C:\System Volume Information - Left-Click denied, yet Right-Click works - Retaken Ownership

Thanks to all 6 who posted timely and helpful replies within 4h5min of my call; the 1st SOLVED my problem, but I also record the 5 next, that can be useful in some other cases (see below).

1) Thanks "Pegasus [MVP]", Sun 31 May 2009 11:56:03 GMT, for your advice ("Click Start / Help then look for help on Ownership"). It worked perfect. Details:

I forgot to mention my system is a Feb 2006 laptop, Windows XP Pro, Pentium M760 (Dothan 2.0GHz), 2GB, NOT joined to a domain, with SFS (Simple File Sharing) disabled.

I recall that I CANNOT select "C:\System Volume Information": when I Simple-Click or Double-Click it, I get "Access is denied", and the item is NOT selected, so I CANNOT come through this path and choose its Properties.

Now « Start > Help & Support "Ownership" (38 results) > "Take ownership of a file or folder" » tells to "Right-click the file or folder". And yes, I can Right-Click it DIRECTLY (while I could NOT by first Simple-Clicking it). Then the continuation is as usual:

- Right-click "C:\System Volume Information", "Sharing and Security..." (or "Properties"), "Security > Advanced > Owner > Change owner to", where I currently have:
- ** Administrators
- * Merlin
|_| (cleared) Replace owner on subcontainers and objects

So I check the "Replace owner on subcontainers and objects", select "Merlin", and click "OK", which returns:
_____________________________________________________________
| Security (icon = Black exclamation mark on Yellow triangle)
|_____________________________________________________________
| You do not have permission to read the contents
| ! of directory \??\C:\System Volume Information.
| Do you want to replace the directory permissions
| with permissions granting you Full Control?
|
| All persmissions will be replaced if you press Yes.
|
| | Yes | | No |
|_____________________________________________________________

I clicked Yes; changing permissions took about 1min30sec.

Once reached the "RP305\....exe" archive involved (1,505 KB), I couldn't open it and find the threat, so I deleted the entire "RP305" folder (RP304, RP305, RP306 were restore points of 15, 16, 17 May 2009), and immediately emptied the Recycle Bin (so to not propagate again the faulty item). I also deleted the "RP305" folder I had in "D:\System Volume Information\_restore{32-char GUID}\RP305".

2) Thanks to "Touch Base", Sun 31 May 2009 12:07:14 GMT:
To take ownership of the System Volume Information folder: http://support.microsoft.com/kb/308421
http://support.microsoft.com/kb/307874
"How to disable simplified sharing and set permissions on a shared folder in Windows XP"

3) Thanks to "JS", Sun 31 May 2009 13:56:17 GMT:
To delete all but the latest restore point:
"Start > All Programs > Accessories > System Tools > Disk Cleanup > More Options> System Restore > Clean up

4) Thanks to "Alan", Sun 31 May 2009 14:51:16 GMT:
http://support.microsoft.com/kb/309531 "How to gain access to the System Volume Information folder",
make sure to read the § "Using CACLS with Windows XP Home Edition Using the NTFS File System"

5) Thanks to "Jim", Sun 31 May 2009 15:05:12 GMT:
the only SID which has any access to the folder is NTAUTHORIT/SYSTEM (i.e. Windows XP)
-> My Reply (Michel Merlin): I don't see that name. Anyway I bring back all folders under MY own property and "Merlin" Username (see §1).

6) Thanks to "Shenan Stanley", Sun 31 May 2009 15:54:43 GMT:
Why not using Disk Cleanup OR turning off System Restore
-> My Reply (Michel Merlin): System Restore NEVER brought me any successful help, so I rarely try to use it. I keep it however (just in case) but don't waste time hesitating before removing a part in it that appears a threat. Yet of course, in the same conservative way, I destroy as little as possible. In decades I never used (unless when forced) the barbare simplistic blind processes MS loves to impose on its so-called "customers" (like "removing all but the most recent restore point" - the only "help" Disk Cleanup is offering in this case).

Again, thanks to *all*.

Versailles, Tue 2 Jun 2009 14:45:10 +0200

----- Parent Thread -----
www.howtofixcomputers.com/forums/windows-xp/c-system-volume-information-access-denied-242379.html
www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windowsxp.general&tid=c11b93f0-afa3-46f0-a083-f041d70ffeb3&p=1

----- Parent Message (links are clickable in OE) -----
From: "Pegasus [MVP]" <news@xxxxxxxxxxxxx>
Newsgroup: news://msnews.microsoft.com/microsoft.public.windowsxp.general
Message: news://msnews.microsoft.com/OfiECbe4JHA.3304@xxxxxxxxxxxxxxxxxxxx
Sent: Sun 31 May 2009 13:56:03 +0200 (11:56:03 GMT)
Subject: Re: C:\System Volume Information - Access is denied

This folder contains the Windows System Restore information and is normally accessible to the System Account only. However, you can seize ownership of it. Click Start / Help then look for help on Ownership if unsure how to do it.


----- Parent Message (links are clickable in OE) -----
From: "Michel Merlin" <michel.merlin@xxxxxxxxxxx>
Newsgroup: news://msnews.microsoft.com/microsoft.public.windowsxp.general
Message: news://msnews.microsoft.com/%23r7UmXe4JHA.5728@xxxxxxxxxxxxxxxxxxxx
Sent: Sun 31 May 2009 13:49:45 +0200 (11:49:45 GMT)
Subject: C:\System Volume Information - Access is denied

My "Security" Suite reports:

C:\System Volume Information\...\RP305\....exe=](Instyler o)=](Instyler Module 11) = Gen:Adware.Heur.4105FAFAFA = Infected (no action was possible, file was in an archive)

So immediately go in Windows Explorer to navigate there and manually remove the threat from the involved Restore Point as I usually do, but this time on clicking "C:\System Volume Information" I am told:

« C:\System Volume Information is not accessible. Access is denied »

What is that? What removed *MY* access to *MY* property?. Please anyone help me recover that basic access (Of course I am logged as an Administrator). TIA,

Versailles, Sun 31 May 2009 13:49:45 +0200
.

Relevant Pages

  • RE: What server hardening are you doing these days?
    ... permissions on their data, and Microsoft encourages ISVs to minimize ... I've been able to discuss ACLs and other security issues in Windows with ... Control or DAC (which is what you're referring to by the "stupid ...
    (Focus-Microsoft)
  • Re: Norton Internet Security has screwed up my system...HELP!!!!!!
    ... I was having problems installing Norton Internet security 2006 ... Internet Explorer and windows media player 10 are completely messed up!!! ... GO TO TOOLS AND THEN FOLDER OPTIONS, THEN GO TO THE VIEW TAB. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Too late for Administrators Password?
    ... if you're going to be messing with permissions then ALWAYS FIRST SET ... folder and click the Security Options folder. ... Next, administrator, you need to have the security tab show when you ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Default everyone group
    ... The everyone full access should only be on the root folder. ... I always change the ntfs permissions on my root folders to ... tightening up security in this regard. ... computers running Windows XP Professional and members of the Windows .NET ...
    (microsoft.public.win2000.security)
  • Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues
    ... In order for Alice to Take Ownership of Bob's private folder she would ... Owner and now Bob no longer has the ability to set permissions on it. ... And Windows does have a umask-like function. ... This article contains a set of attack scenarios to demonstrate security ...
    (Full-Disclosure)
Loading