Windows Command Line: How to Take Ownership of Files Using Takeown and Icacls


1 views

In Windows environments, administrators often need to take ownership of files when dealing with permission issues. While Unix/Linux systems use chown, Windows provides two powerful commands: takeown and icacls.

The simplest way to take ownership of a file:

takeown /f "C:\path\to\file.txt"

For directories (including subfolders and files):

takeown /f "C:\path\to\directory" /r /d y

When you need to set specific permissions after taking ownership:

takeown /f "C:\protected\file.dll"
icacls "C:\protected\file.dll" /grant administrators:F

1. Taking ownership of system files:

takeown /f "C:\Windows\System32\drivers\etc\hosts"

2. Recursive ownership for development folders:

takeown /f "D:\dev\project\" /r /d y
icacls "D:\dev\project\" /grant developers:(OI)(CI)F /t

If you encounter "Access Denied" errors, try:

takeown /f lockedfile.exe /a
icacls lockedfile.exe /setowner "BUILTIN\Administrators"

For batch processing multiple files:

for /f %i in ('dir /b *.dll') do (
    takeown /f %i
    icacls %i /grant %username%:F
)

Always remember to:

  • Run commands as Administrator
  • Restore original permissions when possible
  • Audit ownership changes in production environments

Unlike Unix-like systems where chown handles both ownership and permissions, Windows separates these functions. When you need to claim ownership of protected files (common in system directories or after migrations), you'll need these tools:

The native solution for ownership transfer:

REM Take ownership of single file
TAKEOWN /F "C:\Protected\file.dll" 

REM Recursive directory takeover (admin required)
TAKEOWN /F "C:\Locked_Folder" /R /D Y

While cacls is deprecated, its replacement ICACLS provides granular control:

REM Set administrator as owner
ICACLS "C:\System\config.ini" /setowner "Administrators" 

REM Full permission reset after ownership change
ICACLS "C:\Legacy\*" /reset /T /C /L

For modern environments, PowerShell offers object-oriented approaches:

# Single file ownership
(Get-Item "D:\Secure\data.db").GetAccessControl().SetOwner([System.Security.Principal.NTAccount]"DOMAIN\User")
Set-Acl -Path "D:\Secure\data.db" -AclObject (Get-Acl "D:\Secure\data.db")

# Bulk processing example
Get-ChildItem "E:\Migration\*" -Recurse | % {
    $acl = Get-Acl $_.FullName
    $acl.SetOwner([System.Security.Principal.NTAccount]"BUILTIN\Administrators")
    Set-Acl -Path $_.FullName -AclObject $acl
}

Inheritance issues: Use ICACLS /inheritance:d before ownership changes on stubborn folders.

System files: Combine with DISMOUNT /online /cleanup-image /restorehealth when dealing with corrupted ownership.