To content | To menu | To search

Saturday 13 February 2010

Modifying the Access Control List to Delete Locked Files

Problem: Windows won't let you remove folders or files because of permission rights


Cannot delete folder. Access is denied

You need permission to perform this action. You require permission from COMPUTER\USER to make changes to this folder

You will need to provide administrator permission to change these attributes

Example: You installed a program that sets special permissions to its directory, and after formatting or reinstalling Windows, that folder now belongs to another user (your old account) which you do not have access to. Windows will block your attempt to rename, move, or delete the files or folders.

Cause: Lost user permission (mismatch SID) from previous Windows installation.
Solution: As an administrator, give yourself or everyone permission to the entire directory.
Use the Unlocker program for other access related problems.

Foreword: In the following instructions, the word "target" means the locked file or folder that you want to reclaim. Bolded all-caps words in the code should be replaced with your own input. Move your mouse over the underdotted words for tooltips. All steps will be done inside the Command Prompt, not Windows Explorer. If you are experienced with the Command Prompt, skip to Step 3.

Step 1: Directory

Start button -> enter cmd in the search box -> Command Prompt should be opened
Go to the folder where the target is stored. If your target is in a different hard drive, type: cd /d DRIVELETTER: Example: if the target is in "D:\Program Files", type cd /d D:\Program Files
Type cd DIRECTORY to change directory. Type dir to see the current directory's contents. Type cd .. to go one directory up.

Step 2: Ownership

If you do not have ownership to the target, type: takeown /f TARGET /r Example: if you are in "Program Files" and you want to give yourself permission to the child folder "cygwin", type takeown /f cygwin /r

Step 3: Permission

Assuming you want to delete the target later, the following code gives all permissions to everyone: icacls TARGET /grant Everyone:(OI)(CI)(F) /t If you want to give only yourself permissions, type: icacls TARGET /grant COMPUTER\USER:(OI)(CI)(F) /t To find out your computer name, type systeminfo. Your user name is same as the Windows login.
You may also set permissions in Windows Explorer by right clicking a file -> Properties option -> Security tab Example: icacls TARGET /grant Everyone:(DE) /t will make that target deleteable.

Step 4: Deletion

You should now be able to do anything with the target from Windows Explorer. If you rather use the Command Prompt for deletion, type rmdir TARGET /s /q for a directory, or del TARGET /f for a file.

Command Prompt: icacls /?

Read this help message for more specific permission settings.
ICACLS name /save aclfile [/T] [/C] [/L] [/Q]
    stores the DACLs for the files and folders that match the name
    into aclfile for later use with /restore. Note that SACLs,
    owner, or integrity labels are not saved.

ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile
                 [/C] [/L] [/Q]
    applies the stored DACLs to files in directory.

ICACLS name /setowner user [/T] [/C] [/L] [/Q]
    changes the owner of all matching names. This option does not
    force a change of ownership; use the takeown.exe utility for
    that purpose.

ICACLS name /findsid Sid [/T] [/C] [/L] [/Q]
    finds all matching names that contain an ACL
    explicitly mentioning Sid.

ICACLS name /verify [/T] [/C] [/L] [/Q]
    finds all files whose ACL is not in canonical form or whose
    lengths are inconsistent with ACE counts.

ICACLS name /reset [/T] [/C] [/L] [/Q]
    replaces ACLs with default inherited ACLs for all matching files.

ICACLS name [/grant[:r] Sid:perm[...]]
       [/deny Sid:perm [...]]
       [/remove[:g|:d]] Sid[...]] [/T] [/C] [/L] [/Q]
       [/setintegritylevel Level:policy[...]]

    /grant[:r] Sid:perm grants the specified user access rights. With :r,
        the permissions replace any previouly granted explicit permissions.
        Without :r, the permissions are added to any previously granted
        explicit permissions.

    /deny Sid:perm explicitly denies the specified user access rights.
        An explicit deny ACE is added for the stated permissions and
        the same permissions in any explicit grant are removed.

    /remove[:[g|d]] Sid removes all occurrences of Sid in the ACL. With
        :g, it removes all occurrences of granted rights to that Sid. With
        :d, it removes all occurrences of denied rights to that Sid.

    /setintegritylevel [(CI)(OI)]Level explicitly adds an integrity
        ACE to all matching files.  The level is to be specified as one
        Inheritance options for the integrity ACE may precede the level
        and are applied only to directories.

        e - enables inheritance
        d - disables inheritance and copy the ACEs
        r - remove all inherited ACEs

    Sids may be in either numerical or friendly name form. If a numerical
    form is given, affix a * to the start of the SID.

    /T indicates that this operation is performed on all matching
        files/directories below the directories specified in the name.

    /C indicates that this operation will continue on all file errors.
        Error messages will still be displayed.

    /L indicates that this operation is performed on a symbolic link
       itself versus its target.

    /Q indicates that icacls should supress success messages.

    ICACLS preserves the canonical ordering of ACE entries:
            Explicit denials
            Explicit grants
            Inherited denials
            Inherited grants

    perm is a permission mask and can be specified in one of two forms:
        a sequence of simple rights:
                N - no access
                F - full access
                M - modify access
                RX - read and execute access
                R - read-only access
                W - write-only access
                D - delete access
        a comma-separated list in parentheses of specific rights:
                DE - delete
                RC - read control
                WDAC - write DAC
                WO - write owner
                S - synchronize
                AS - access system security
                MA - maximum allowed
                GR - generic read
                GW - generic write
                GE - generic execute
                GA - generic all
                RD - read data/list directory
                WD - write data/add file
                AD - append data/add subdirectory
                REA - read extended attributes
                WEA - write extended attributes
                X - execute/traverse
                DC - delete child
                RA - read attributes
                WA - write attributes
        inheritance rights may precede either form and are applied
        only to directories:
                (OI) - object inherit
                (CI) - container inherit
                (IO) - inherit only
                (NP) - don't propagate inherit
                (I) - permission inherited from parent container


        icacls c:\windows\* /save AclFile /T
        - Will save the ACLs for all files under c:\windows
          and its subdirectories to AclFile.

        icacls c:\windows\ /restore AclFile
        - Will restore the Acls for every file within
          AclFile that exists in c:\windows and its subdirectories.

        icacls file /grant Administrator:(D,WDAC)
        - Will grant the user Administrator Delete and Write DAC
          permissions to file.

        icacls file /grant *S-1-1-0:(D,WDAC)
        - Will grant the user defined by sid S-1-1-0 Delete and
          Write DAC permissions to file.
Keywords: Windows 7, Windows Vista, UAC, User Account Control, cacls, cygwin folder, cygwin directory

Wednesday 10 February 2010

jQuery hover event won't fire the first time

Problem: jQuery won't fire when hovered over an element initially.

Example: For a menu with tabs or tooltips that fade in or pop up when a user hovers over, this bug prevents the binded effect from activating when the user hovers over the element for the first time. Such a menu tab would only effect after the user's mouse has entered, left, and entered the element's area again.

Cause: Event bubbling? Multiple nested elements?
Solution: Trigger a hover out event on the element programmatically (instead of by user interaction).
Add the following code after binding the hover function to that element: $('ELEMENT').trigger('mouseout'); The effects-binded element should now fires when mouseovered the first time.

Keywords: JavaScript, onmouseout onmouseover mouseout mouseover mouseenter mouseleave, jQuery won't trigger, jQuery doesn't fire, hover over, the second time
Resources: trigger() function - jQuery API

Saturday 9 May 2009

How to Port Forward and Host Games on

Foreword: Before reading further, note that you cannot host on if you use public Wi-Fi or an unconfigurable modem. These instructions assume that you can add ports to your router.

Problem: People can't join your game on because of your router's firewall

StarCraft Host/Join Error

You were unable to join. The game you have selected is not responding. The latency to the game creator is too high.

Solution: On your main computer, log into your router's intranet page and set its firewall to open ports 6112 to 6119 TCP.

Step 1:  Start button -> Run/Search -> type "cmd" -> Command Prompt is opened, type "ipconfig".
If you are using Mac OS, open the Terminal and type "ifconfig".

C:\Documents and Settings\Admin>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . :
        Subnet Mask . . . . . . . . . . . :
        Default Gateway . . . . . . . . . :

C:\Documents and Settings\Admin>_

Step 2: Your router's webpage address should be the Default Gateway, type those numbers into your browser's address bar, for example: If the address is correct, you may see a login prompt, try these following name/password combinations: admin/admin, admin/(blank), (blank)/(blank), admin/password, admin/1234, admin/123 If the router's webpage does not load or you can't access it, physically pick up your router and look for its model number, then go to this routers list and choose your model. That site's instructions will tell you the proper address, login, and password.

Step 3: After logging in to your router, look for a section that may be called Port Forwarding, or Port Triggering, or Firewall Settings, or NAT Configuration, or Virtual Server, or Security--which are usually located in an Advanced Settings category. This page will usually have a list of 192.168.1.XXX addresses and input boxes for a specific computer, program, protocol, or port number. Your goal is to find a page that looks something like the one below:

Router port forwarding for StarCraft

Step 4: If the page asks for the computer to forward to, select your computer's name if it is there; if it asks for the IP number, use the "IP Address" you previously got from the command prompt. After that, add ports 6112 to 6119 for TCP and then UDP, or just 6112 if your router does not allow port ranges. Click the Save/Submit button in the configuration page and your router will automatically reset.

Conclusion: If there no other conflicts or problems with your network, you now should be able to host games on Otherwise, check your firewall program and allow StarCraft.exe in its filters. Read this thread for more technical resources.

Note: This does not solve the "blank screen" problem on the game list as it is inherent with

Resources: LAN Configuration Tutorial
Keywords: StarCraft, SC, Brood War, BW, SCBW, Diablo II, D2, Lord of Destruction, LoD, WarCraft III, WC, WC2, WC3, Reign of Chaos, RoC, Frozen Throne, TFT, no one can join, nobody can join, how do I host, can't host games on battlenet, can't make games on, can't create game on bnet, cannot make games, cannot host games, cannot create games, how to host games, how to create games, how to make games lobby, latency too high, lag, help

Wednesday 25 February 2009

Verify Gandi Blog for Google Webmaster

Problem: GandiBlog does not allow metadata editing nor root directory file uploading

Traduction Française?

We couldn't find the verification meta tag

We've detected that your verification file returns a status of 404 (Not found) in the header.

Verification failed. Your verification TXT record record was not found.

Solution: Use Google's DNS TXT record method OR forward the domain you own directly to an HTML file that has the verification tag.

DNS Record Method

Français: -> Domaines -> Gérer les zones -> Ajouter un enregistrement -> Type: TXT, TTL: 1 heures, Nom: blanc!, Valeur: google-site-verification: Abc123 -> Valider -> Valider les changements

Step 1: Log into and go to your domain's control panel; in the DNS section, click Manage your zone file; the page will show a list of records, click the Add an entry button below the list.

Step 2: Add a Record: for Type choose TXT, for TTL choose 1 hour (less would update the DNS faster), for Name leave it blank!, for Value copy and paste the record Google gave you (google-site-verification: Abc123), then click submit; when you are back in the records list, you must click Submit changes to confirm the change.

Step 3: Wait about an hour then go to the Google Webmaster page to do the verification by DNS method. If you entered everything correctly and waited long enough, the verification should pass.

Example of the resulting line in the Zone File: @ 3600 IN TXT google-site-verification: TI7mWwUKAMHSSLhoN7w6b4oEcyGnaSbrylS7e7iv

Alternate Redirection Method

If the DNS method did not or cannot work, try this method instead:
Step 1:  Right click and save this file verify.html, open it with a text editor and then paste the meta tag Google gave you, for example:
<!-- Insert Google's verification meta tag below this line -->
<meta name="verify-v1" content="EXAMPLEmiEv5ubIU2L98oAMIajLAtI2t/Oe9Riacri5xo=" />
<!-- Insert Google's verification meta tag above this line -->
Step 2:  Go to your blog's Dashboard -> Media manager and upload your verify.html
Step 3:  Go to -> Manage tab -> Technical Settings section -> Web section -> Gandi Blog: Active Update and rename your Gandi blog's address from to Then go to Forwarding: active Update and add or change the domain/subdomain you want to verify so that they point to your tempblog's verify.html
Example Result:
Blog of
The blog's address       Status  Active - Web forwarding
Subdomain            Type               Destination Address  Direct (permanent)   Direct (permanent)       Direct (permanent)
Step 4:  Wait for Gandi to update the addresses; it may take 1-3 hours for the DNS to change. Each Google verification tag is unique to that domain, so after you finish verifying, add or to Google Webmaster Dashboard and get another tag. Copy this new tag over the old tag in your verify.html, reupload it, and ask Google to verify that domain.

Conclusion:  You only need to verify once, so reforward your blog and domains back to its former addresses after it is all done. You can now submit a sitemap.txt without Google's "current-directory restriction".

Resources: Google Webmaster Help
Keywords: Add a DNS record, Domain Name System, google-site-verification, non validé, validation, Nous avons constaté que l'en-tête de votre fichier de vérification renvoie un code d'état 404 (Introuvable)

Monday 10 November 2008

Invalid Character Error during Red Alert 3 Installation

Problem: Can't install EA games because of an invalid character.


The folder path 'Command _Conquer?RedAlert?3' contains an invalid character.

Cannot install to the specified path. Either you have specified an invalid or non-existent drive, or a directory name within the given path contains one or more of the following characters:
/ : * ? " < > | ;

Cause: Careless EA developers  AppLocale conflict with the Microsoft Installer (MSI).
Solution: Uninstall AppLocale by going to the Control Panel, open the Add or Remove Programs wizard, and scroll to Microsoft AppLocale and choose Remove. If you do not want to uninstall AppLocale, follow the instructions below.

Step 1: Download Unlocker (This is a very useful program for when you can't delete/move/rename a file because it's being used by another process. Unlocker will sever the link between the target file or folder from the process that's using it.)

Step 2: After thoroughly installing Unlocker, go to C:\WINDOWS and right click on the folder AppPatch, choose Unlocker from the context menu. Unlocker will then show a list of processes using AppLocale, click the button Unlock All.

Step 3: Install the EA game as usual. If the error shows up again, unlock the AppPatch folder again.

Unlock AppLocale for Red Alert 3 Installation

Command & Conquer(tm) Red Alert(tm) 3 Setup Wizard ended prematurely because of an error. Your system has not been modified. To install this program at a later time, run Setup Wizard again.

Note: If the EA installer immediately gives the error when it starts then follow these instructions:
Step 1: Start -> Run -> type in regedit
Step 2: Registry Editor should be opened, go to the folder tree:
HKEY_LOCAL_MACHINE\SOFTWARE\Electronic Arts\Electronic Arts
and delete the folder Red Alert 3. The installer should behave like the first time it ever ran.

Sidenote: If you came to this page with the 19 characters CD key problem, go to EA's site or simply guess the 20th alphanumeric digit yourself.

Program Mirrors: AppLocale, Unlocker
Keywords: C&C, C&C3, C&C4, Tiberium Wars, Tiberian Twilight, NFS, Need for Speed, Spore, SimCity, Sims, download apploc.msi, 19 char, registration, serial, The folder path 'Command _Conquer?Red Alert?3 Uprising' contains an invalid character

Windows Runs Out of Resources

Problem: (Windows XP) Can't start programs even though there are current running ones. Menus, buttons, Start button, and other GUI elements disappear.

Error: No error message.
Cause: Window's desktop heap size is too low and Windows run out of resources (too many open windows)
Solution: Increase the desktop heap size

Step 1:  Start -> Run -> "regedit" -> Registry Editor should be opened, go to the folder tree:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems
Step 2:  On the right panel of the Registry Editor, there should be a key called Windows (REG_EXPAND_SZ), double click it -> replace everything in Value data with:
%SystemRoot%\system32\csrss.exe ObjectDirectory=\WindowsSharedSection=1024,8192,512 Windows=On SubSystemType=WindowsServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=OffMaxRequestThreads=16 or in the SharedSection=1024,3072,512 part, change the value 3072 to 8192 -> OK and restart for it to take effect.

Keywords: buttons disappear, blank menu, can't start programs, can't run programs, cannot start programs, cannot run programs, programs won't start, programs won't run, programs won't open