|
|
#1
14th Jan 2008, 10:47
|
||||||||||||
|
||||||||||||
|
Now my wonderful Vista will not let me write to my "D" hard drive. Have changed all permissions to "allow." No sucess!!! Ideas?? Thanks..............
__________________
My System: Hewybilt
|
|
#2
14th Jan 2008, 11:12
|
||||||||||||
|
||||||||||||
|
If the drive was used in a different machine prior to using it with Vista it is possibly password locked.
__________________
You will need some 3rd party software to unlock it I think. My System: Hybr!d
|
|
#3
14th Jan 2008, 11:36
|
||||||||||||
|
||||||||||||
|
I have seen this question come up before. I assume that you have taken the drive from a system that previously used Windows XP and now can't write to it.
In Windows XP you were running as a member of the Built-in Administrators Group, and you could write to it just fine. In Vista, you are also a member of the Built-in Administrators group, but now you can't write to it. Explaination The reason is permissions, but the reason they become a problem is because of User Account Control (UAC). If you run "whoami /all /fo list" on Vista you get a printout of your permissions token. It will have a few lines that look like this: Group Name: BUILTIN\Administrators Type: Alias SID: Attributes: Group used for deny only You are a member of Administrators, but your security token does not actually have the Administrators group in it in the normal way. UAC marks that group as a "deny" which means it is never used to grant permissions, only to allow them. If you now look at the Access Control List (ACL i.e. the permissions) for the drive: C:\Users\foo>icacls d:\ d:\ NT AUTHORITY\SYSTEM:(OI)(CI)(F) BUILTIN\Administrators:(OI)(CI)(F) BUILTIN\Users:(OI)(CI)(RX) The parts causing you trouble are the last two lines. The second line grants Administrators full control. You are an Administrator, but because you are running under a non-elevated token, you do not have Administrators in your token, so that membership doesn't help you. The second line grants users read. You are also a member of users. Thus, when running in admin approval mode under UAC, your total rights to this drive is read. Fix To fix this, you need to grant Users modify privileges to the drive. Really simple to do. Option 1: Right-click the drive letter in Explorer and select properties Click the security tab Click "Edit." You will be asked to elevate. Remember, until you do you are still in admin approval mode and for all practical purposes you are not an admin Select "Users" and check the Modify box Click OK enough times to get back to where you were. Option 2: (A bit more complicated but easy if you like syntax) From an elevated command line. Click the Window circle Click All Programs: Accessories Right-click on Command Prompt and select "Run as administrator" Elevate Run this command: icacls d:\ /grant BUILTIN\Users:(oi,cl,m) Substitute whatever drive letter your external drive is mapped to for d:\. oi means "let objects (files) inherit this ACE". cl means "let containers (directories) inherit this ACE". m means "modify". An ACE is an Access Control List Entry, in other words, the entries in the ACL that grants or denies someone permission to the object. Once you do this regular users will be able to read and write to the drive. As long as you have not broken inheritance somewhere along the directory hierarchy of the drive you will not need to modify any more ACLs on this whole drive.
__________________
__________________
serverguy  My System: Eclipse
|
|
#4
14th Jan 2008, 11:55
|
|||
|
|||
|
The syntax for the second method should have been
Click the Window circle Click All Programs: Accessories Right-click on Command Prompt and select "Run as administrator" Elevate Run this command: icacls d:\ /grant BUILTIN\Users:(OI)(CL)(M) Substitute whatever drive letter your external drive is mapped to for d:\. (OI) means "let objects (files) inherit this ACE". (CL) means "let containers (directories) inherit this ACE". (M) means "modify". An ACE is an Access Control List Entry, in other words, the entries in the ACL that grants or denies someone permission to the object.
__________________
serverguy |
|
#5
14th Jan 2008, 12:28
|
|||
|
|||
|
Ran both versions in command line - both say the "BUILTIN..............etc. is invalid prompt. Tho other method has had no effect. ??
|
|
#6
14th Jan 2008, 12:59
|
|||
|
|||
|
Forget the command prompt. I can't seem to get that to work either.
I don't understand why the first way doesn't work... Have you tried taking ownership? Right Click the D:\ Drive icon from My Computer --> Properties --> Security --> Advanced --> Take Ownership
__________________
serverguy |
|
#7
16th Jan 2008, 02:40
|
|||
|
|||
|
Have tried numerous times to take ownwership - -have not tried to write since the last..... been busy with a blown PSU and a black screen POST. I appreciate your efforts, and will apprise you of the outcome. Thanks...............
|
