7

I have several hard drives that I need to grab data from. All are formatted NTFS, a couple have Win 10 installed, a few have Win7 installed. Under Windows 2000 and XP, I could simply attach the drive via USB or PATA/SATA and I could view the contents and copy/paste files without ever running into a permissions issue. With Win7 through 10, I have to take ownership and jump through a couple of hoops to do the same thing. Doing this, however, really screws up access when I put the drive back in it's old machine and boot it up.

As an example: A user receives a new laptop and wants some of their old files transferred, BUT still needs the old laptop for a bit longer. To keep the amount of time this takes down, I would pull the old drive and stick it in a USB enclosure and plug it up to the new machine. Under XP this simply allows access to the files and I can transfer them without issue and re-install the drive in the old laptop without a hiccup. Under Win7-10, I have to take ownership of the user's home directory recursively (which usually takes hours), and even then I may sill have permissions issues copying from the drive. Once the copy is complete I re-install the drive in it's original laptop and power it up. The user then finds he/she has no permissions on their own home directory and taking ownership takes hours and may not reset everything properly, creating even more work to get it back to normal.

Is there a way to set up Win7-10 to bring it's security settings down to function like XP for something like this?

misterjones
  • 71
  • 2

2 Answers2

2

You can not mount ntfs so that permissions are disabled, I suppose (I am even in doubt that this was possible in Win XP).

But you can bypass file permissions as Administrator, or any other account possessing backup privilege. You can even mount ntfs volume readonly (to be sure you did not accidentally change anything on the volume while you copied files) and still be able to bypass the volume permissions.

backup privilege doesn't allow a generic use of files, like text editing, but allows to copy files, and that's what you want.

However, a typical application that you might want to use to copy files, e.g. Windows Explorer, has not been learned to use the backup privilege, because this privilege has been designed for ... backup 8-O , so you need a workaround(s).

First of, when you know the source directory location, you may just

C:\> robocopy /e /r:0 /b SRC DST

/b makes robocopy to use backup privilege for copying and bypassing permissions. But take care, even Windows 10 robocopy doesn't handle hardlinks, and handles directory junctions wrong. Windows 8 robocopy additionally doesn't handle symbolic links. You may need to recreate links manually.

Second of, when you need to the browse the source before copying.

To be more specific, let's assume you are using Windows Explorer. Run EnableSeBackupPrivilege from Explorer, this will enable backup privilege for Explorer. Then magic happens: Explorer begins to enter any previously inaccessible directory, including attached drive, [System Volume Information] on any drive, etc...

Explorer will still not be able to read from files, copy them, but filesystems become completely transparent. When you have done with browsing you can copy necessary files with robocopy.

You may try what effect the enabled backup privilege have on other applications.

E.g. dism correctly handles hard-, sym-links and directory junctions, and able to "capture" files if the backup privilege has been enabled for dism. You can migrate files from the source to the destination reliably, however, at the price of intermediate wim file.

UPD 21 Feb 2021: btw, Windows PE has backup/restore privilege enabled by default, that's why you can browse "guest" ntfs disks freely in WinPE.

jabba
  • 21
  • 4
  • Since I made this post I've just resigned to keeping a Windows XP machine handy. Basically all I need to do is plug up the source drive and destination to the XP machine and I can copy whatever I want without having to overwrite permissions as I do with Win7 up. It simply grabs the files and copies them to wherever I tell it, no prompts, no permissions issues, no anything. Copy, paste, wait, done. It's just that simple. – misterjones Feb 16 '21 at 23:22
  • My advice is for those for whom a separate working environment is either unavailable or undesirable. E.g. you may want to save something from the "guest" ntfs disk into your main work environment, or you may be in a field and do not want to take one more notebook with you. – jabba Feb 21 '21 at 14:40
  • It seems elevated 7zip's buildin explore can just browse/copy whatever dir it want, bypassing the acl. Did it enable that privilege by default to do so? I generally use it to access from old driver image (mounted as read-only to prevent corrupting the backup by accident). The user in that image is different from my current one, just like the situation in question. – Jerry Jul 07 '21 at 18:20
  • @Jerry The Users folder has permission for built-in Administrators group by default – fjch1997 Oct 14 '21 at 15:43
  • @fjch1997 It can even navigate into WindowsApp folder and do modifications, which should be restricted to System and uwp app related group only. – Jerry Oct 18 '21 at 09:52
  • @Jerry Just tested it. You're right. 7-zip does bypass the ACL. – fjch1997 Oct 18 '21 at 17:41
1

I understand that this is an old question, but the answer can be helful for others.

You can't mount an NTFS volume ignoring ACLs on WinXP. However, running with administrators privileges on WinXP will effectively grant all permissions, included the one needed to browse an otherwise ACL-protected folder.

Windows 7 and later behave differently: even when using an administrator-level account, explorer.exe will immediately drop the elevated provileges, causing the UAC prompt for adding an user-specific ACL on the folder.

To work around the issue, you can use an alternate file browser as Explorer++, launching it with admin permission (ie: "run as administrator").

shodanshok
  • 47,711
  • 7
  • 111
  • 180