Home \ Articles \ Inaccessible "foreign" user profile

Inaccessible "foreign" user profile

ZAR has been discontinued
After about twenty years, I felt ZAR can no longer be updated to match the modern requirements, and I decided to retire it.

ZAR is replaced by Klennet Recovery, my new general-purpose DIY data recovery software.

If you are looking specifically for recovery of image files (like JPEG, CR2, and NEF), take a look at Klennet Carver, a separate video and photo recovery software.
The problem
How do I retrieve the user profile (that is, My Documents, My Pictures and other stuff stored in "Documents and Settings") from the hard drive that came from the another (typically unbootable) Windows installation? Looks like the directory is here, but the system does not allow access to that data. The filesystem on the drive is NTFS.

As this question became somewhat common, we decided it would be nice to address it with a little how-to. In fact, no heavyweight data recovery is needed in such a case. You just need to reset the permissions, which does not require any special tools.

There are some limitations of the procedure:

  • If you can login and retrieve data on the original Windows installation, you should do so. Messing up the permissions will cause problems logging in on the original machine when the drive is plugged back.
  • You need to be logged on with the administrative rights
  • Windows XP Home does not allow to adjust security settings (at least without some trickery), so you need Windows 2000 (any edition), Windows XP Professional or Windows 2003 (any edition).
  • This technique will not work if data is encrypted (using the native NTFS encryption). It is usually not encrypted, but protected with the filesystem permissions.
  • Some data (like saved passwords) cannot be retrieved this way (but all the files can).

1. Attempting to access the user profile will result in the "Access Denied" message, as shown below (for the purpose of this example, we used Cookies directory, the rest of the profile was already accessible; the procedure applies to the first directory you cannot go into)

.Access is denied message when trying to access the user profile

2. Right click the directory in question, select "Properties". In the dialog appeared, switch to the "Security" tab. You will probably get a warning message similar to the one below in the meanwhile. Disregard it.

Warning message about insufficient permissions when accessing the user profile

You should arrive at something like that - note the list is empty. In fact, there are permissions applied,  but you cannot see these because you have no right to.

NTFS file (or directory) security settings dialog

3. In the "Security" tab as displayed above, click "Advanced". The "Advanced Security Settings" dialog will appear. Switch to the "Owner" tab and you arrive at something similar to a sample below. Note it says "Unable to display current owner" due to the fact you have insufficient rights to see it. Being a system administrator, you can replace an owner (forcibly take ownership of the object) but the security policy design does not allow even you to see who the original owner was.

NTFS advanced security settings dialog

In the above window, make sure "Replace owner on subcontainers and objects" is checked, select "Administrator" account as a new owner of the object ("Change owner to" field), and you're all set. Click OK.

4. During the process you will be prompted to enforce permissions allowing you a "Full Control" type of access to objects, like this.

NTFS permissions automatic override prompt

Answer "Yes" with no remorse.

5. Once the security information is applied, the directory should become normally accessible. You may then copy data to the other location and/or adjust permissions if required. Note that there might be a slight delay - the folder may still appear inaccessible while the permissions change propagates throughout the system. In our tests, this period is typically about five seconds long.

Copyright © 2001 - 2024 Alexey V. Gubin.