My Windows XP installation is acting up again. For some reason I cannot pinpoint directories will change permission and it locks me out with an “Access Denied” permission. The problem is that I am logged in as a local administrator (hey, its Windows so its the only way to really work while in it 😛 ) and following the maxim “Computer Security stops with full physical access” then everything should be available to me. First reaction would be to check and modify the file security properties but since I don’t have “access” then the Security tab will not show in the properties window of the file.

Normally I would note the directory down somewhere in the desk, wait finishing my current work, and then reboot to Linux and access the files. Linux allows me to bypass the NTFS access control list so I can take out the files and move/copy them to a new location before deleting the old location. I run a chkdsk next time I boot into Windows to reset the index and have a semblance of sanity in the drive.

Today this can’t be my route as it locked a directory containing some files that I need for the current document I am working on. Rebooting to Linux to bail out Windows is not an option so I searched a way on how to circumvent this, and now I have two (well technically one with a backup).


CACLS is the built-in command line utility for modifying file access control lists in Windows. Invoking the help file (cacls /?)presents a pretty concise and helpful help message. To give my user account full access to the misbehaving directory and all the files inside, the command is

cacls [path to directory to be change] /T /G Erin:F

where /T specifies that all contents of the directory will be modified and the last switch tells the utility to give user name Erin full access.

If the cacls command still fails for your admin user, then try using the SYSTEM user as that generally have more privileges than the administrator users. You basically need to execute the same CACLS command under that privilege but the “runas” command will not work as you will need the SYSTEM password. You will have to trick the machine into opening the doors for you [insert devil grin here]. Not really, I was talking about the Scheduler trick that is only accessible to Administrators and some special user groups.


HH and MM is to be replaced with the time + one or two minutes from the current system time (use 24H format for the hours). This will trigger the task scheduler to open a command prompt at the set time which uses the SYSTEM account. You can try the cacls modification from the resulting prompt.

And if all else fails, there is always Linux. 😀