The Root Cause
Windows security is based on:
- SIDs (Security Identifiers), not usernames
So:
- Same username โ same identity
- Files copied across machines retain original ownership
๐ The Fix Strategy
We perform 3 operations:
- Take ownership (
takeown) - Modify ACL (
icacls) - Delete (
Remove-Item)
๐งพ Script
$folder = "Z:\backups\_Windows_delete\bcastdvr" $user = "$env:COMPUTERNAME\$env:USERNAME" takeown /f $folder /r /d y icacls $folder /grant "$user:(F)" /t /c Remove-Item $folder -Recurse -Force
๐ฌ Command Breakdown
takeown
- Reassigns ownership recursively
icacls
- Modifies ACL (Access Control List)
(F)= Full control
Remove-Item
- PowerShell-native recursive delete
โ ๏ธ PowerShell vs CMD Gotcha
CMDPowerShell%username%$env:USERNAME
๐งช When This Fails
- Network drives (permissions external)
- Read-only media
- System-protected folders
๐ก Takeaway
Understanding Windows ACLs is critical when:
- Working with backups
- Moving files across environments
- Debugging permission issues