Windows 7 security permissions external HDD

ankido · Mar 22, 2014

Windows 7x64 completely up to date
Drobo server

Hi,

I've stumbled into a little problem. I will list the problem in details.

■Had windows 7 with Drobo as my server connected via USB 2.0
■Added a friend as user to windows 7
■Changed permissions on HDD for drobo to only allow me access
■Reinstalled windows 7
■Couldn't access HDD's from Drobo
■Removed old owner S-1-5-21-2148 blah blah blah which is what it shows now
■Gave ownership to myself
■Changed permissions so that anyone can access
■Installed windows 8.1, wasn't happy
■Reinstalled windows 7 and came back to the access of HDD's problem again

What I'm trying to do here is make the permissions go back to normal as they were before I even touched them. When I plug the Drobo server to another computer, I don't want any permissions to be set on them. I want full access for anybody. Kinda like how it was before I touched it. How do I go about doing this? If someone helps me, this will allow me to understand permissions in windows 7 and I can change in the future and be able to make changes and revert back to normal when I want. It will be a learning experience.

Thank you in advance!

pauls3743 · Mar 22, 2014

Every file and folder on your system has security identifiers attached to them, within Windows they can be tracked back to a "friendly" name which is displayed when you look at the security settings. Hence you see "User 123" instead of the security identifier "S-1-5-21-2148...". Within Windows there are a number of Standard security identifiers for the likes of Administrator, Guest, System. There are also identifiers for the groups like Administrators (not to be confused with the account Administrator), Users, Everyone, etc.

Anyway, when you first setup your computer your own account was created with a new security identifier and added to the Administrators group so you had total control over the computer. When you added your friend you created a new security identifier and this was added to any files you changed permissions on, up to now he would have had User access. When you formatted your system new security identifiers were created for you and you friend, the old ones were lost. This meant the new install didn't have the information to decode the security identifiers still attached to the files on your external hard drive, the result was it blocked you because it didn't know who you were.

The best you can do with a hard drive, which isn't the OS drive, is
1). give ownership to the administrator group
2). give the administrator group total control
3). give the system group total control
4). give any other group the level of control you want them to have, this can be anything from denied up to total control
5). try not to give individual users specific permissions as this will lead to problems if you re-install the OS or transfer the drive to another computer
6). as you've learned, specific permissions can be bypassed by simply taking ownership and resetting the permissions

ankido · Mar 24, 2014

pauls3743 :

Every file and folder on your system has security identifiers attached to them, within Windows they can be tracked back to a "friendly" name which is displayed when you look at the security settings. Hence you see "User 123" instead of the security identifier "S-1-5-21-2148...". Within Windows there are a number of Standard security identifiers for the likes of Administrator, Guest, System. There are also identifiers for the groups like Administrators (not to be confused with the account Administrator), Users, Everyone, etc.

Anyway, when you first setup your computer your own account was created with a new security identifier and added to the Administrators group so you had total control over the computer. When you added your friend you created a new security identifier and this was added to any files you changed permissions on, up to now he would have had User access. When you formatted your system new security identifiers were created for you and you friend, the old ones were lost. This meant the new install didn't have the information to decode the security identifiers still attached to the files on your external hard drive, the result was it blocked you because it didn't know who you were.

The best you can do with a hard drive, which isn't the OS drive, is
1). give ownership to the administrator group
2). give the administrator group total control
3). give the system group total control
4). give any other group the level of control you want them to have, this can be anything from denied up to total control
5). try not to give individual users specific permissions as this will lead to problems if you re-install the OS or transfer the drive to another computer
6). as you've learned, specific permissions can be bypassed by simply taking ownership and resetting the permissions

Thank you Paul. Now I understand how it works. Always have non OS drives owned by the Administrators Group. I was giving ownership to myself instead of the group. I forgot that I am part of the group. Makes a lot of sense and very informational Paul. Thanks again!

Search

Windows 7 security permissions external HDD

ankido

Distinguished

pauls3743

pauls3743

Distinguished

ankido

Distinguished

TRENDING THREADS

Latest posts

Moderators online

Share this page