14 reasons why File permissions don’t work in Windows 10 (and how to fix it)

Short answer: most permission failures are either caused by wrong ownership, inherited or explicit Deny ACLs, or external controls (UAC, antivirus, OneDrive, domain policies). If File permissions don’t work in Windows 10, this guide shows the 14 most common causes and step-by-step fixes so you can regain access safely.

This problem happens when Access Control Lists (ACLs), ownership, or external protections prevent the account you’re using from reading or modifying files. In this article you’ll learn how to identify the exact cause, fix permissions using both GUI and command-line tools (takeown, icacls), check inheritance and Effective Access, deal with encryption and sync services, and recover from ACL corruption.

Key Takeaway

Most access problems are fixed by taking ownership and resetting ACLs — use Right‑click → Properties → Security → Advanced → Change owner, or run takeown /f “C:\path” /r /d Y followed by icacls “C:\path” /reset /T /C — but always back up ACLs first and investigate inheritance, Deny entries, encryption, or third-party blockers before mass resets.

Quick Fix Guide

Quick Fix Guide

Reason for the Problem	Quick Solution
1. Not running elevated (UAC)	Re-run action as Administrator: Right‑click → Run as administrator.
2. Wrong file/folder owner	Change owner: Properties → Security → Advanced → Change or takeown.
3. Inherited permissions override	Disable or adjust inheritance in Advanced Security Settings.
4. Explicit “Deny” ACE present	Remove the Deny entry in Advanced Security.
5. EFS encryption (Encrypting File System)	Decrypt with the original user’s certificate or export the key.
6. Read‑only / System attributes	Remove attributes: attrib -r -s “C:\path\file”.
7. Corrupted ACLs / NTFS errors	Reset ACLs with icacls /reset and run sfc /scannow.
8. Share vs NTFS permission mismatch	Adjust both Share permissions and NTFS permissions.
9. Effective permissions / group membership	Use Effective Access tab and whoami /groups to verify.
10. Different domain / SID mismatch	Rejoin domain or replace unknown SIDs with proper accounts.
11. OneDrive or sync locks the file	Pause sync or remove file from sync temporarily.
12. Antivirus / Ransomware protections	Temporarily disable or whitelist folder; turn off Controlled Folder Access if needed.
13. Disk / file system errors	Run chkdsk /f and check SMART; repair before changing permissions.
14. Group Policy / AppLocker restrictions	Check GPOs (use gpresult /h report.html) and consult domain admin.

Detailed Fixes for “File permissions don’t work in Windows 10”

1. Not running elevated (UAC)

Why it causes the problem:

• Windows UAC restricts administrative actions even if you’re in an admin group. Some permission changes need an elevated process.

Fix (GUI):

1. Right‑click the program (File Explorer or command prompt shortcut).
2. Choose Run as administrator.
3. Retry the action (copy, modify, reset ACLs).

Fix (Command line):

• Open elevated Command Prompt: press Start, type cmd, right‑click Command Prompt → Run as administrator.

Tip: If a GUI shows “Access denied,” retry as elevated user first before more invasive fixes.

---

2. Wrong file/folder owner

Why:

• Only the owner (or SYSTEM/Administrators) can change permissions. If the owner is another user or an unknown SID, you can’t modify ACLs.

Fix (GUI):

1. Right‑click folder → Properties → Security → Advanced.
2. Click Change next to Owner.
3. Enter your user account or Administrators, click Check Names, then OK.
4. Optionally check Replace owner on subcontainers and objects and click Apply.

Fix (Command line):

• Take ownership recursively:
  • takeown /f “C:\path\to\folder” /r /d Y
  • Then grant full control to Administrators: icacls “C:\path\to\folder” /grant Administrators:F /t

Note: Use caution when changing ownership on system folders.

---

3. Inherited permissions override your changes

Why:

• Child object permissions can be inherited from parent; changes to a file can be overwritten by inheritance.

Fix:

1. Right‑click folder → Properties → Security → Advanced.
2. Under Permissions, click Disable inheritance.
3. Choose Convert inherited permissions into explicit permissions or Remove all inherited permissions depending on need.
4. Edit explicit entries as required.

Tip: Use Effective Access tab to test how a user’s permissions are derived.

---

4. Explicit “Deny” ACE present

Why:

• A single Deny Access Control Entry (ACE) overrides Allow entries and prevents access.

Fix:

1. Right‑click → Properties → Security → Advanced.
2. Locate entries with Deny in the Type column.
3. Select the Deny entry and click Remove (or edit to change the principal).
4. Click OK and test access.

Warning: Be careful removing Deny entries applied by security policies.

---

5. EFS (Encrypting File System) encryption

Why:

• Files encrypted with EFS are tied to the encryption certificate; other accounts cannot read them.

Check:

• Right‑click file → Properties → General → Advanced; see Encrypt contents to secure data checked.

Fix:

1. Log in as the original user who encrypted the file.
2. Decrypt: Right‑click → Properties → Advanced → uncheck Encrypt contents.
3. If original user is gone, try certificate/key recovery (from backup or EFS recovery agent) — otherwise data may be unrecoverable.

Tip: Export EFS certificates from certmgr.msc (Personal → Certificates) for backup.

---

6. Read‑only or System attributes blocking edits

Why:

• File attributes like Read‑only or System can prevent modifications.

Fix (Command line):

• Remove attributes: attrib -r -s “C:\path\file”
• Then attempt changes again.

Fix (GUI):

• Right‑click file → Properties → uncheck Read-only and click OK.

---

7. Corrupted ACLs / NTFS permission corruption

Why:

• File system errors, abrupt shutdowns, or misapplied scripts can corrupt ACLs.

Fix:

1. Backup current ACLs: icacls “C:\path” /save ACLbackup /t
2. Reset ACLs:
   • icacls “C:\path” /reset /T /C
3. Run system file check:
   • Open elevated command prompt: sfc /scannow
4. If problems persist, run chkdsk /f (may need reboot).

Tip: Use the saved ACL file to restore with icacls /restore ACLbackup.

---

8. Share permissions vs NTFS permissions mismatch

Why:

• Network share permissions and NTFS permissions combine; the most restrictive applies.

Fix:

1. On the host PC: Open Server Manager or File Explorer, right‑click shared folder → Properties → Sharing → Advanced Sharing → Permissions.
2. Set Share permissions (e.g., Everyone: Full Control) for troubleshooting.
3. Then set NTFS permissions on the Security tab to allow the desired access.
4. Ensure both allow the user the needed access level.

Tip: For simplicity, give share permissions to Everyone: Full Control while managing access via NTFS.

---

9. Effective permissions / group membership confusion

Why:

• Access can be granted via nested groups; you may think you lack rights when another group gives them.

Fix:

1. Right‑click file → Properties → Security → Advanced → Effective Access.
2. Click Select a user and enter the account to compute effective permissions.
3. Check group membership: open elevated command prompt, run whoami /groups.

Tip: Use Local Users and Groups or Active Directory Users and Computers to inspect group membership.

---

10. Different domain / SID mismatch

Why:

• Files owned by a domain user (or user from another domain) may appear as unknown SIDs after domain changes or when moving disks.

Fix:

1. If machine changed domain/workgroup, rejoin the original domain or recreate the account and reassign ownership.
2. Replace unknown SIDs with real accounts:
   • Take ownership: takeown /f “C:\path” /r /d Y
   • Reset ACLs: icacls “C:\path” /reset /T /C

Note: For domain environments, consult your domain admin before reassigning ownership.

---

11. OneDrive or other sync services locking the file

Why:

• Sync clients can lock files or maintain copies that prevent local permission changes.

Fix:

1. Pause sync: click OneDrive icon → Pause syncing (2 hours).
2. Move the file out of the synced folder, change permissions, then move it back.
3. Alternatively, disable OneDrive sync for that folder in OneDrive Settings → Account → Choose folders.

Tip: Exit the sync client temporarily if changes still fail.

---

12. Antivirus or Windows Defender blocking access

Why:

• Real‑time protection, ransomware protection, or third‑party antivirus can prevent modifications.

Fix:

1. Open Windows Security → Virus & threat protection → Manage ransomware protection.
2. If Controlled folder access is on, click Controlled folder access → Off (or add the app to allowed apps).
3. Temporarily disable third‑party antivirus and retest (re-enable after testing).

Warning: Only disable protection briefly and ensure files are backed up.

---

13. Disk / file system errors

Why:

• Corrupt sectors or file system errors can make ACLs unreadable and block access.

Fix:

1. Open elevated command prompt.
2. Schedule chkdsk: chkdsk C: /f /r (you may be prompted to schedule at next boot).
3. Reboot and let chkdsk complete.
4. Re-run sfc /scannow if problems persist.

Tip: Check SMART with a disk tool if chkdsk reports bad sectors.

---

14. Group Policy or AppLocker restrictions

Why:

• Domain or local Group Policies can enforce permissions or AppLocker rules that block files or folder access.

Fix:

1. On affected PC, produce a Group Policy report: open elevated command prompt and run gpresult /h gp-report.html, then open the HTML report.
2. Review applied policies for security settings that touch file or folder permissions.
3. Contact domain admin to modify the GPO if necessary.

Note: Local policies can be edited with gpedit.msc (if present); be cautious changing domain-applied settings.

Additional section: Backing up, auditing, and safe mass‑permission changes

Why this helps:

• Resetting many ACLs can break service accounts and system behavior. Back up current ACLs and audit before changes.

Steps:

1. Backup ACLs: icacls “C:\path” /save ACLbackup /t
2. Audit changes: enable auditing via Local Security Policy → Advanced Audit Policy Configuration → Object Access and set auditing on the folder (Security → Advanced → Auditing).
3. To restore ACLs: icacls /restore ACLbackup
4. For a safe reset of a user folder:
   • Take ownership of files only within your profile, not system folders.
   • Reset: icacls “%userprofile%” /reset /T /C

Tip: Create a System Restore point or full backup before performing large recursive ACL changes.

FAQ

How can I tell which account currently owns a file?

Open file Properties → Security → Advanced; the Owner is listed at the top. Alternatively, run icacls “C:\path\file” to see owner and ACLs.

Can I recover files if EFS keys are lost?

If EFS certificates/keys are lost and you don’t have a recovery agent or backup, encrypted data is generally unrecoverable. Always export your EFS certificate from certmgr.msc as a backup.

How do I safely reset permissions on many files without breaking the system?

Back up ACLs with icacls /save, restrict resets to user data (not C:\Windows or Program Files), and test on a small folder first using icacls “C:\test” /reset /T /C.

How to check what is blocking access in real time?

Use Process Explorer (from Sysinternals) to search for handles or DLLs locking files via Find → Find Handle or DLL…. For access denials, check the Event Viewer → Windows Logs → Security after enabling auditing.

When should I contact IT or a domain admin?

If the file belongs to another domain user, a GPO enforces permissions, or you’re on a corporate-managed PC — involve IT to avoid policy conflicts or security issues.

Conclusion

Permission failures are almost always resolvable by identifying whether the blocker is ownership, ACL entries (especially Deny and inheritance), encryption, sync/antivirus software, or file system errors, and then applying the appropriate fix. If File permissions don’t work in Windows 10, start with ownership and an icacls reset while backing up ACLs and checking for external controls like EFS, OneDrive, and Group Policy.