicitly assign permissions to it - it's handled by the Owner Rights virtual sid. There is no security risk, as the owner is supposed to have control over it's own files. It does not affect other accounts. That's not a rule. It depends on who formatted it and used it first. For example, my C: has TrustedInstaller owner, my D: has Administrators, my external hdd has Everyone. So the script sets Users, a generic group, allowing less restricted access than what Windows assigns (it's the whole point of all these kind of scripts existence, to liberate, not to restrict even more). It does not do that in my experience. I have run clear ownership on my E:\ - existing items have owner Users, but when I create new files and folders, those have my personal account as owner. There is no explicit permission defined for my personal account, since Owner Rights takes care of that. @ShiningDog Just copy-paste the scripts again / use the pastebin links since I did some ninja edits that could be confusing (it's hard to work with large code sections in the forum directly and I screwed up several times). As for setting default owner to SYSTEM or ADMINS instead of USERS at drive level - it would be incredibly annoying because of the inheritance working as intended, I've just checked it. Currently, you have read and write access to everything. If you need to restrict usage, you take ownership (last update means other users are automatically denied permissions, while still keeping inheritance working).Tx for insisting, it ended up better! Yep, that was the point. Glad it works for you! Might want to use the updated scripts, it's how I always wished permissions worked by default, but did not bother searching for a way to replicate it until now.
@BAU i tried your new clear ownership.reg and found that it didn't give default rights to user. after applying your reg in a data partition, i installed os in another partition and from that new os with admin account i tried to extract a zip file and found that it gave error due to insufficient rights after that i ran the winrar as admin then i able to extract. your reg is not setting official default values, it is setting values to your own liking, personally i would prefer to set rights and ownership as default, not some modified users rights and ownership.
yep i know, but that reg is for clearing all the messed up entries and ownership to the default in one click.
@ShiningDog, I'm just kidding, I value your input as I obviously made an effort to adapt it. Of course you are right that it's not ideal, it's actually a mess. Take Ownership did not even work for limited accounts! So: UPDATE: No more multiple scripts and confusing options! Single context menu entry added for files, folders (except C:\Windows etc.) and drives (except C:\\) with the 4 choices: Gain access = Inherit from parent: YES, Owner = current user, Owner Rights = Modify [classic Take Ownership with enhancements] Gain exclusive access =Inherit from parent: NO, Owner = current user, Owner Rights = FullControl [personal private acces] Users gain exclusive access for new files = Inherit from parent: NO, Owner = Authenticated Users, Owner Rights = FullControl [multi-user private access] Clear gained access = Inherit from parent: YES, Owner = Inherited or Administrators, Authenticated Users = Inherited or Modify [restore defaults if possible] Properly gain access for limited accounts. SYSTEM and TrustedInstaller safeguard. Restore Inheritance recursively if possible. ~25% faster than conventional takeown + icacls (mechanical drive, folder with 4000 subfolders, 36000 files, 8GiB as test)
Thanks, it is perfect, to my knowledge this reg is the best way to deal with permissions with one click.
Just a word of caution to those who dual boot/ multi boot different OS. If, while in one OS, say OS-A, you take ownership of a system folder belonging to another OS, say OS-B, that OS (OS-B) might no longer work when you try to boot into it. I strongly recommend hiding the system partition of the other OS from whichever OS you are currently in, and use a third, non system partition visible to all OSs for sharing files between them.
rather pointless warning - it's like saying if you delete system32 from a dualboot partition that os might not boot again . the default gain ownership choice featured in the registry script above is multi-boot friendly btw, as it's just adding a new entry to the acl. the others serve different purposes more suitable to non-sys partitions
Say you're in OS-A and you realise there is a file in your downloads folder in OS-B. You navigate there, Windows asks you if you want to take ownership permanently, you do that, get your file, and all is well. Then you try booting into OS-B and you get into trouble.