Takeown - DOS/Command Prompt Reference
[Windows Vista or later] Sets the owner of the file to the current user.
Syntax
takeown[.exe] [/S <remote-system> [/U <user-name> [/P [<password>]]]]
/F <file-name> [/A] [/R [/D <prompt>]]
| /S <remote-system> | Specifies the name of the computer (local/remote) to manipulate files or directories that are shared over the network. <remote-system> will be the IP address or hostname. |
| /U <user-name> [/P [<password>]] |
Specifies the login name and password when providing a computer name. You can specify a domain name in <user-name> (in the form of ‘domain\username’). If omitted, the user who executed this command will be used. On ‘/P [<password>]’, if the entire ‘/P [<password>]’ is omitted, no password is set. If only ‘/P’ is specified (and ‘<password>’ is omitted), prompting the user to enter the password will occur (the entered password will be displayed as ‘*’ in the prompt). * The user specified here is strictly for connecting to <remote-system>. The user obtaining ownership with Takeown will be the "current user" regardless of this option. |
| /F <file-name> |
Specifies the file or directory name for which you want to change the owner. <file-name> will be the path (if /S option is used, the path must be ‘share-name\path’). You can use wildcards, using only ‘*’ (‘?’ is not allowed). Note that the option name ‘/F’ cannot be omitted; it must be specified in the form of ‘/F <file-name>’. Additionally, it cannot be specified multiple times. (To target multiple files, use wildcards or execute separate commands for each.) |
| /A | Changes the owner to the ‘Administrators’ group instead of the current user. This operation requires administrator privileges (elevation through UAC is also necessary). |
| /R | When specifying a directory name with the /F option (or when the directory is included), the files within that directory will also be subject to ownership change (recursively). |
| /D <prompt> | When specified with the /R option, Takeown pre-determines whether to attempt permission changes if the ‘List Folder’ permission is not present for the target directory. <prompt> will be either ‘Y’ (to change permissions) or ‘N’ (to skip recursive processing without changing permissions). Note that changing permissions may result in the original user losing access, so please proceed with caution. |
Details
Takeown sets the owner (ownership) of the specified file or directory to the user based on the current session. To change the owner, you need to have the ‘Take Ownership’ permission for that file. However, if you are a user with administrator privileges (UAC elevated), you can ignore permissions and make the changes.
Once ownership is changed, it becomes possible to rewrite security permissions even if you don't have access rights. Therefore, Takeown can be used for purposes such as recovering inaccessible files or directories.
Ownership changes can also be performed using the Icacls command in addition to Takeown. However, while Takeown cannot specify a user, it can rewrite permissions as needed and recursively change ownership. Note that rewriting permissions typically results in rewriting to ‘Full Control for the target user only’, which may lead to the original user losing access.
Samples
Sample 1
takeown /F hoge.txt icacls hoge.txt /grant %USERNAME%:F
Transfers ownership of ‘hoge.txt’ to the current user and sets Full Control access rights. Since permissions can be changed if ownership could be changed, this command assigns permissions by using Icacls.
* The invocation of Takeown in this case can be replaced with Icacls.
Sample 2
runas /user:Hana "takeown /F note.txt"
Transfers ownership of ‘note.txt’ in the current directory to the user ‘Hana’. Due to using Runas to execute Takeown, you will be prompted to enter the password for ‘Hana’.
Sample 3
takeown /F C:\Users\UnknownUser /A /R /D Y
Sets the ownership of the ‘C:\Users\UnknownUser’ directory and all its files to the administrator group and changes permissions as needed. Since ‘C:\Users’ is a directory that holds data for each user, ‘C:\Users\UnknownUser’ represents the directory for the user ‘UnknownUser’. Therefore, executing this command would result in migrating all data for ‘UnknownUser’ to the administrator, making it impossible for ‘UnknownUser’ to log in. Therefore, the execution of such a command should be limited to cases involving data recovery, and similar situations.