PowerShell Pipeline

Managing Owners of Files and Folders with PowerShell

Here is how to update the owner permissions on a file that cannot be accessed.

If you have been in almost any IT role or even just working with your computer at home, odds are that you have had to work with file permissions and, at some point, been required to change the owner of a file or folder. You may have to do this for a number of reasons, such as gaining access to a folder so that you can set permissions in the event something has happened that removed all permissions from the object.

The first thing that we need to do is find a folder that is in need of an owner update. In my case, I have a folder that had ownership from an account that no longer exists -- which results in a SID being displayed instead of the user account.

PS C:\Users\proxb\Desktop> Get-Acl .\Test | Format-List

Path : Microsoft.PowerShell.Core\FileSystem::C:\Users\proxb\Desktop\Test

Owner : O:S-1-5-21-1622209884-4033722606-793030036-1005

Group : PROX-PC\proxb

Access : NT AUTHORITY\SYSTEM Allow FullControl

BUILTIN\Administrators Allow FullControl

PROX-PC\proxb Allow FullControl

Audit :

Sddl : O:S-1-5-21-1622209884-4033722606-793030036-1005G:S-1-5-21-1622209884-4033722606-793030036-1001D:AI(A;OICII

D;FA;;;SY)(A;OICIID;FA;;;BA)(A;OICIID;FA;;;S-1-5-21-1622209884-4033722606-793030036-1001)

We can see that the Owner property is just a SID and means that we could have potential issues if something happened to the existing permissions on the folder. We could use Windows Explorer to graphically locate the folder and view the properties and then set a new owner of the folder, but what fun is that? We also can make use of a utility called takeown.exe, which has a set of switches that can be used to set the owner of a folder and subfolders to either the current user or the built-in Administrators group. Definitely nice, but I don't want to be limited to what account or group that can own the folder. Instead, we will dip our toes into some .NET types to help with making the change of ownership from the SID to another user account.

First thing that we need to do is get the current ACL object of the folder.

$ACL = Get-Acl .\Test

Let's take a look at the object and see if we can find a method that will help us change the owner.