Bypass NTFS restrictions using FileZilla (or other FTP program)

The following pop-up messages will appear in Windows Explorer when trying to view folders as an Administrator when the Administrator does not actually have access permission or ownership of the folders:

“You don’t currently have permission to access this folder”

Click Continue to permanently get access to this folder.

“You have been denied permission to access this folder”

To gain access to this folder you will need to use the security tab.

This is not a detailed tutorial/analysis of this problem but just a quick suggestion that should theoretically work with ANY Windows version (but was only tested on Windows Server 2008 R2). If you find yourself in this position, taking ownership of folders through the folder properties -> security tab may be extremely tedious and unnecessary. Instead, it may be helpful to use a program running under the local SYSTEM service account to quickly get access to everything.

As an example, redirected “My Documents” folders for Active Directory users will not be accessible, even by Domain Administrators, unless you change the user password and then log in as that specific user OR go through the trouble of taking ownership of every directory and subdirectory for the given user.

If you have hundreds of users and do not want to make any permanent changes, there is an easy way to browse and modify these directories.

1. Install FileZilla server (or any other file browsing program which can be accessed over a network but run as a SYSTEM service) on the computer that has the NTFS-restricted files.

2. Create a user in FileZilla server that has FULL permissions to the directories you desire to browse/modify. (Edit -> Users -> Shared Folders in FileZilla Server interface).

3. Connect to localhost (or remote host if the files you want to view are on a different computer) using an FTP client, such as FileZilla FTP Client

4. Since FileZilla Server should be running under the SYSTEM account (confirm this in Task Manager or under Services.msc from the Start Menu search/run box with Start->services.msc ) FTP users will be able to access and manipulate folders as though they too are SYSTEM.

This is particularly useful because Active Directory user folders will generally give full access to the SYSTEM account even when the Domain Admins group is restricted.

Related links: