Serious bug in win7

Page 2 of 3 FirstFirst 123 LastLast

  1. Posts : 31,242
    Windows 11 Pro x64 [Latest Release and Release Preview]
       #11

    The "deny" permission in NTFS is a very specialised instruction and it has priority over all other permissions levels, ji is designrd for use in Client server systems where you would normally have a Domain admin that can reset any accidents. It should be used only for very special purposes, normally only for testing, and never to whole areas.

    This being said you may be able to recover data on the now locked system partition by the use of a repair install - check tutorials section for detailed instructions, though these permissions may even be to much for this, it is worth a try
      My Computers


  2. Posts : 1,781
    Windows 7 Professional SP1 32-bit
       #12

    As Barman58 said, deny permissions will override allow permissions - and while the SYSTEM might still have access that won't help you unless you can somehow impersonate the system instead of logging in as an administrator. Somehow I doubt you can.

    All the tutorials to reset permissions won't help at this point since you've really pulled the rug out from under you. I'm sorry, but accident or not - you must have set up circumstances for the accident to happen in the first place.

    I hope that it is a learning experience for you, and that you're not going to have to lose too much important data.

    Try a fresh install - remember, to a different partition or HD - and then feel free to get back to us to help get your files off the locked-out system.

    Idea: you might be able to retrieve files by booting from a Linux CD with NTFS support. Linux typically ignores Windows' access permissions completely. IF this indeed works, I would recommend copying the files to a FAT32 partition since FAT32 doesn't support permissions either. That way the bad permissions would automatically be stripped off the files, making them accessible for you again.
      My Computer


  3. Posts : 761
    Windows 2000 5.0 Build 2195
       #13

    Corazon said:
    ...while the SYSTEM might still have access that won't help you unless you can somehow impersonate the system instead of logging in as an administrator.
    How about running another command prompt as a System Service from the user command prompt?

    Code:
    cmd /c sc create -- binPath= "cmd /c start cmd" type= own type= interact & net start -- & sc delete --
    Above code essentially creates a cmd process as a scheduled service under the SYSTEM user, runs it, and then deletes the service immediately after running.
      My Computer


  4. Posts : 7
    7 64
    Thread Starter
       #14

    thank for your guys advise.
    The data backup is important but not my concern,
    i know there are some way to get my data back,
    my concern is how to unlock this harddisk without format or reinstall system.

    would my harddisk plugin other computer is still locked?
    This locked harddisk Q:\ is not my system disk, just a data disk.

    btw i find out i can access Q:\ using comodo browse file.
    and it can read write delete but not change the permission.
      My Computer


  5. Posts : 845
    Windows 7 - Vista
       #15
      My Computer


  6. Posts : 31,242
    Windows 11 Pro x64 [Latest Release and Release Preview]
       #16

    The NTFS permissions are actually written to the hard disk as part of the file header of each individual file/folder. Generally if you Move a file it's permissions move with it.

    When files are copied they take the permissions of the receiving folder so copying is usually a way to reset the file permissions.

    As the Deny permission applies to the copying of files this would not normally be possible, though if the Comodo app allows you to copy files and follows convention on permissions, it may allow you to copy the files and set the permissions back to what you wish. Of course the Original files would still be inaccessible and would need to be deleted and replaced by the copies.

    So basically, once you have set a deny permission for a user or group there is no way for that user or group to change the permissions, This is by design and is the correct way to work.

    It may be possible to work around this issue but as far as I am aware there is not a way to undo this accident with Windows Own tools or any that conform to the NTFS specification
      My Computers


  7. Posts : 7
    7 64
    Thread Starter
       #17

    would Windows PE be helpful?
      My Computer


  8. Posts : 7
    7 64
    Thread Starter
       #18
      My Computer


  9. Posts : 2
    Windows 7
       #19

    Sub Styler said:
    You could try Hirens Boot CD (google for download link) there is a tool called NTFS Access 2.1 that may be useful to you.

    good post...
      My Computer


  10. Posts : 742
    MS Windows 7 Ultimate 64-bit SP1
       #20

    The NTFS permissions are set and imposed by the operating system and they are limited to that operating system in that physical system only.

    I had somewhat similar experience for my second hard disk which I was not able to access ( I have made the disk accessible only to my user account stripping off all the other users and groups including the system and administrators group). When I reinstall the OS after a few months later with a new user name (same name but on a fresh install), I could not access this second hard disk as the second hard disk could not identify the credentials of the new user. I just used the take ownership of the disk with the new user (member of admin group) and I got back the access.

    Similarly a hard disk locked by an OS in a computer is strong enough only for that OS in that system. Once this hard disk is moved to another system, the NTFS security is weakened and it is easy to break the security with take ownership and assigning the full permissions again. That is why physical security is also important for servers in an enterprise and they are placed in locked rooms.

    So it is possible to gain access to this hard disk even if it is assigned with deny permissions to Administrators group (This group is limited to that system only), by the following three methods.

    1. Remove the HDD from the system and connect it to another system with Windows (XP, Vista or 7) and take ownership and reassign permissions to include full control to Everyone group only deleting all the other permissions.

    2. Make the system a dual boot system and access the HDD from second Windows OS (XP, Vista or 7) and take ownership and reassign permissions to include full control to Everyone group deleting all the other permissions.

    3. Try to boot the system with a Live Windows CD (ERD Commander, MSDART 5.0 for Win XP or 5.5 for Win Vista or 6.5 for Win 7, Bart's PE, Win PE or UBCD4Win) and take ownership and reassign permissions to include full control to Everyone group deleting all the other permissions. You will find sources to download one of these CDs on internet.

    Once Everyone permissions are set, the HDD becomes accessible to the original OS. Now the OP can set new permissions to his requirements.
      My Computer


 
Page 2 of 3 FirstFirst 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:31.
Find Us