Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Lost Access Permissions to C:\Users\All Users\Application Data Folder

12 Feb 2015   #1
A1955Harley

Windows 7 Professional
 
 
Lost Access Permissions to C:\Users\All Users\Application Data Folder

Can anyone help me regain Security Permissions to C:\Users\All Users\Application Data Folder which I lost while looking at the access rights. I mistakenly closed the box while playing with the access rights and lost any access to the file.
I pulled the access rights to the file using icacls they are below.

application data
D:PAI(D;OICI;FA;;;WD)(A;;0x1200a9;;;WD)(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)S:AI

I am thinking I can change the information in the file and restore it. Not sure exactly what to change?

I was also thinking I could pull the info from another computer running with the same operating system and reapply them to this file? Would this work?

I looked at Previous Versions of the upper level folder. Can I restore a previous version of this whole folder? Will it restore the Application Data folder with the prior permissions?


My System SpecsSystem Spec
.
12 Feb 2015   #2
pbcopter

Windows 7 Ultimate x64 SP1, Windows 8.1 Pro x64, Windows 10 Pro x64
 
 

Are you asking about the Application Data or Appdata folder?

If Application Data, this is not a real folder but a junction used to allow interface with legacy programs. No access is necessary since it is pointing to the Appdata folder.
My System SpecsSystem Spec
12 Feb 2015   #3
A1955Harley

Windows 7 Professional
 
 

I was referring to the "Application Data" folder. It was previously owned by "System" and the administrators had full access to the folder. The administrators access was removed thus no one with admin rights has access to the folder to make changes. I was concerned without the "System" as owner with full rights any read writes or traversses thru that folder would not be allowed to the system?
I have another computer with almost the same programs on it.
I pulled the Security Permissions from that folder. They are below.
Can I copy and paste these rights into the file I saved the rights in on the other PC and use icacls to restore the rights to the folder or will it fail due to not having the correct rights to make changes to the folder?
Not sure if running an elevated command prompt trumps the rights to make changes without having those rights in Windows?

application data
D:PAI(D;;CC;;;WD)(A;;0x1200a9;;;WD)(A;;FA;;;SY)(A;;FA;;;BA)

I can ultimately use TakeOwnership to take control of that file but would like to learn something along the way here on how to get out of a situation like this using icacls.
My System SpecsSystem Spec
.

12 Feb 2015   #4
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Application Data Folder

I don't think that you're supposed to take ownership of that folder by design. If you want to access files try the following paths:

Stop Application Data folder replicating?

Or if you really want to take ownership be aware that you might end up with a self replicating Application Data folder that uses a huge amount of hard drive space. See the full thread here:

Stop Application Data folder replicating?

Just my thoughts on the subject!
My System SpecsSystem Spec
12 Feb 2015   #5
A1955Harley

Windows 7 Professional
 
 

Thanks for those thoughts. I did realize the replication thing would occur but I will only own that folder for just enough time to reset the owner of of to SYSTEM then get out of it. I will not open the folder I will only reset the rights to it.
Hence the take ownership thing was not my preferred way to make this change. I wanted to use icacls to change the owner back to SYSTEM and add back the Administrators. I looked at the link you put in your note above Stop Application Data folder replicating?
From there I went to the Sound Forge site to get a copy of Junction Box. The copy that downloaded had a tr\agent in it.
I did manage to find a good copy of it by searching the net............but I am hesitant to use it.
My System SpecsSystem Spec
12 Feb 2015   #6
A1955Harley

Windows 7 Professional
 
 

Can anyone answer this question
If I use this command
icacls c:\users\all users\application data\* /save permissions.txt /T
Then grab the permissions from the same folder on another Windows 7 Computer saving them with the same name permissions.txt
Then using Notepad copy the permissions from the computer with the correct rights and paste them into the into the file from the problem computer
use the restore command
icacls c:\users\all users\application data\* /restores permissions.txt

Will this reset the permissions in the affected folder?
My System SpecsSystem Spec
12 Feb 2015   #7
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Anything that makes changes to your system at a deep level could be flagged up as a trojan by AV's. In this case it's a false psitive detection.

I see:

Lost Access Permissions to C:\Users\All Users\Application Data Folder-voodooshield-alert.jpg

Lost Access Permissions to C:\Users\All Users\Application Data Folder-virustotal-scan-1.jpg

These AV's flag it up. MBAM and everything else says it's clean.

Lost Access Permissions to C:\Users\All Users\Application Data Folder-virustotal-scan-2.jpg

All it does is to reset the following (text taken from DefaultJunctions.ntj file in JunctionBox)

Code:
A list of the standard set of junctions in Vista and Windows 7, for repair purposes.
;
; Notation is as follows:
;  Section headers refer to userprofile-folders unless otherwise indicated by a full path.
;  Paths beginning with a \ indicate a fully-qualified path from the systemroot. (Typically C:\)
;  Paths beginning with @ are relative to the profile container. (Typically C:\users)
;  Junction location and target paths are relative to the section-header [value] unless qualified.
; The Default profile settings will be applied to all generic users when profiles are repaired.
; You may add custom sections for specific users, though this is not normally necessary.
; Wildcards or macros other than those stated above are not permitted.
; Junctions will be created using full target-paths, irrespective of relative or full values here.
; Note: Non-English users will need to create their own file, sorry.

[General]

; Displays warning if incompatible OS or system-language is found.
OSVersions=WIN_VISTA,WIN_7,WIN_2008,WIN_2008R2,WIN_LONGHORN
OSLanguages=0409,0809

; Force the creation of junctions in system or user folders, or both.
; =1 recreates (parts of) profile folder-structure if missing. Relatively safe to use.
; =2 forcibly deletes any file, folder or junction occupying the target location. 
; -valuable when dealing with corrupt junctions, but use with care as may delete data.
; Default is to leave existing junctions alone and only add missing ones, but set correct permissions on all.
SystemForceCreation=0
UserForceCreation=0

; The following sections refer to disk folders and the required junctions in each, as JunctionName=JunctionTarget.

[\]
Documents and Settings=@

[\ProgramData]
Application Data=\ProgramData
Desktop=@\Public\Desktop
Documents=@\Public\Documents
Favorites=@\Public\Favorites
Start Menu=Microsoft\Windows\Start Menu
Templates=Microsoft\Windows\Templates

[@]
Default User=Default

[All Users]
Application Data=\ProgramData
Desktop=@\Public\Desktop
Documents=@\Public\Documents
Favorites=@\Public\Favorites
Start Menu=\ProgramData\Microsoft\Windows\Start Menu
Templates=\ProgramData\Microsoft\Windows\Templates

[Public]
Documents\My Music=Music
Documents\My Pictures=Pictures
Documents\My Videos=Videos

[Default User]
; (intentionally blank)

[Default]
Application Data=AppData\Roaming
Cookies=AppData\Roaming\Microsoft\Windows\Cookies
Local Settings=AppData\Local
My Documents=Documents
NetHood=AppData\Roaming\Microsoft\Windows\Network Shortcuts
PrintHood=AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Recent=AppData\Roaming\Microsoft\Windows\Recent
SendTo=AppData\Roaming\Microsoft\Windows\SendTo
Start Menu=AppData\Roaming\Microsoft\Windows\Start Menu
Templates=AppData\Roaming\Microsoft\Windows\Templates
AppData\Local\Application Data=AppData\Local
AppData\Local\History=AppData\Local\Microsoft\Windows\History
AppData\Local\Temporary Internet Files=AppData\Local\Microsoft\Windows\Temporary Internet Files
Documents\My Music=Music
Documents\My Pictures=Pictures
Documents\My Videos=Videos


My System SpecsSystem Spec
13 Feb 2015   #8
Pyprohly

Windows 10, Windows 8.1 Pro, Windows 7 Professional, OS X El Capitan
 
 

Quote   Quote: Originally Posted by Callender View Post
Or if you really want to take ownership be aware that you might end up with a self replicating Application Data folder that uses a huge amount of hard drive space.
Un-true. Opening the Application Data "folder" will definitely not increase disk space usage.

The Application Data and All Users folders are both symbolic links. They are not real folders; they are lightweight pointers. C:\Users\All Users\Application Data is a symbolic link that points to C:\Users\All Users. The recursion or "replicating" behaviour you mention, Callendar, is expected...

With one having enough access rights, starting at C:\Users\All Users and opening the Application Data symbolic link brings you right back to the All Users symbolic link folder (as I've mentioned: that's where it points to). There, back inside the All Users symbolic link, you can click on Application Data again. This can be repeated infinitely. Observing the Explorer address bar, it would appear that you are digging deeper into the file system, but in reality, each time you click into Application Data, what you are always actually seeing is the contents of C:\Program Data, because C:\Users\All Users\Application Data points to C:\Users\All Users, and C:\Users\All Users points to C:\ProgramData (a real directory).

Also, taking ownership alone does not effect ones access rights to an object in any way. Taking ownership of some thing will not cause another thing to dis-function or change how it accesses the object. It's the permissions that count.


Quote   Quote: Originally Posted by A1955Harley View Post
If I [...]
Will this reset the permissions in the affected folder?
The method you describe word by word, Harley, would not work (excluding the fact that some of the mentioned commands' have incorrect syntax) because of the recursion problem. By using the /T switch in Icacls, you are asking the command to recurse into subfolders. Application Data is a subfolder of All Users, and All Users is a subfolder of Application Data. See the problem? (This can be avoided by using the /L switch though. This will direct Icacls to work on the actual symbolic link rather than the target it points to.)

Why recurse into the contents of the Application Data folder anyway when it's only the folder itself that needs saving?

(On another computer)
Code:
icacls "c:\users\all users\application data" /save permissions.txt
and
(On the computer that needs fixing)
Code:
icacls "c:\users\all users" /restore permissions.txt
are the commands you are after; which don't iterate subfolders. Performing these commands will fix your problem perfectly. You might need to take ownership of Application Data first, however.


The following batch script is my fix for setting the Application Data symbolic link permissions right.
Code:
REM Batch to be run as administrator
@echo off
net session >NUL 2>&1|| exit /b 1
set "target=C:\Users\All Users\Application Data"
takeown /f "%TARGET%"
icacls "%TARGET%" /inheritance:r
for /f "delims=" %%I in (' 
	powershell "((Get-Acl '%TARGET%').access | foreach {$_.identityreference.value})" 
') do icacls "%TARGET%" /remove "%%I"
icacls "%TARGET%" /grant "NT AUTHORITY\SYSTEM:(F)" "BUILTIN\Administrators:(F)" "Everyone:(RX)" /deny "Everyone:(S,RD)"
icacls "%TARGET%" /setowner "NT AUTHORITY\SYSTEM"

Harley, if you like to continue with the method you had going there (i.e. to learn how to fix such situation manually), and would like help with the commands, I'd be glad to provide step by step guidance.
My System SpecsSystem Spec
13 Feb 2015   #9
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Disk space usage

Quote   Quote: Originally Posted by Pyprohly View Post
Quote   Quote: Originally Posted by Callender View Post
Or if you really want to take ownership be aware that you might end up with a self replicating Application Data folder that uses a huge amount of hard drive space.
Un-true. Opening the Application Data "folder" will definitely not increase disk space usage.
Thanks for pointing this out.
My System SpecsSystem Spec
14 Feb 2015   #10
A1955Harley

Windows 7 Professional
 
 

Pyprohly,
Thanks for your help.........................and yes I would like you to provide step by step instructions so I don't make a miscue.
That's how this all started. I was not paying enough attention when I mistakenly messed up the access rights.
Will look for your steps later
Harley
My System SpecsSystem Spec
Reply

 Lost Access Permissions to C:\Users\All Users\Application Data Folder




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Installing profile based application in other users folder
Hi All, Im trying to install AT&T application which is a profile based application. Means it installs in the user profile directly instead of other location. My Problem is user dont have the admin access, either i need to use my ID or administrator ID. Which installs application into...
Installation & Setup
C:\Users\All Users\Start Menu - Access Denied !!!
How do I add custom items to the above folder ? I need to add shortcuts for our corporate ERP application.
Installation & Setup
Setting permissions per specific users and folders for access from OSX
Hello all, Got a few questions regarding our network sharing. Here is the setup, we have a "server" running Windows 7 Ultimate 64-bit. This server has a RAID setup with a shared folder containing projects. These projects need to be accessed by certain users, but should limited to certain...
Network & Sharing
I lost my limited user account folder icon in Users folder.
I clicked on the Hidden box of Properties for a couple of my folders. I lost my limited user account folder in the Users folder. How do I get it back? Thanks, theAdmiral
General Discussion
All users Application Data
I need to access the "Application Data" folder under "All Users" and have been unable to do so. Initially I was denied permission so I changed ownership of the folder but now instead of an "access denied" message, it simply opens the main "All Users" directory in a new window without entering the...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:08.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App