Inaccessible "foreign" user profile
How do I retrieve the user profile (that is,
My Documents, My Pictures and other stuff stored in
"Documents and Settings") from the hard drive that came from the
another (typically unbootable) Windows installation? Looks like the
directory is here, but the system does not allow access to that data.
The filesystem on the drive is NTFS.
As this question became somewhat common, we decided it would be nice to
address it with a little how-to. In fact, no heavyweight data recovery is needed
in such a case. You just need to reset the permissions, which does not
require any special tools.
There are some limitations of the procedure:
- If you can login and retrieve data on the original Windows installation,
you should do so. Messing up the permissions will cause problems logging in
on the original machine when the drive is plugged back.
- You need to be logged on with the administrative rights
- Windows XP Home does not allow to adjust security settings (at least
without some trickery), so you need Windows 2000 (any edition), Windows XP
Professional or Windows 2003 (any edition).
- This technique will not work if data is encrypted (using the native NTFS
encryption). It is usually not encrypted, but protected with the filesystem
- Some data (like saved passwords) cannot be retrieved this way (but all
the files can).
1. Attempting to access the user profile will result in the "Access
Denied" message, as shown below (for the purpose of this example, we used
Cookies directory, the rest of the profile was already accessible; the procedure
applies to the first directory you cannot go into)
2. Right click the directory in question, select "Properties". In the
dialog appeared, switch to the "Security" tab. You will probably get a warning
message similar to the one below in the meanwhile. Disregard it.
You should arrive at something like that - note the list is empty. In fact,
there are permissions applied, but you cannot see these because you
have no right to.
3. In the "Security" tab as displayed above, click "Advanced". The
"Advanced Security Settings" dialog will appear. Switch to the "Owner" tab and
you arrive at something similar to a sample below. Note it says "Unable to
display current owner" due to the fact you have insufficient rights to see it.
Being a system administrator, you can replace an owner (forcibly take ownership
of the object) but the security policy design does not allow even you to see who
the original owner was.
In the above window, make sure "Replace owner on subcontainers and objects"
is checked, select "Administrator" account as a new owner of the object ("Change
owner to" field), and you're all set. Click OK.
4. During the process you will be prompted to enforce permissions
allowing you a "Full Control" type of access to objects, like this.
Answer "Yes" with no remorse.
5. Once the security information is applied, the directory should
become normally accessible. You may then copy data to the other location
and/or adjust permissions if required. Note that there might be a slight delay -
the folder may still appear inaccessible while the permissions change propagates
throughout the system. In our tests, this period is typically about five seconds