XCACLS: Changing ownership of a file or folder, Error Code = 5 (Msg#544)


I had a requirement to process huge pile of files. Some of the folders and files didn’t have access to the local administrators group. I decided to use XCACLS VBScript (download it here: http://www.microsoft.com/downloads/details.aspx?FamilyID=0ad33a24-0616-473c-b103-c35bc2820bda&DisplayLang=en)

When I was trying to take ownership of a folder, I got the following error. If you are reading this, obviously you got the same error.  I didn’t find a good reason for this error. According to MSDN, their error doesn’t exists. The command I used as below,

CScript C:WindowsXCACLS.vbs C:DataMarch08 /O DataServerAdministrator /SPEC B /S /T /F

The Error I got was,

**************************************************************************
Directory: C:DataMarch08
Changing Ownership to "DataServerAdministrator"
Error: Error Code = 5    (Msg#544)
**************************************************************************

I searched the Internet found no reliable answers. After some research with myself, I found a right tool to do the job.  My goal is to
– take ownership of a folder and it’s sub-folders and files
– And, inherit the permissions to all the sub-folders and files

Solution:

Use TakeOwn.exe tool to take ownership of the folder (and all it’s contents) and use XCACLS vbscript to assign "Inheritance" bit for all folders and files.

TakeOwn.exe tool was very forceful and gets the job done where XCACLS fails.

  1. Download the TAKEOWN.EXE from Microsoft and XCACLS (see the link above) if you don’t have it already. I would copy these files (TakeOwn.exe and XCACLS.vbs) to C:Windows. So It’s accessible from anywhere.
  2. Run TakeOwn.exe to to take ownership of the folder and it’s contents
    • TakeOwn /F C:PathFolderORFileName /A /R /D Y
      • /F <filename> is to specify the file or folder name
      • /A is take ownership to local Administrators group
      • /R is for recursively take ownership of all sub folders and files
      • /D Y (or /D N) is to accept any questions for change, otherwise you have to manually type Yes or No.
  3. Run XCACLS.vbs to assign "inheritance" bit on all sub-folders and files.
    • CScript C:WindowsXCACLS.vbs C:PathFolderORFileName /G Administrators:F /I Enable /SPEC B /F /T /S
      • /I Enable is to enable the Inheritance flag, so it will inherit the permission from parent folder
      • /SPEC B is to apply the changes to all sub folders and files
      • /G Administrators:F is to assign manual permission to local administrator group to full access. For odd reason, I have to supply this switch to process all sub folders and files and enabling inheritance flag.
      • /F is to process files
      • /S is to process sub folders
      • /T is to traverse through the while directory Tree
      • I would add /QQ or /Q for quite mode, because I don’t want to see the results for every file and folders

To make it easy, I created a batch file with the following commands

TakeOwn /F %1 /A /R /D Y
XCACLS %1 /G Administrator:F /I Enable /SPEC B /F /T /S /QQ

Call the batch file as "RefreshPermissions.bat". I would run the Batch file with the folder or file as parameter. E.g.,

RefreshPermissions.bat C:PathFolderName

I hope this solution also works for you. If it is, leave me a reply.

Advertisements

3 thoughts on “XCACLS: Changing ownership of a file or folder, Error Code = 5 (Msg#544)

  1. Thank you so much for posting this. I set the access on Windows\Installer (NT AUTHORITY\SYSTEM owned) to deny write, and then realized it was the wrong thing to do, but it wouldn’t let me change it back. Take own was on my system already, and takeown /f installer /a fixed it. Thanks!!!!

  2. so this is what i did

    TAKEOWN /F C:\windows\system32\cmd.exe

    Then it gave me ownership
    then using xcacls

    I did,

    xcacls.vbs C:\windows\system32\cmd.exe /G Administrators:M

    So now I gave administrators modify permissions

    when i go into the cmd.exe properties, there used to be a group of users and so forth, and now there’s only administrators under the list. Anyway I can revert back and undo those changes?

    Thanks for your time, hope to talk to you soon.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s