Is it a Virus?
✔ NO - Safe
Must reside in C:\Windows\System32\takeown.exe (or C:\Windows\SysWOW64\takeown.exe on some 64-bit systems) and be digitally signed by Microsoft.
Warning
Changes ownership and ACLs
Misuse can grant or revoke access in ways that affect security. Use in controlled admin tasks only.
Can I Disable?
✔ YES
Takeown is a built-in Windows tool. If you won't use it, simply avoid running it; it will not run automatically.
What is takeown.exe?
takeown.exe is a Windows command-line utility that enables administrators to take ownership of files or folders when access is restricted. By acquiring ownership, you can apply new permissions and recover access after ACL issues, migrations, or inherited permission problems. It is a core part of Windows security tooling.
Takeown operates by altering the ACLs of the target object to set ownership to the requested user or administrator group, typically using switches like /F, /A, /R, and /D. It is commonly used in recovery and remediation scenarios where standard permissions blocks block access.
Quick Fact: Takeown has been available since early Windows NT lineage and remains a staple for permission recovery in Windows environments.
Types of Takeown Operations
- Command-Line Utility: Executed from an elevated Command Prompt or PowerShell to change ownership.
- Ownership Change: Grants ownership to the current user or Administrators group.
- Recursive Application: With /R it can apply ownership changes to all files within a directory tree.
Is takeown.exe Safe?
Yes, takeown.exe is safe when located in C:\Windows\System32 (or SysWOW64 on 64-bit systems) and digitally signed by Microsoft.
Is takeown.exe a Virus or Malware?
The legitimate takeown.exe is NOT a virus. Malware may mimic names; always verify location and signature.
How to Tell if takeown.exe is Legitimate or Malware
- File Location: Must be in
C:\Windows\System32\takeown.exe or C:\Windows\SysWOW64\takeown.exe. Any takeown.exe outside these paths warrants suspicion.
- Digital Signature: Right-click takeown.exe in File Explorer > Properties > Digital Signatures. Should show a Microsoft-signed certificate.
- Version and Publisher: Check the file version and publisher in the Details tab; it should reflect Microsoft Corporation.
- Resource Usage During Run: Normal usage is minimal; unusually high CPU/memory during idle or in background is suspicious and warrants scan.
Red Flags: If takeown.exe appears in folders outside Windows system directories (e.g., C:\Users, AppData, Temp), runs without user action, has no digital signature, or uses excessive resources constantly, scan with Windows Defender or another AV.
Why Is takeown.exe Running on My PC?
takeown.exe runs when an administrator or a management script explicitly requests ownership changes. It does not run in the background by default unless invoked by a task or script.
Reasons it's running:
- Active Permission Remediation: An admin action to reclaim file or folder ownership to modify permissions and grant access.
- Migration or Data Transfer: During migration projects, ownership is reassigned to proper accounts for continued access.
- Security Audits or Forensics: Scripts may use takeown to prepare datasets for audit by ensuring ownership is clearly assigned.
- Recovery from Locked Resources: If a resource is locked by ACLs, takeown can help reassign ownership to enable repairs.
- Administrative Automation: Automated deployment or maintenance tasks may include takeown to standardize permissions across targets.
Can I Disable or Remove takeown.exe?
Yes, you can avoid using takeown.exe. It is a built-in Windows tool and cannot be uninstalled independently. Do not call it from scripts if not needed.
How to Stop takeown.exe
- Close the Prompt: If a Command Prompt or PowerShell window is running takeown, simply close the window.
- Terminate Running Instances: In Task Manager, find any process invoking takeown and end it; this will stop ongoing ownership changes.
- Review Scheduled Tasks: Open Task Scheduler and disable any tasks that call takeown as part of their actions.
- Disable Related Scripts: Edit or remove scripts that automatically invoke takeown for permission remediation.
- Policy Controls: If needed, implement role-based access controls to prevent non-admin users from triggering ownership changes.
How to Stop Using or Minimally Impact Takeown
- ✔ Takeown is a Windows utility and cannot be uninstalled separately; avoid invoking it in scripts and tasks.
- ✔ For permission remediation, use alternative methods like ICACLS or PowerShell cmdlets (Get-Acl/Set-Acl) if appropriate.
- ✔ Ensure your IT policy documents when and how ownership changes are performed.
Common Problems: Takeown Fails or Permissions
If takeown.exe returns errors or behaves unexpectedly, review access, path accuracy, and administrative context.
Common Causes & Solutions
- Not running with Administrator privileges: Run Command Prompt as Administrator and retry: takeown /F "C:\Path\To\File" /A /R /D Y
- Invalid or inaccessible target path: Double-check path existence and ensure correct quoting: takeown /F "C:\Path\To\Folder"
- Target is on a read-only or protected volume: Modify attributes or run from a writable snapshot; ensure the file system allows ACL changes
- Incorrect usage of switches: Review usage: takeown /F <path> [/A] [/R] [/D Y]; avoid malformed command lines
- Conflict with antivirus or EDR: Temporarily pause real-time protection or whitelist takeown during remediation tasks
- Long path or special characters: Use short path names (8.3) or enable long paths support in Windows features when applicable
Quick Fixes:
1. Open an elevated Command Prompt
2. Run: takeown /F "C:\Path\To\Target" /A /R /D Y
3. If needed, follow with: icacls "C:\Path\To\Target" /grant Administrators:F /T
4. Verify ownership via: cacls or Get-Acl in PowerShell
5. Test access by attempting to modify the target file/folder
Frequently Asked Questions
Is takeown.exe a virus?
No. takeown.exe is a legitimate Windows tool used to reclaim ownership of files and folders. Ensure it is located at C:\Windows\System32\takeown.exe and has a Microsoft signature.
What does takeown.exe do?
takeown.exe changes the owner of a file or directory to the current user or Administrators, enabling permission changes when access is blocked by ACLs.
How do I use takeown to own a file?
Open an elevated CMD and run: takeown /F "C:\Path\To\File" /A; add /R for recursive targeting and /D Y to default to yes.
Can I take ownership of a folder recursively?
Yes. Use the /R switch to apply ownership changes to all files and subfolders within a directory (e.g., takeown /F "C:\Path" /R /A).
What should I do if I get Access Denied even as admin?
Verify path correctness, run from an elevated prompt, ensure the file system allows changes, and consider using icacls to grant ownership or modify ACLs as needed.
Where is takeown.exe located in Windows?
Takeown.exe is located in C:\Windows\System32\takeown.exe (and in some 64-bit systems, C:\Windows\SysWOW64\takeown.exe).