Why am I getting "Access denied" when I have effective read permission?
I can't read a particular file, even though as far as I can tell I have read rights on it. Here is what "Effective Access" shows:
Here is what Get-Acl is giving me.
PS ...> Get-Acl .\HelloWorld.java | Format-List
Path : Microsoft.PowerShell.Core\FileSystem::I:\...\HelloWorld.java
Owner : ...\Admin
Group : G:S-1-5-21-4281937098-1570975092-1098596674-513
Access : ...\Admin Allow FullControl
Audit :
Sddl : O:S-1-5-21-3073128669-2165567304-4059943147-1001G:S-1-5-21-4281937098-1570975092-1098596674-513D:PAI(A;;FA;;;S-1-5-21-3073128669-2165567304-4059943147-1001)
When I try to open it in Notepad, or even just copy it from command-line, I get an error:
I:\...>copy HelloWorld.java C:\HelloWorld.java
Access is denied.
0 file(s) copied.
I:\...>more HelloWorld.java
Cannot access file I:\...\HelloWorld.java
I'm logged in as Admin, and also the cmd.exe shell is elevated (right clicked and did "Run as administrator").
Note that it wasn't originally SDDL_PROTECTED, but I added that (via Windows GUI) in an attempt to make sure that there wasn't something being inherited that was confusing access. Then I added an ACE to give Admin full control. The drive was formerly a system disk for a Win7 machine, but I'm trying to read it on a Win10 machine.
When the protections are OK, 2 other problems can occur
- path too long: some apps don't like it (but you get file not found rather than access denied): workaround: mount a drive in a lower level using
substand access from here - file is open in write mode by another program/service.
- file is encrypted using windows built-in encryption. In that case, it works OK on the original computer, but when you mount the disk somewhere else, you get "access denied" even if the permissions are OK
The chances are: it is option 3 since you switched computers.