We have a situation on our NAS in that the admin group (as well as most users) has lost rights to about 100 files in several folders. Although I am able to take ownership using the GUI, this is tedious and should also be effective using icacls. I run - C:\Users\nyadmin\Desktop>icacls "Y:\Morningstar-Lipper Rankings\Lipper\2007\Lipper 9.30.07.pdf" /setowner "NY\admin" But get the following - Y:\Morningstar-Lipper Rankings\Lipper\2007\Lipper 9.30.07.pdf: Access is denied. Successfully processed 0 files; Failed processing 1 files Any reason why it works in the GUI, but not the command line? Anyone aware of a switch to force it? In the GUI, only the Owner tab of Security is enabled. Thanx!

From the command line dump it seems that you are not running it as an administrator. Try to go Start -> CMD -> Right click on it and choose "Run as administrator" then try to run icacls again.-- Kind regards Martin Potestas Microsoft: MCP, MCTS, MCITP: SA, MCITP: EA CIW: Associate, Security Professional CompTIA: A+, Server+, Linux+ Citrix: CCA on XenApp HP: ASP, ASP:SMB Astaro: ACA, ACE

Good thought, but no. I right-click on the batch file and run as administrator. The command-line seems to be less forgiving of taking ownership of files that you don't have access to. I suppose the GUI is the only option even though it's tedious... Thanx anyway.

Anytime. Did you try the "takeown" command line instead?Microsoft: MCP, MCTS, MCITP: SA, MCITP: EA || CIW: Associate, Security Professional || CompTIA: A+, Server+, Linux+ || Citrix: CCA on XenApp || HP: ASP, ASP:SMB || Astaro: ACA, ACE

Hi Armen, try subinacl. you can download it from here Overview SubInACL is a command-line tool that enables administrators to obtain security information about files, registry keys, and services, and transfer this information from user to user, from local or global group to group, and from domain to domain. For example, if a user has moved from one domain (DomainA) to another (DomainB), the administrator can replace DomainA\User with DomainB\User in the security information for the user's files. This gives the user access to the same files from the new domain. SubInACL enables administrators to do the following: Display security information associated with files, registry keys, or services. This information includes owner, group, permission access control list (ACL), discretionary ACL (DACL), and system ACL (SACL). Change the owner of an object. Replace the security information for one identifier (account, group, well-known security identifier (SID)) with that of another identifier. Migrate security information about objects. This is useful if you have reorganized a network's domains and need to migrate the security information for files from one domain to another. Every second counts..make use of it.

Hi, I would run the following commands with elevated privilege to take owner of the file and assign Administrators group full control permissions. takeown /f {file location} cacls {file location} /G administrators:F Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.