Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!

WelcomeScan.jpg

Apr
1,794
15
Code:
C:\Backup\A1\B1\C1\D1>icacls WelcomeScan.jpg
WelcomeScan.jpg NT SERVICE\TrustedInstaller:(F)
                BUILTIN\Administrators:(RX)
                NT AUTHORITY\SYSTEM:(RX)
                BUILTIN\Users:(RX)
                APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)
                APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(RX)

Successfully processed 1 files; Failed processing 0 files

and

Code:
C:\Backup>icacls WelcomeScan.jpg
WelcomeScan.jpg BUILTIN\Administrators:(I)(F)
                NT AUTHORITY\SYSTEM:(I)(F)
                BUILTIN\Users:(I)(RX)
                NT AUTHORITY\Authenticated Users:(I)(M)

Code:
        a sequence of simple rights:
                N - no access
                F - full access
                M - modify access
                RX - read and execute access
                R - read-only access
                W - write-only access
                D - delete access
       a comma-separated list in parentheses of specific rights:
                DE - delete
                RC - read control
                WDAC - write DAC
                WO - write owner
                S - synchronize
                AS - access system security
                MA - maximum allowed
                GR - generic read
                GW - generic write
                GE - generic execute
                GA - generic all
                RD - read data/list directory
                WD - write data/add file
                AD - append data/add subdirectory
                REA - read extended attributes
                WEA - write extended attributes
                X - execute/traverse
                DC - delete child
                RA - read attributes
                WA - write attributes
        inheritance rights may precede either form and are applied
        only to directories:
                (OI) - object inherit
                (CI) - container inherit
                (IO) - inherit only
                (NP) - don't propagate inherit
                (I) - permission inherited from parent container

I can delete the 2nd file but can't the first. I think i need to use icacls? Any ideas?
 
It looks like admins have F(ull) access to the second one, but not to the first (RX) only. I use ICACLS often but I'm no expert. Whenever I want to look at the firewall log, I go to its directory and issue

Code:
ICACLS * /grant vefatica:F

I reckon you're an admin and could do that to the first file.
 
P.S., The only other one I have in my savedcommands.txt is

Code:
ICACLS *.URL /L /T /SETINTEGRITYLEVEL MED

in the Favorites folder. That helped with some URLs the system didn't want me following.
 
It looks like admins have F(ull) access to the second one, but not to the first (RX) only. I use ICACLS often but I'm no expert. Whenever I want to look at the firewall log, I go to its directory and issue

Code:
ICACLS * /grant vefatica:F

I reckon you're an admin and could do that to the first file.

is vefatica same as %USERRNAME% for you?
 
The two ICACLS commands above helped but I have a stubborn file....

Tuesday.jpg
 
I'd try CDDing to the file's directory and issuing

Code:
ICACLS iastorac_732859.tmp /grant %USERNAME%:F

Though it's not clear you need to take ownership of the file, ICACLS's help suggests this should do it.

Code:
ICACLS iastorac_732859.tmp /setowner %USERNAME%

For either command, I reckon you could use a fully-qualified path\name (without CDDing) and hard-code your username.[/code]
 
Yes, that works.

Code:
v:\> do x in zz* (echo %x - %@owner[%x])
zz.txt - BUILTIN\Administrators

v:\> icacls zz.txt /setowner vefatica
processed file: zz.txt
Successfully processed 1 files; Failed processing 0 files

v:\> do x in zz* (echo %x - %@owner[%x])
zz.txt - JJ\vefatica

It's funny. v:\ is where I write batch files and keep many that are obsolete or still evolving. About half the files there are owned by BUILTIN\Administrators and about half by JJ\vefatica. I never do anything special regarding ownership so I wonder what the difference is.
 
Code:
[C:\ZZZ_Backup_Old\TMP_0001]ICACLS iastorac_732859.tmp /grant %USERNAME%:F
processed file: iastorac_732859.tmp
Successfully processed 1 files; Failed processing 0 files

[C:\ZZZ_Backup_Old\TMP_0001]ICACLS iastorac_732859.tmp /setowner %USERNAME%
processed file: iastorac_732859.tmp
Successfully processed 1 files; Failed processing 0 files

[C:\ZZZ_Backup_Old\TMP_0001]echo dptf_cpu_725937.tmp - %@owner[dptf_cpu_725937.tmp]
dptf_cpu_725937.tmp - DESKTOP-C293QAU\csgal

[C:\ZZZ_Backup_Old\TMP_0001]del dptf_cpu_725937.tmp
Deleting C:\ZZZ_Backup_Old\TMP_0001\dptf_cpu_725937.tmp
TCC: (Sys) Access is denied.
 "C:\ZZZ_Backup_Old\TMP_0001\dptf_cpu_725937.tmp"
     0 files deleted       1 failed
 
You've changed the file! Owning it is not necessarily enough. Try

Code:
ICACLS dptf_cpu_725937.tmp /grant %USERNAME%:F
 
Code:
C:\ZZZ_Backup_Old\TMP_0001>ICACLS dptf_cpu_725937.tmp /grant %USERNAME%:F
processed file: dptf_cpu_725937.tmp
Successfully processed 1 files; Failed processing 0 files

C:\ZZZ_Backup_Old\TMP_0001>del dptf_cpu_725937.tmp
C:\ZZZ_Backup_Old\TMP_0001\dptf_cpu_725937.tmp
Access is denied.

C:\ZZZ_Backup_Old\TMP_0001>
 
Can you delete it with Explorer? See what this says.

Code:
ICACLS dptf_cpu_725937.tmp
 
Code:
C:\ZZZ_Backup_Old\TMP_0001]del /z dptf_cpu_725937.tmp
Deleting C:\ZZZ_Backup_Old\TMP_0001\dptf_cpu_725937.tmp
TCC: (Sys) Access is denied.
 "C:\ZZZ_Backup_Old\TMP_0001\dptf_cpu_725937.tmp"
     0 files deleted       1 failed

[C:\ZZZ_Backup_Old\TMP_0001]attrib dptf_cpu_725937.tmp
______N__________  C:\ZZZ_Backup_Old\TMP_0001\dptf_cpu_725937.tmp

[C:\ZZZ_Backup_Old\TMP_0001]
 
Here is the output from handles.....
 

Attachments

  • CSG_Handles.zip
    47.9 KB · Views: 124
Code:
C:\ZZZ_Backup_Old\TMP_0001>ICACLS dptf_cpu_725937.tmp
dptf_cpu_725937.tmp DESKTOP-C293QAU\csgal:(F)
                    BUILTIN\Administrators:(I)(F)
                    NT AUTHORITY\SYSTEM:(I)(F)
                    BUILTIN\Users:(I)(RX)
                    NT AUTHORITY\Authenticated Users:(I)(M)
                    Mandatory Label\Medium Mandatory Level:(NW)

Successfully processed 1 files; Failed processing 0 files

C:\ZZZ_Backup_Old\TMP_0001>
 
Code:
C:\ZZZ_Backup_Old\TMP_0001>ICACLS dptf_cpu_725937.tmp
dptf_cpu_725937.tmp DESKTOP-C293QAU\csgal:(F)
                    BUILTIN\Administrators:(I)(F)
                    NT AUTHORITY\SYSTEM:(I)(F)
                    BUILTIN\Users:(I)(RX)
                    NT AUTHORITY\Authenticated Users:(I)(M)
                    Mandatory Label\Medium Mandatory Level:(NW)

Successfully processed 1 files; Failed processing 0 files

C:\ZZZ_Backup_Old\TMP_0001>
If you're csgal, I have no idea why you can't delete it. Try

Code:
FILELOCK C:\ZZZ_Backup_Old\TMP_0001\dptf_cpu_725937.tmp

According to the help you can [forcibly] close it (/C /F) but I doubt that would work if someone important enough has it open. But then, if it were open, I'd expect the "in use by another process" error message.
 
You might want to Google and read about "Intel(R) Dynamic Platform and Thermal Framework (DPTF)". From what little I've read about it, if it's on, you might want to turn it off.
 
Here is the output from handles.....
Huh.. it sure is acting like it's in use even though it doesn't make an appearance in your handles file.

It doesn't seem to be a permissions thing because I experimented with denying myself delete on a test file and I could still delete it, I'm guessing because I'm in the Administrator's group, which is also the owner and has full permissions. And you have full permissions in addition to being the owner, and you're probably in the Administrator's group, which also has full permissions.

Another silly question... Is TCC, and therefore handle, running elevated?

Otherwise, Vince may be onto something with the DPTF.
 
If you're csgal, I have no idea why you can't delete it. Try

Code:
FILELOCK C:\ZZZ_Backup_Old\TMP_0001\dptf_cpu_725937.tmp

According to the help you can [forcibly] close it (/C /F) but I doubt that would work if someone important enough has it open. But then, if it were open, I'd expect the "in use by another process" error message.
Code:
C:\ZZZ_Backup_Old\TMP_0001>FILELOCK C:\ZZZ_Backup_Old\TMP_0001\dptf_cpu_725937.tmp
'FILELOCK' is not recognized as an internal or external command,
operable program or batch file.
 
'FILELOCK' is not recognized as an internal or external command, operable program or batch file.

How old is your TCC? FILELOCK was introduced in version 18.

Code:
v:\> which filelock
filelock is an internal command
 
Code:
C:\ZZZ_Backup\TMP_0001]filelock /c /f iaStorAC_732859.tmp

[C:\ZZZ_Backup\TMP_0001]del iaStorAC_732859.tmp
Deleting C:\ZZZ_Backup\TMP_0001\iaStorAC_732859.tmp
TCC: (Sys) Access is denied.
 "C:\ZZZ_Backup\TMP_0001\iaStorAC_732859.tmp"
     0 files deleted       1 failed

[C:\ZZZ_Backup\TMP_0001]ver /r

TCC  29.00.17 x64   Windows 10 [Version 10.0.19044.2604]
TCC Build 17   Windows 10 Build 19044
Registered to DESKTOP-C293QAU

[C:\ZZZ_Backup\TMP_0001]

I was not familiar with FILELOCK being in TCC/TCMD..... sorry
 
I'm running out of ideas. Who created C:\ZZZ_Backup_Old\TMP_0001; who uses it? You could try looking at and possibly changing the permissions on that folder.
 
This computer isn't by any chance a member of a domain, is it? Because if you have users with the same name both in the domain and on the computer itself, that's a grand opportunity for confusion....
 
I created C:\ZZZ_Backup_Old\TMP_001 when using the included runme.btm ran under the above TCMD / TCC in Admin mode:

Code:
COMMENT

        :: RunMe.btm

ENDCOMMENT

del /a:d /s /e /x /y *
Global /H /I /N /Q ( for %fn in (*) Gosub Dofile )
del /a:d /s /e /x /y *

QUIT

:Dofile
    set uExt=%@upper[%@ext["%fn"]]
    for /l %n in (1,1,9999) (
        iff not isfile "c:\ZZZ_Backup\%[uExt]_%@format[04,%n]\%fn" then
            move /a: /e /h /md "%fn" "c:\ZZZ_Backup\%[uExt]_%@format[04,%n]\"
            leavefor
        endiff
    )
    return

The move also had "/MDA /DD" - not that those made any difrference...
 
Back
Top