Lost Access Permissions to C:\Users\All Users\Application Data Folder

Page 1 of 2 12 LastLast

  1. Posts : 7
    Windows 7 Professional
       #1

    Lost Access Permissions to C:\Users\All Users\Application Data Folder


    Can anyone help me regain Security Permissions to C:\Users\All Users\Application Data Folder which I lost while looking at the access rights. I mistakenly closed the box while playing with the access rights and lost any access to the file.
    I pulled the access rights to the file using icacls they are below.

    application data
    D:PAI(D;OICI;FA;;;WD)(A;;0x1200a9;;;WD)(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)S:AI

    I am thinking I can change the information in the file and restore it. Not sure exactly what to change?

    I was also thinking I could pull the info from another computer running with the same operating system and reapply them to this file? Would this work?

    I looked at Previous Versions of the upper level folder. Can I restore a previous version of this whole folder? Will it restore the Application Data folder with the prior permissions?
      My Computer


  2. Posts : 1,872
    Windows 10 Pro x64, Windows 8.1 Pro x64, Windows 7 Ultimate x64 SP1,
       #2

    Are you asking about the Application Data or Appdata folder?

    If Application Data, this is not a real folder but a junction used to allow interface with legacy programs. No access is necessary since it is pointing to the Appdata folder.
      My Computer


  3. Posts : 7
    Windows 7 Professional
    Thread Starter
       #3

    I was referring to the "Application Data" folder. It was previously owned by "System" and the administrators had full access to the folder. The administrators access was removed thus no one with admin rights has access to the folder to make changes. I was concerned without the "System" as owner with full rights any read writes or traversses thru that folder would not be allowed to the system?
    I have another computer with almost the same programs on it.
    I pulled the Security Permissions from that folder. They are below.
    Can I copy and paste these rights into the file I saved the rights in on the other PC and use icacls to restore the rights to the folder or will it fail due to not having the correct rights to make changes to the folder?
    Not sure if running an elevated command prompt trumps the rights to make changes without having those rights in Windows?

    application data
    D:PAI(D;;CC;;;WD)(A;;0x1200a9;;;WD)(A;;FA;;;SY)(A;;FA;;;BA)

    I can ultimately use TakeOwnership to take control of that file but would like to learn something along the way here on how to get out of a situation like this using icacls.
      My Computer


  4. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #4

    Application Data Folder


    I don't think that you're supposed to take ownership of that folder by design. If you want to access files try the following paths:

    Stop Application Data folder replicating?

    Or if you really want to take ownership be aware that you might end up with a self replicating Application Data folder that uses a huge amount of hard drive space. See the full thread here:

    Stop Application Data folder replicating?

    Just my thoughts on the subject! :)
      My Computer


  5. Posts : 7
    Windows 7 Professional
    Thread Starter
       #5

    Thanks for those thoughts. I did realize the replication thing would occur but I will only own that folder for just enough time to reset the owner of of to SYSTEM then get out of it. I will not open the folder I will only reset the rights to it.
    Hence the take ownership thing was not my preferred way to make this change. I wanted to use icacls to change the owner back to SYSTEM and add back the Administrators. I looked at the link you put in your note above Stop Application Data folder replicating?
    From there I went to the Sound Forge site to get a copy of Junction Box. The copy that downloaded had a tr\agent in it.
    I did manage to find a good copy of it by searching the net............but I am hesitant to use it.
      My Computer


  6. Posts : 7
    Windows 7 Professional
    Thread Starter
       #6

    Can anyone answer this question
    If I use this command
    icacls c:\users\all users\application data\* /save permissions.txt /T
    Then grab the permissions from the same folder on another Windows 7 Computer saving them with the same name permissions.txt
    Then using Notepad copy the permissions from the computer with the correct rights and paste them into the into the file from the problem computer
    use the restore command
    icacls c:\users\all users\application data\* /restores permissions.txt

    Will this reset the permissions in the affected folder?
      My Computer


  7. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #7

    Anything that makes changes to your system at a deep level could be flagged up as a trojan by AV's. In this case it's a false psitive detection.

    I see:

    Lost Access Permissions to C:\Users\All Users\Application Data Folder-voodooshield-alert.jpg

    Lost Access Permissions to C:\Users\All Users\Application Data Folder-virustotal-scan-1.jpg

    These AV's flag it up. MBAM and everything else says it's clean.

    Lost Access Permissions to C:\Users\All Users\Application Data Folder-virustotal-scan-2.jpg

    All it does is to reset the following (text taken from DefaultJunctions.ntj file in JunctionBox)

    Code:
    A list of the standard set of junctions in Vista and Windows 7, for repair purposes.
    ;
    ; Notation is as follows:
    ;  Section headers refer to userprofile-folders unless otherwise indicated by a full path.
    ;  Paths beginning with a \ indicate a fully-qualified path from the systemroot. (Typically C:\)
    ;  Paths beginning with @ are relative to the profile container. (Typically C:\users)
    ;  Junction location and target paths are relative to the section-header [value] unless qualified.
    ; The Default profile settings will be applied to all generic users when profiles are repaired.
    ; You may add custom sections for specific users, though this is not normally necessary.
    ; Wildcards or macros other than those stated above are not permitted.
    ; Junctions will be created using full target-paths, irrespective of relative or full values here.
    ; Note: Non-English users will need to create their own file, sorry.
    
    [General]
    
    ; Displays warning if incompatible OS or system-language is found.
    OSVersions=WIN_VISTA,WIN_7,WIN_2008,WIN_2008R2,WIN_LONGHORN
    OSLanguages=0409,0809
    
    ; Force the creation of junctions in system or user folders, or both.
    ; =1 recreates (parts of) profile folder-structure if missing. Relatively safe to use.
    ; =2 forcibly deletes any file, folder or junction occupying the target location. 
    ; -valuable when dealing with corrupt junctions, but use with care as may delete data.
    ; Default is to leave existing junctions alone and only add missing ones, but set correct permissions on all.
    SystemForceCreation=0
    UserForceCreation=0
    
    ; The following sections refer to disk folders and the required junctions in each, as JunctionName=JunctionTarget.
    
    [\]
    Documents and Settings=@
    
    [\ProgramData]
    Application Data=\ProgramData
    Desktop=@\Public\Desktop
    Documents=@\Public\Documents
    Favorites=@\Public\Favorites
    Start Menu=Microsoft\Windows\Start Menu
    Templates=Microsoft\Windows\Templates
    
    [@]
    Default User=Default
    
    [All Users]
    Application Data=\ProgramData
    Desktop=@\Public\Desktop
    Documents=@\Public\Documents
    Favorites=@\Public\Favorites
    Start Menu=\ProgramData\Microsoft\Windows\Start Menu
    Templates=\ProgramData\Microsoft\Windows\Templates
    
    [Public]
    Documents\My Music=Music
    Documents\My Pictures=Pictures
    Documents\My Videos=Videos
    
    [Default User]
    ; (intentionally blank)
    
    [Default]
    Application Data=AppData\Roaming
    Cookies=AppData\Roaming\Microsoft\Windows\Cookies
    Local Settings=AppData\Local
    My Documents=Documents
    NetHood=AppData\Roaming\Microsoft\Windows\Network Shortcuts
    PrintHood=AppData\Roaming\Microsoft\Windows\Printer Shortcuts
    Recent=AppData\Roaming\Microsoft\Windows\Recent
    SendTo=AppData\Roaming\Microsoft\Windows\SendTo
    Start Menu=AppData\Roaming\Microsoft\Windows\Start Menu
    Templates=AppData\Roaming\Microsoft\Windows\Templates
    AppData\Local\Application Data=AppData\Local
    AppData\Local\History=AppData\Local\Microsoft\Windows\History
    AppData\Local\Temporary Internet Files=AppData\Local\Microsoft\Windows\Temporary Internet Files
    Documents\My Music=Music
    Documents\My Pictures=Pictures
    Documents\My Videos=Videos
    Last edited by Callender; 12 Feb 2015 at 23:15. Reason: edit code
      My Computer


  8. Posts : 721
    Windows 10, Windows 8.1 Pro, Windows 7 Professional, OS X El Capitan
       #8

    Callender said:
    Or if you really want to take ownership be aware that you might end up with a self replicating Application Data folder that uses a huge amount of hard drive space.
    Un-true. Opening the Application Data "folder" will definitely not increase disk space usage.

    The Application Data and All Users folders are both symbolic links. They are not real folders; they are lightweight pointers. C:\Users\All Users\Application Data is a symbolic link that points to C:\Users\All Users. The recursion or "replicating" behaviour you mention, Callendar, is expected...

    With one having enough access rights, starting at C:\Users\All Users and opening the Application Data symbolic link brings you right back to the All Users symbolic link folder (as I've mentioned: that's where it points to). There, back inside the All Users symbolic link, you can click on Application Data again. This can be repeated infinitely. Observing the Explorer address bar, it would appear that you are digging deeper into the file system, but in reality, each time you click into Application Data, what you are always actually seeing is the contents of C:\Program Data, because C:\Users\All Users\Application Data points to C:\Users\All Users, and C:\Users\All Users points to C:\ProgramData (a real directory).

    Also, taking ownership alone does not effect ones access rights to an object in any way. Taking ownership of some thing will not cause another thing to dis-function or change how it accesses the object. It's the permissions that count.


    A1955Harley said:
    If I [...]
    Will this reset the permissions in the affected folder?
    The method you describe word by word, Harley, would not work (excluding the fact that some of the mentioned commands' have incorrect syntax) because of the recursion problem. By using the /T switch in Icacls, you are asking the command to recurse into subfolders. Application Data is a subfolder of All Users, and All Users is a subfolder of Application Data. See the problem? (This can be avoided by using the /L switch though. This will direct Icacls to work on the actual symbolic link rather than the target it points to.)

    Why recurse into the contents of the Application Data folder anyway when it's only the folder itself that needs saving?

    (On another computer)
    Code:
    icacls "c:\users\all users\application data" /save permissions.txt
    and
    (On the computer that needs fixing)
    Code:
    icacls "c:\users\all users" /restore permissions.txt
    are the commands you are after; which don't iterate subfolders. Performing these commands will fix your problem perfectly. You might need to take ownership of Application Data first, however.


    The following batch script is my fix for setting the Application Data symbolic link permissions right.
    Code:
    REM Batch to be run as administrator
    @echo off
    net session >NUL 2>&1|| exit /b 1
    set "target=C:\Users\All Users\Application Data"
    takeown /f "%TARGET%"
    icacls "%TARGET%" /inheritance:r
    for /f "delims=" %%I in (' 
    	powershell "((Get-Acl '%TARGET%').access | foreach {$_.identityreference.value})" 
    ') do icacls "%TARGET%" /remove "%%I"
    icacls "%TARGET%" /grant "NT AUTHORITY\SYSTEM:(F)" "BUILTIN\Administrators:(F)" "Everyone:(RX)" /deny "Everyone:(S,RD)"
    icacls "%TARGET%" /setowner "NT AUTHORITY\SYSTEM"

    Harley, if you like to continue with the method you had going there (i.e. to learn how to fix such situation manually), and would like help with the commands, I'd be glad to provide step by step guidance.
      My Computer


  9. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #9

    Disk space usage


    Pyprohly said:
    Callender said:
    Or if you really want to take ownership be aware that you might end up with a self replicating Application Data folder that uses a huge amount of hard drive space.
    Un-true. Opening the Application Data "folder" will definitely not increase disk space usage.
    Thanks for pointing this out.
      My Computer


  10. Posts : 7
    Windows 7 Professional
    Thread Starter
       #10

    Pyprohly,
    Thanks for your help.........................and yes I would like you to provide step by step instructions so I don't make a miscue.
    That's how this all started. I was not paying enough attention when I mistakenly messed up the access rights.
    Will look for your steps later
    Harley
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:02.
Find Us