Fixing “Access Denied” Error in Windows 7 FIND Command for Administrator Accounts


9 views

When running the Windows FIND command as an administrator (even through elevated cmd.exe), you might encounter:

FIND /I "search_string" C:\\Users\\username\\Documents
Access denied - C:\\USERS\\USERNAME\\DOCUMENTS

The Windows FIND command has a peculiar behavior where it requires both:

  • Administrative privileges
  • Explicit read permissions on the target

Solution 1: Redirect input

TYPE file.txt | FIND "string"

Solution 2: Use alternative tools

# PowerShell alternative:
Select-String -Path "*.txt" -Pattern "search_term"

# Using findstr (more reliable):
FINDSTR /I /M "search_term" *.txt

If you must use FIND directly:

# Take ownership first (admin cmd):
TAKEOWN /F "C:\\Users\\username\\Documents" /R /D Y

# Then grant permissions:
ICACLS "C:\\Users\\username\\Documents" /grant Administrators:(OI)(CI)F

The FIND command attempts to open directories as files, which triggers Windows security checks. This differs from most file operations that check ACLs differently.

Many Windows 7 administrators encounter this puzzling scenario: Even with admin privileges, the native FIND command fails when searching through user directories. Let's break down what's happening:

C:\Users\Admin>FIND /I "test" C:\Users\TestUser\Documents
Access denied - C:\USERS\TESTUSER\DOCUMENTS

The issue stems from Windows 7's security model for protected user directories. The FIND command needs both:

  • File read permissions on the target files
  • Directory traversal rights on all parent folders

Even administrators get blocked by default due to User Account Control (UAC) restrictions on protected system locations.

Option 1: Take Ownership First

takeown /f C:\Users\TestUser\Documents /r /d y
icacls C:\Users\TestUser\Documents /grant Administrators:F /t

Option 2: Use PowerShell Instead

Get-ChildItem C:\Users\TestUser\Documents -Recurse | Select-String "test"

Option 3: Run CMD with Full Token

runas /noprofile /user:Administrator "cmd /c FIND /I \"test\" C:\Users\TestUser\Documents"

If you frequently need to search protected locations, consider these alternatives:

:: Using where.exe (for file names)
where /r C:\Users\TestUser *.txt

:: Using xcopy with find (workaround)
xcopy /L /Y C:\Users\TestUser\Documents\*.* | FIND "test"

Remember that bypassing these protections has security implications:

  • Only modify permissions on directories you truly need to access
  • Consider creating dedicated service accounts for automated searches
  • Document permission changes for audit purposes