Strange problem with System Volume Information folder

[John John - MVP]

I'll take your word for it! If there is such a situation, it would be
something that happened prior to cause it.

As I said, it is an infrequent thing, and as you said there is no
information about it on the Microsoft site. When viruses are in the
picture who knows what kind of damages or bugs might be at play. I also
think that playing about renaming your computer and user accounts might
sometimes cause glitches, perhaps things like using the old computer
name for your user account might cause glitches to happen, just a guess.

I think the OP is following the instructions for cacls literally by
typing in "User Name" which will generate the reported error.

Quite possible, he said that he tried it with the current user name, but
certainly if you type in an invalid User Name the command will fail and
return the exact error message! I'm sure that most of the time that is
the problem but I know that in the past we have seen users who appear to
be quite competent and they report that the command fails with the error
message.

I created my copy/paste cacls instructions to apply to general
audiences under normal circumstance where folks are compelled to
access SVI, and reduce the chances of any misinterpretation, mistakes
or subsequent messaging, which seems to have happened.

I also include/suggest instructions on how to undo the change when
they are done.

In my opinion the Cacls command is by all means the easiest way to gain
access to the SVI folder, especially if you are using XP Home which
requires you to reboot to safe-mode to do it in an alternate manner.

John

 

[SergioQ]

The calcs is not working because you need a proper example of how to
use it.

The cacls command does not "sometimes fail" - it fails when you don't
type it in right.  It works when you do type it in right.  There is
nothing to try.  There is no problem to get around.  There is no KB to
read.  There is no might be, could be...

First off, please no bickering over what should and . No need. Just
trying to get help here.

A - Of course I did the OFF, REBOOT, ON...thing.
B - The GUI example was the first thing I tried, and it was already
set that way (don't hide, show all, etc.) Made no difference, did not
work
C - Been around long enough, the DOS years, and know enough jsut to
be dangerous. So yes, I knew to replace the username with my login
name. Even went so far as to check that it was the only user account
in existence, which it was. Still CALCS did not work.

And I want to be able to get this done just because these commands
should work, according to the posts. If they're not, something's up
(and this machine has been wacky for ever since I upgraded to SP3).
I'd start WIndows from scratch, but seriously the whole reinstalling
my 50+ legal programs (not counting the ones I don't know if I could
find the sub keys) won't let me bother.

So does anyone have any other ideas as to how I can get into that
folder? Whether my nose should be there or not doesn't matter. If I
follow instructions and that should grant me access...then I'd like to
see that happen.

THanks

 

[John John - MVP]

First off, please no bickering over what should and . No need. Just
trying to get help here.

A - Of course I did the OFF, REBOOT, ON...thing.
B - The GUI example was the first thing I tried, and it was already
set that way (don't hide, show all, etc.) Made no difference, did not
work
C - Been around long enough, the DOS years, and know enough jsut to
be dangerous. So yes, I knew to replace the username with my login
name. Even went so far as to check that it was the only user account
in existence, which it was. Still CALCS did not work.

And I want to be able to get this done just because these commands
should work, according to the posts. If they're not, something's up
(and this machine has been wacky for ever since I upgraded to SP3).
I'd start WIndows from scratch, but seriously the whole reinstalling
my 50+ legal programs (not counting the ones I don't know if I could
find the sub keys) won't let me bother.

So does anyone have any other ideas as to how I can get into that
folder? Whether my nose should be there or not doesn't matter. If I
follow instructions and that should grant me access...then I'd like to
see that happen.

You could try the CACLS command with your user group instead of your
User Name, that is grant your group access to the folder, for example,
if you are a member of the Administrators group try:

cacls "C:\System Volume Information" /e /g Administrators:f

You can also use the Everyone group:

cacls "C:\System Volume Information" /e /g Everyone:f

I don't know for sure if this is going to work but easy enough to try!

Another idea, maybe your AV/security tools are preventing you from
making changes to the folder?

John

 

[SergioQ]

cacls "C:\System Volume Information" /e /g Administrators:f

Bingo!

 

[SergioQ]

cacls "C:\System Volume Information" /e /g Administrators:f

Well BINGO and THANKS.

Now I ponder keepng SR OFF. If I use Norton Ghost, why not? Not
sure if I will eliminate some potential viruses that target that
area? I don't know. Yes, NAV autoprotect caught it, but
still.....all skitish here.

Thanks again


p.s. I shoul dhave asked this first... what's the normal setting for
that folder, so I can reset it to what it should be?

 

[John John - MVP]

Well BINGO and THANKS.

Now I ponder keepng SR OFF. If I use Norton Ghost, why not? Not
sure if I will eliminate some potential viruses that target that
area? I don't know. Yes, NAV autoprotect caught it, but
still.....all skitish here.

I wouldn't keep it off, SR and Ghost have different purposes. It is a
bit of a troubling fact that viruses can hide in restore points but as
long as you don't restore the particular point where the virus is hiding
it can't do any harm. I know that this is small comfort and I know that
I too would have some concerns if I ever found a virus in the folder,
even if the virus is harmless in there it is nonetheless not something
that anyone likes to see. In these cases simply disabling System
Restore will purge the folder and take care of the problem, new restore
points will be created when you re-enable System Restore.

System Restore is only meant to be used for 'recent' changes, in most
cases it isn't advisable to restore back more than a few days or a week.
It's quite useful when you screw something up and you realize it right
away, that way you can immediately restore to a recent point. New
restore points are easily and quickly created, that makes system restore
a very useful tool when you install or upgrade software or 'experiment'
with small things, if things go wrong System Restore can quickly return
your system to its previous state. By contrast creating a clone or
image can take quite a bit more time than creating a restore point and
restoring an image can be considerably more cumbersome. They each have
their use, System Restore cannot replace backups and drive imaging but
for smaller day to day things it can be very handy at times!

p.s. I shoul dhave asked this first... what's the normal setting for
that folder, so I can reset it to what it should be?

To undo what you did and revoke the permissions:

cacls "c:\System Volume Information" /E /R administrators


By default the System Account has full control on the folder:

cacls "c:\System Volume Information"

should return:

c:\System Volume Information NT AUTHORITY\SYSTEMOI)(CI)F

John

 

[Bill in Co.]

Well BINGO and THANKS.

Now I ponder keepng SR OFF. If I use Norton Ghost, why not?

Because it can be handy to have, on some occasions. As just one example:
suppose you hadn't made a Ghost backup recently, and something went wrong;
you could use System Restore to get you back, instead of falling back to an
old and dated Ghost image. (But obviously the best tool to have is a
recent backup image or clone).

 

[Jose]

Well BINGO and THANKS.

Now I ponder keepng SR OFF.   If I use Norton Ghost, why not?  Not
sure if I will eliminate some potential viruses that target that
area?  I don't know.  Yes, NAV autoprotect caught it, but
still.....all skitish here.

Thanks again

p.s.  I shoul dhave asked this first... what's the normal setting for
that folder, so I can reset it to what it should be?

Good for you!

I provided an "undo" command previously using the Jose user - you can
use that with Administrators.

When you tried using your user name and it fails, what is the error
message from cacls (hopefully something besides "it doesn't work")? I
can then understand why it was not working (it still makes no sense to
me) and update my notes if needed.

Some people leave SR turned off because they feel it takes up too much
space on their HDD, but that can be managed if it is understood. SR
is there for a reason, so circumventing built in methods to help
protect your system is up to you.

I have SR turned on but have never used it for anything except for
testing to make sure it works. I would also never suggest it to
resolve an issue, but you might need parts of it someday for more
elusive problems.

 

[SergioQ]

When you tried using your user name and it fails, what is the error
message from cacls (hopefully something besides "it doesn't work")?  I
can then understand why it was not working (it still makes no sense to
me) and update my notes if needed.

I definitely posted it here, but obviously just one line can be buried
in text, more than glad to go find it.....one sec...

Ok, here it is. When I run the command using my USERNAME instead of
the groups Administrators, cacls returns:

"No mapping between account names and security IDs was done"

Hope that helps, and would be curious to know myself as it was.

THanks for everyone's advice and help.

Sergio

 

[John John - MVP]

I definitely posted it here, but obviously just one line can be buried
in text, more than glad to go find it.....one sec...

Ok, here it is. When I run the command using my USERNAME instead of
the groups Administrators, cacls returns:

"No mapping between account names and security IDs was done"

Hope that helps, and would be curious to know myself as it was.

THanks for everyone's advice and help.

Maybe something is wrong with the folder, I wonder what would happen if
you were to delete/rename the folder and let Windows recreate a new one
when you reboot.

You can grant yourself permission to the folder again and then just
rename it and reboot. Upon rebooting Windows will create a new System
Volume Information and assign it the default permissions, you can then
try the cacls command again on the newly created folder. Renaming or
deleting this folder is harmless, Windows simply creates a new one when
you reboot.

Are you using a localized (non-English) XP version?

John

 

[SergioQ]

Are you using a localized (non-English) XP version?

Just regular o;' made in the US of A, never been right since the
update to SP3, English, getting tired of this but will never "switch",
Windows XP

 

[Jose]

Just regular o;' made in the US of A, never been right since the
update to SP3, English, getting tired of this but will never "switch",
Windows XP

I don't know either...

I can only reproduce that message by typing in commands incorrectly
and am no longer interested in pursuing it until it happens again, but
will make note of it.