Mastering icacls and takeown
Managing file permissions and ownership in Windows can sometimes feel like navigating a maze, especially when dealing with restricted files or folders.
Whether you’re troubleshooting access issues, cleaning up system files, or managing user permissions, two powerful command-line tools can make your life easier: Takeown and ICACLS.
These commands allow you to take ownership of files and modify their permissions, giving you full control over your system’s resources.
In this post I will show some basics about these command-line tools.
Takeown
This tool allows an administrator to recover access to a file that was denied by re-assigning file ownership.
> takeown /F "C:<path of the folder you want to delete>" /R /D Y
Grant Full Control to a User
Below for example we will grant full control to all users which are members in the local Administrators group.
> icacls.exe "C:\Path\To\Folder" /grant Administrators:F /T /C /Q
/grant <username>:F → Grants Full Control (F) to the specified user.
/T → Applies changes to all subfolders and files (recursive).
/C → Continues even if errors occur.
/Q → Suppresses success messages.
Grant Full Control to Everyone
f you want all users to have full control:
> icacls.exe "C:\Path\To\Folder" /grant Everyone:F /T /C /Q
Verify Permission
To check the current permissions:
> icacls.exe "C:\Path\To\Folder"
Remove Granted Permissions
If you need to remove full control later:
> icacls.exe "C:\Path\To\Folder" /remove <username> /T /C /Q
You can also read my following post about troubleshooting the Access Denied error message when trying to delete folders recursive.
Links
icacls
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/icaclstakeown
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/takeownDACLs and ACEs
https://learn.microsoft.com/en-us/windows/win32/secauthz/dacls-and-aces
