For a specific requirement i need to assign permissions to "Starks" for C: and C:\Windows C:\Windows\System32 and few other windows specific folders on a Win7 machine without tampering existing permissions for others.
The user i have logged in does not have adequate permissions to execute below command in a script
icacls.exe "%SystemRoot%\System32" /T /grant "Starks:(OI)(CI)RX"
so i did run (from script)
takeown /f c:\Windows\System32 /r /d y
icacls.exe "%SystemRoot%\System32" /T /grant "Starks:(OI)(CI)RX"
which works as expected and i can see Starks having desired permissions. The challenge is I am unable to figure out how to restore the original ownership? I know the same takeown should do the trick but if this is a batch file running from remote then
- how can i figure out who was the original owner
- take ownership
- change/assign permissions to Starks
- return ownership to original owner.
Thanks in advance.
Best Answer
So I have figured out (after discussing with MS) that there is no specific way to find out who the original owner is unless there is a uniform ownership being maintained by yourself.
To take ownership use cmd /c icacls "c:*" /setowner UserName /t /c /q
To assign permissions (does not work for /Windows and subfolders) ex. icacls.exe "%SystemDrive%" /T /grant "Starks:(OI)(CI)RX" /t /c /q
Returning ownership is not possible unless unified ownership is present as stated above. But if it is then above command would be sufficient.
Hope this helps anyone who is facing same issue. Peace.