Unable to create anything but new folders in C

lolcocks · 29 Mar 2017

So I recently clean installed Windows 10 Pro original on my Dell Latitude E6430.
For some reason I am unable to create anything but New Folders in my C Drive.
Below is the error I am getting:

Unable to create anything but new folders in C-untitled.png

Then again I tried to change my user's permission to be able to make changes into the C: drive but I get this error:

Even if I manage to set permission, I get the below error:

Please help, how come this is happening on a clean install on Windows installed not less than 7 days ago.

Thank you.

bro67 · 29 Mar 2017

If a folder is set to Trusted Installer, you cannot change them without doing a little bit if work. If you want to create folder, you have to use the My Documents Folder to put them in there.

What are you trying change folder settings for and what items are you trying to delete?

lolcocks · 30 Mar 2017

bro67 said:

If a folder is set to Trusted Installer, you cannot change them without doing a little bit if work. If you want to create folder, you have to use the My Documents Folder to put them in there.

What are you trying change folder settings for and what items are you trying to delete?

But why did this happen?
I connected my laptop the college's network once, is that what overwrote my settings?

And it's my PC, I want to make a new text document in C, I decide what to do with it.
I am able to do it with my Windows 10 Pro PC at home easily.

bro67 · 30 Mar 2017

lolcocks said:

But why did this happen?
I connected my laptop the college's network once, is that what overwrote my settings?
And it's my PC, I want to make a new text document in C, I decide what to do with it.
I am able to do it with my Windows 10 Pro PC at home easily.

It has always been that way since Windows 8 came out. You may own the computer, but you do not legally own the OS, since you are licensing it to use. Trusted Installer is to keep malware from taking possession of system folders. If you are connecting to your college network and not using a Domain, nothing changed anything.

You can make as many folders as you want under your user folder. You do not need to be making or changing folders and their permission for those folders handled by Windows OS. The same thing is setup with all operating systems. It is to protect the OS from the end user's bad habits.

lolcocks · 30 Mar 2017

bro67 said:

It has always been that way since Windows 8 came out. You may own the computer, but you do not legally own the OS, since you are licensing it to use. Trusted Installer is to keep malware from taking possession of system folders. If you are connecting to your college network and not using a Domain, nothing changed anything.

You can make as many folders as you want under your user folder. You do not need to be making or changing folders and their permission for those folders handled by Windows OS. The same thing is setup with all operating systems. It is to protect the OS from the end user's bad habits.

You didn't answer my question properly.
I said I am able to all this in my home PC but not on my laptop.
Both are using the same edition of Windows.
And I am damn sure what you mentioned is incorrect because I have about 30 laptops in my office and it works fine on all of them.

Why is it only not working on one particular laptop?

Winuser · 30 Mar 2017

bro67 did answer your question. Your trying to save a text file to a protected folder. If you want users to help, you need to change your attitude.

Pyprohly · 30 Mar 2017

Winuser said:

lolcocks said:

You didn't answer my question properly.

bro67 did answer your question.

I read Lolcock’s response and that was the exact same impression I got: the question wasn’t answered properly. “You’re trying to save a file to a protected folder” doesn’t explain anything.

lolcocks said:

Please help, how come this is happening on a clean install on Windows installed not less than 7 days ago.

If we took the same steps you did we’d all get the same error. Just checking now, security on C drive has been this way since Windows 7, and possibly even Vista but not earlier than that because what you’re seeing is an effect of a security feature that was introduced in Vista known as “mandatory integrity levels”.

C drive has a high mandatory integrity label. What this means for users is that we cannot write new files directly to the root of C drive without administrative privileges even if the permissions would allow us to do so with lower access, but the fact that that “privilege is not held” error occurs is a bit of a bug on Explorer’s part: if a higher integrity label is set up a particular way, Explorer may choke and throw that error. Unfortunately it just so happens by coincidence that C drive is set up this way.

You can view a file system object’s integrity level with Icacls.

Code:

C:\Users\Pyprohly>icacls C:\
C:\ NT AUTHORITY\Authenticated Users:(S,AD)
    NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(M)
    NT AUTHORITY\SYSTEM:(OI)(CI)(F)
    BUILTIN\Administrators:(OI)(CI)(F)
    BUILTIN\Users:(OI)(CI)(RX)
    Mandatory Label\High Mandatory Level:(OI)(NP)(IO)(NW)

Successfully processed 1 files; Failed processing 0 files

C:\Users\Pyprohly>

You can also set the integrity label using this tool, but it’s limited and I find Icacls a very unstable tool.

The integrity level can be removed with Chml.

Code:

chml C:\ -rl

But I don’t recommend doing this on a location such as C:\.

Instead of the “Error 0x80070522: A required privilege is not held by the client” error message, this is what Explorer should have said as is the case with most other mandatory integrity label configurations.

Unable to create anything but new folders in C-mil-accessdenied.gif

lolcocks · 30 Mar 2017

Winuser said:

bro67 did answer your question. Your trying to save a text file to a protected folder. If you want users to help, you need to change your attitude.

Huh? Why?
I simply stated a few things, I didn't use any curse words or anything.
Seriously, people on the internet....too fragile.

Anyways, back on topic.

Pyprohly said:

I read Lolcock’s response and that was the exact same impression I got: the question wasn’t answered properly. “You’re trying to save a file to a protected folder” doesn’t explain anything.

If we took the same steps you did we’d all get the same error. Just checking now, security on C drive has been this way since Windows 7, and possibly even Vista but not earlier than that because what you’re seeing is an effect of a security feature that was introduced in Vista known as “mandatory integrity levels”.

C drive has a high mandatory integrity label. What this means for users is that we cannot write new files directly to the root of C drive without administrative privileges even if the permissions would allow us to do so with lower access, but the fact that that “privilege is not held” error occurs is a bit of a bug on Explorer’s part: if a higher integrity label is set up a particular way, Explorer may choke and throw that error. Unfortunately it just so happens by coincidence that C drive is set up this way.

You can view a file system object’s integrity level with Icacls.

Code:

C:\Users\Pyprohly>icacls C:\
C:\ NT AUTHORITY\Authenticated Users:(S,AD)
    NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(M)
    NT AUTHORITY\SYSTEM:(OI)(CI)(F)
    BUILTIN\Administrators:(OI)(CI)(F)
    BUILTIN\Users:(OI)(CI)(RX)
    Mandatory Label\High Mandatory Level:(OI)(NP)(IO)(NW)

Successfully processed 1 files; Failed processing 0 files

C:\Users\Pyprohly>

You can also set the integrity label using this tool, but it’s limited and I find Icacls a very unstable tool.

The integrity level can be removed with Chml.

Code:

chml C:\ -rl

But I don’t recommend doing this on a location such as C:\.

Instead of the “Error 0x80070522: A required privilege is not held by the client” error message, this is what Explorer should have said as is the case with most other mandatory integrity label configurations.

Hmmm, you answer has convinced me a lot and explained a lot of thing but there is still one thing I didn't get.

If this has been around since Windows 7, how come some of the PCs I have used before, if I Right Click on C drive -> New -> I can see the whole list, not just folder.
And these PCs I have used are everyday computers used by average non-geek people. They don't even know how to enable that list by taking permission.

Did the edition of Windows they installed, already come with the security options disabled?

Thank you.

Pyprohly · 30 Mar 2017

lolcocks said:

If this has been around since Windows 7, how come some of the PCs I have used before, if I Right Click on C drive -> New -> I can see the whole list, not just folder.

I explain in depth what determines this populated list in this thread. If your context menu’s New list is populated with file items then your user account must have been given full write permissions to that location. The supposition of “average non-geek” people as a reason for their inability to alter permissions doesn’t negate the possibility that they’ve managed to do so. It’s not too hard.

lolcocks said:

Did the edition of Windows they installed, already come with the security options disabled? 

Absolutely not. All permissions settings start out the same.

lolcocks · 30 Mar 2017

Pyprohly said:

I explain in depth what determines this populated list in this thread. If your context menu’s New list is populated with file items then your user account must have been given full write permissions to that location. The supposition of “average non-geek” people as a reason for their inability to alter permissions doesn’t negate the possibility that they’ve managed to do so. It’s not too hard.

Absolutely not. All permissions settings start out the same.

Thank you so much, this is exactly what I was looking for! :)
+rep