6 days of recovery – day 6: Recovering security permissions after restoring data on a new hard drive
Okay, I’ve now got the Windows system drive (C:) back up and running and using my trusty backup I have restored all my data onto the new data drive (A Seagate 1TB 7200RPM 32MB cache – nice and fast). However, I now had a security problem: all my old file permissions were now incorrect, and in the directory and file properties windows on the security tab I was getting “Account Unknown”:
The problem was that although my user name was the same in the new Windows install, the unique Security ID (SID) used by my old Windows install was different from the unique Security ID created by the new Windows install. This makes sense because the ID is a unique identifier (and is probably created based on the current time in milliseconds and lots of other things).
BTW, It’s possible to copy-and-paste that long numeric SID rather than trying to type it out. From the file security property dialog box above click on the “Advanced” button, and then double-click on the “Account Unknown” in the “Permission entries” pane. Then, you can copy the long numeric SID from the “Name” text box.
My first approach was just to remove all the “Account Unknown” entries completely with the iacls command but I got a VERY frustrating message:
D:\>icacls * /remove *S-1-5-21-671368754-1592612355-3076361259-1000 /T Successfully processed 0 files; Failed processing 0 files
I tried about 50 different variations and got absolutely nowhere, which turned out to be very fortunate because I discovered that it’s possible to simply REPLACE the OLD broken SID with the working new one! Phew. A little Microsoft tool called subinacl.exe did the trick very nicely. It requires installation (?!) and doesn’t put itself onto the path (which is good I guess) and after reading the help and trying a few different things I got it to work like this:
"c:\Program Files (x86)\Windows Resource Kits\Tools\subinacl.exe" /subdirectories d:\ /replace=S-1-5-21-671368754-1592612355-3076361259-1000=robert
So it took a little while to solve the problem but it worked! It’s also the ONLY Microsoft Vista command line tool I’ve ever seen that actually had a “fancy” little GUI:
The red is a little scary (because I assumed something bad had happened), but it was fine and my new HDD with all my data had all the security backed up correctly, and I didn’t have to muck around trying to remember and manually reset folder permissions. Very elegant, although it took me about an hour to figure this out!