Some folders in Vista are virtual folders that one cannot access or take ownership of. Why is this so? A question also arises when one tries to access files on an old hard drive from a prior computer, and one may even wonder if he should "takeown" of his own C: drive. Let's see how takeown works.
Have you ever wondered why you can navigate to your user name folder under C: drive → Users and can't open the folder called "My Music?" Have you wondered about why Vista won't let you access files on an older hard drive from a computer that used your very same user name and that you owned?
Even though these seem to be the same problem, they are actually separate issues. Here we'll look at how when it is and is not a good idea to take ownership of a file, folder, or an entire hard drive and how those virtual folders like
My Documents and My Music in Vista work.
Ownership in Vista
Takeown is a command-line utility program that famously allows "an administrator to recover access to a file that was denied by reassigning file ownership." It is most often used in a "quick and dirty" fashion to wrench away ownership of a file or folder when Vista inexplicably decides that it owns the sole rights to it.
The ownership model in Vista includes everyone, users, administrators, and system. Permissions and ownership are related, but they are not the same thing. For example, the system can own a file that administrators and users are granted "full control" over. These are permissions.
For another example, let's look at a log file that is generated in the Vista Windows directory. Microsoft is pretty clear that users have no need to be mucking around in the Windows folder, but what if we need to manipulate the file? We can copy it out to the desktop, but the permissions come with it. The user cannot change or edit the file without invoking a UAC prompt and becoming an administrator. Not only is this a minor pain, it's also unneeded for what is really just a text file.
So we right-click the file and go into the security settings. We click "Continue" and add our name as a party to have some control over the file. We click "Check name" and if Vista finds us (ComputerName/User is the usual reply), then we have Vista's blessing to become a concerned party. With this, we can select "Full Control" and obtain all the permissions to do what administrators or the system itself can do to the file.
This effectively renders all the trappings of ownership, allowing us to manipulate the log file at will, but we don't actually own the file. Let's take a closer look at ownership in Vista.
Ownership Model
At the most basic level, every object in Windows, which are by definition files (even directories are really a type of file), has an owner. The owner decides how permissions are set and to whom permissions are granted. The owner is the entity that created the object, and it can set permissions on the object even when denied all access to the object. In other words, ownership is persistent.
That's why when we copied the log file out of the Windows directory to our desktop, we did not take ownership of the file. That ownership still resided with the process that created it. We manipulated the permissions so that, effectively, we could act as if we had taken ownership, but in reality, we did not.
Microsoft says that about 85% of Vista PCs are used by a single user. Administrators in Vista, which we become when we click on a UAC prompt a couple of times, have the right to take ownership of a file or folder. Once this is done, we can even give away the ownership to ourselves as the user. This then avoids the UAC prompt when we make use of the file or folder.
So we see that ownership and full control by permissions are highly related in Vista, but are not the same thing at all.
When do we most often find ourselves needing to know about taking ownership? When we're locked out of our own stuff, of course.
Taking Ownership
Such is the situation when we get a new computer and decide to put our old hard drive into an external enclosure in order to continue using it. If Vista allows us to copy some files from the drive to the new computer, that's great. After a while, however, we begin to think about how much storage space we'd free up on that old drive if we nuked the Windows and Program Files folders there. And so we right-click the Windows folder on that drive, hold down Shift, and select Delete.Vista then declares that we need permission to continue, and then, illogically, pops up a second prompt to ask if we want to continue. We doggedly keep clicking, and then Vista tells us...
Access Denied
So, recently having become fluent in the practice of giving ourself permissions to take full control, we attempt to do this by adding ourself as a user. Again, access is denied.
What's the problem here? The problem is that the entity that owns that folder stills controls it even though it has lost access to it. (And Vista still thinks you have no business mucking around in a Windows folder.)
The implication here, of course, is that the PC administrator is not all-powerful. The further implication is that this is a logical hole in the theory of ownership and permissions in Vista
And into this hole nicely fits the takeown command, which we'll look at next.
No comments:
Post a Comment