For my work I have two desktops and a laptop I always bring with me, and despite all the online synchronization tools out there (SkyDrive, FolderShare, Groove, Mesh etc…) I’m used to SyncToy to keep my important files and folders updated across the three machines; The same is true for my backup .pst files: the laptop is my main machine, I usually make my changes and archives there and then copy the pst on the other two machines.
But since Vista (and now also with Windows 2008) when I copy the new file and then try to load the data file in Outlook, I always get an access denied error:
Clearly a permission issue and running Outlook with elevated privileges resolves the problem; but explicitly granting Full Control to my account (by the way, I’m member of the Administrators group), taking ownership of the file etc… is not enough, I was still unable to open the file (and I don’t want to run Outlook as Administrator). After many attempts as a last resource I tried to create through Outlook a new empty pst file with the same name of my archive one, and then I overridden it the file I was desperately trying to open and… magic… it worked! ?
Apparently from the UI everything was fine, so I gave the command line a try; here’s what icacls shows for the the working (pst) and non working (pst.bad) archive folder and files:
See the difference? ?
New Integrity Levels and Mandatory Labels in Vista/Win2008
To make a long story short, the behavior is due to the new Integrity Mechanism first introduced in Vista (see Windows Vista Integrity Level Technical Reference):
The Windows integrity mechanism is a core component of the Windows security architecture that restricts the access permissions of applications that are running under the same user account and that are less trustworthy.
The Windows Vista® integrity mechanism extends the security architecture of the operating system by assigning an integrity level to application processes and securable objects.
Appendix B: icacls and file integrity levels has some more details, and also the article Internet Explorer 7 no longer works after you move the contents of the Temporary Internet Files folder to another folder on a Windows Vista-based computer suggests an interesting solution:
icacls folder_path /setintegritylevel L
Actually on my machine I set integrity level to “M” (medium instead of low), and now I have my archive back in Outlook! ?
I wasted a lot of time and bumped my head on the desk because of this problem, hope at least saves some time to others…
Carlo
Quote of the day:
Coming home from very lonely places, all of us go a little mad: whether from great personal success, or just an all-night drive, we are the sole survivors of a world no one else has ever seen. – John le Carre