Fix a Folder with a Corrupt Security Descriptor

HOWTO: Fix a folder with a corrupt security descriptor

By Joshua T. Hogle

Applies To

• Windows 2000 Professional
• Windows 2000 Server
• Windows 2000 Advanced Server
• Windows XP Professional

Description

Sometimes you may run across a file or folder that cannot be deleted even from an administrator account with full privileges. If you attempt to view permissions on the file, you may see a warning stating that you can only view the security information. Upon trying to reset the security settings, you receive an Access is denied message or a message that the security descriptor is corrupt.

Solution

While the cause of this problem is unclear, there are several steps you can take to correct it.

1. Go to the parent folder for the item, right-click it, and choose Properties.
2. Click Security.
3. Make sure Allow inheritable permissions from parent... is NOT checked. If it is checked, uncheck it. Upon doing so, choose to Remove permissions from the object and keep only the object's explicit permissions.
4. Click Advanced.
5. Click the Owner tab and select Administrators in the Change owner to list box. Check Replace owner on subcontainers and objects.
6. Click back to the Permissions tab.
7. Click Add and then double-click Everyone.
8. Check every box under the Allow column and click OK.
9. Click Reset permissions on all child objects and enable propagation....
10. Click OK. When prompted, confirm that you wish to remove explicit permissions and replace them by clicking Yes.
11. Click OK after the permissions have been fixed.

You should now be able to remove the folder and/or file.