none
Restore Volume ACLs

    Question

  • I found a nice site that  showed me how to fix permissions on a folder structer with the latest icacls:

    icacls * /T /Q /C /reset

    It didn't however fix my issue. I was playing around for fun and learning. So this is no real emergency more for education purposes. I noticed the following:

    If you right click a mounted partition of a disc in windows explorer and remove Everyone and the BuiltIN\users group completely the following happens:

    1) You loose the bar graph showing the size remaining on the disc.

    2) You loose all context menu items under "new"

    Now the issue is the icacls command doesn't have a /M option, however I found it still respected the enhancements made to the old school cacls years ago, in that it can accept a volume GUID ID.

    But the results where the same as when I replaced * with the root mount path (E.G. F:\) in spits out the following:

    If I specify the root mount: F:\: This operation is not allowed as it would create an un-usable ACL.

    and the same error if I replace the mount point with the volume GUID:

    \\?\Volume{762c951f-6f4c-11e8-9174-005056bb0b12}\: This operation is not allowed as it would create an un-usable ACL.

    Millions dollar question:

    How do you reset/recover/repair the root volume ACLs after you delete them using the root mount security tab?

    PS - I forgot to add the main permissions I noted that got changed after removing and re-adding those groups was the following permissions lines as outputted by cacls before making any changes to the mount point:

    BUILTIN\Users:(CI)(special access:)
    FILE_APPEND_DATA
    BUILTIN\Users:(CI)(IO)(special access:)
    FILE_WRITE_DATA

    • Edited by Zewwy Thursday, June 14, 2018 2:43 PM
    Thursday, June 14, 2018 2:40 PM

All replies

  • Hi Zewwy,

    For now, I haven't find the official explanation about this from Microsoft now.

    But based on understanding, for icacls /reset, what the command does is replace the provided path's permissions with defaults from the parent. When you think about it, F:\ doesn't have a parent. So instead the command ICACLS "F:\" /reset /T,  we could navigate to the desired directory using cd. Eg. cd /d F:. Once done run this command: ICACLS * /reset /T .

    >>>> I noted that got changed after removing and re-adding those groups

    However, I still couldn't figure out why Everyone and the BuiltIN\users group make that changed.

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, June 15, 2018 6:36 AM
    Moderator
  • Thanks for the reply Mary.

    As I said I'm doing this to learn cause and effects of doing some very basic things. It amazed me how easy it was to break things, and then how difficult it was to fix it when it came to volume permissions, which are changed when you simply request a mount point "permission" navigate to the security tab, and simply remove those users.

    This method is used to secure folders, figured I'd see what happens if I did the drive itself, and this is what I discovered. besides adding a new disc, I haven't found a way to fix this issue. I mean for small data not a problem, for big data... this could be a real problem.

    Monday, June 18, 2018 1:10 PM
  • Hi,

    Maybe you could consider to open a ticket from Microsoft for further explanation.

    It is also appreciate other member in the forum could share more ideas.

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, June 19, 2018 2:02 AM
    Moderator