I seem to have lost control of the security settings on many files under one folder on one of my 2008 R2 servers. When I try to update permissions on the top folder, I get multiple "access denied" errors on numerous files in subfolders. This is a large store and a lot of files are not updating. I am a member of the local admin group. I am also a member of a domain administrators' group that is a member of the local admin group. Each of the files that I've examined that deny me access, share the following characteristics on the properties' security tab: -The only entry in "Group or user names" that has full control is "SYSTEM" (I suspect that's all you need to know.) -The local admin group is not listed. -The domain admin group that I belong to, which is in the local admin group, has only "read & execute" and "Read" permissions. The files have different owners. I believe there are also folders that have these characteristics, but I'm not sure. It makes sense that I can't change the permissions, but is there some way to fix this? I know I can make a copy of the entire area of the server under a folder with the appropriate permissions, and the new files will inherit the correct ones. I could then delete the original area and rename the new area, but I have a lot of shortcuts to these files on this server and on other servers, and I am worried about breaking these links. If I have no other choice, I'll test this out and confirm that my links will remain intact, but I would prefer to find a way to gain access to the permission settings on the existing structure. I would also be interested to know how this might have come to be so as to avoid this problem reoccurring. I would appreciate any help that could be offered. Thanks

If it's a local disk you can take ownership. To take ownership of a file, follow these steps: Right-click the file or folder that you want to take ownership of, and then click Properties. Click the Security tab, and then click OK on the Security message (if one appears). Click Advanced, and then click the Owner tab. In the Name list, click Administrator, or click the Administrators group, and then click OK. The administrator or the administrators group now owns the file. Regards, Dave Patrick .... Microsoft Certified Professional Microsoft MVP [Windows] Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

If it's a local disk you can take ownership. To take ownership of a file, follow these steps: Right-click the file or folder that you want to take ownership of, and then click Properties. Click the Security tab, and then click OK on the Security message (if one appears). Click Advanced, and then click the Owner tab. In the Name list, click Administrator, or click the Administrators group, and then click OK. The administrator or the administrators group now owns the file. Regards, Dave Patrick .... Microsoft Certified Professional Microsoft MVP [Windows] Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Thanks for your quick response. I should have mention that I had tried to take ownership of these files, and had been denied access. Because of your reference to "local disk, " and I had originally tried this logging onto the server using RDT, I tried again logging on locally. I tried logging on using a local user in the local admin group. That didn't work. I tried using a domain admin account, which is also in the local admin group with the same results. If the reference to "local disk" means that the drive these files are located on is on a phsical drive installed on the same server, then yes, that is the case. Thanks

Thanks for your quick response. I should have mention that I had tried to take ownership of these files, and had been denied access. Because of your reference to "local disk, " and I had originally tried this logging onto the server using RDT, I tried again logging on locally. I tried logging on using a local user in the local admin group. That didn't work. I tried using a domain admin account, which is also in the local admin group with the same results. If the reference to "local disk" means that the drive these files are located on is on a phsical drive installed on the same server, then yes, that is the case. Thanks

I was able to resolve this. I located a group in Local Security Policy called "Take ownership of files or other objects" under "Local Policies>User Rights Assignments." It did include the local admin group, so without any local admins with full control of these files, and no explict permission to take ownership over and above the permissions in the objects, I guess it makes sense that I couldn't take owneship or update permissions. One of the groups in "Take ownership of files or other objects" was that of domain veritas users. With credentials from a user in this group I was able to take ownership of the entire structure and update the permissions. Thanks

I was able to resolve this. I located a group in Local Security Policy called "Take ownership of files or other objects" under "Local Policies>User Rights Assignments." It did include the local admin group, so without any local admins with full control of these files, and no explict permission to take ownership over and above the permissions in the objects, I guess it makes sense that I couldn't take owneship or update permissions. One of the groups in "Take ownership of files or other objects" was that of domain veritas users. With credentials from a user in this group I was able to take ownership of the entire structure and update the permissions. Thanks

Confused. It did or did not include local administrators? Default out-of-box should have been Administrators Regards, Dave Patrick .... Microsoft Certified Professional Microsoft MVP [Windows] Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.