This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I need to add (not replace) in the ACLs folders and subfolders some Admin users and groups.
The folders already have some users and groups (with full access) which doesn't allow at the powershell script the access to the folders and add additional new users because the access is denied.
I tried to force the addition of the local administrator user but the command below didn't work :
icacls D:\test\Vol2 /grant "Administrator":F /T
I tried then taking the ownership of each folder (by the local admin) with the command below:
takeown /f D:\test\Vol2" /r /d y
which it seems worked (I did a test on a copied folder).
However I have noticed the administrator become also a member of the ACL but on some folders it has been replaced to all users present (not added).
How can I ensure that the administrator user can take the ownership of each folder without replacing the others users (already present in the ACLs)?
Thanks
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
Hi Marc,
I’m not sure why takeown.exe has this behavior but you may consider changing the owner using Set-Acl
$acl = Get-Acl D:\test\Vol2
$account = [System.Security.Principal.NTAccount]::new("domain","user")
$acl.SetOwner($account)
$acl | Set-Acl D:\test\Vol2
Your script is working very well on folder that contain the user that is running the script.
Unfortunalelly using your script as Administrator on folders that has not included in the security group the administrator user I am receiving the error below:
Get-ChildItem : Access to the path 'D:\test\Vol2\folder1' is denied.
How a new user can take the ownerschip then?
Does the administrator have the permission to access the path D:\test\Vol2\folder1? Make sure your administror is allowed to list the folder.
The Administrator has all elevated right. Unfortunatelly the folders where copied from a server present in another domain therfore the grups and mebers are not present in the destination server/domain. This is the reason why the access is denied.
The only command that works is: takeown /f D:\test\Vol2" /r /d y
Hi Ian,
as explained previously the command below is the ony one that works
takeown /f D:\test /r /d y
Unfortunatelly now I am facing the error below.
The problem is that when it get the error it stops not following with the rest of the folders
Is there a way to force that it ignore the error to following with the other folders?
ERROR:
The filename, directory name, or volume label syntax is incorrect.