Solved

NTFS file permission propogation error

Posted on 2002-07-18
5
365 Views
Last Modified: 2013-12-28
NT4.0sp6a.  Starting with default NTFS permissions I'm trying to apply file/directory permission changes to reach a security baseline.  I tell it Administrators = Full Control then part way through applying the changes I get a pop-up box saying "Unable to save permission changes on Server (C:), the parameter is incorrect. [Retry][Cancel]"  When I look I see that some of the subdirectories changed, some didn't, can't tell where it got interrupted.  Nothing in the event log.  This also happens propogating System, Authenticated User, etc.  Server used to be an Exchange server but mailboxes have been moved and services stopped.  Server is currently a PDC.  I'm prepared to rebuild, but if I get a quick enough answer I'll pass a security inspection  :)
Any ideas?
0
Comment
Question by:joel_a
  • 2
5 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 7163259
I would rebuild it. Just make sure yoi promote a BDC to a PDC and do a domain synch beforehand.
Trying to fix this will take forever otherwise, since Exchange may do all sorts of weird things with permissions.

The only other thing you might try is XACLS or similar in the NT resource kit.
It has an option to restore Default ACLs.

I hope this helps !
0
 
LVL 63

Accepted Solution

by:
SysExpert earned 100 total points
ID: 7163262
Whoops, it is FIXACLS
--------------------
See the last part of this explanation regarding remote use of FIXACL :

                  This tool resets the NTFS file and folder permissions of system files for Windows NT Server or  Windows NT Workstation to their default values.

                  When system permissions have been lost, FIXACLS can restore default permissions to the system files.
                  For example, the Windows NT convert command only converts your file system to NTFS. It does not set
                  the default permissions after the conversion. FIXACLS fills this gap.

                  To use FIXACLS, your user account needs "Backup files and folders" privileges on the computer where
                  the files and folders are stored, and you must be logged on as a member of the Administrators group
                  for the domain or computer where your user account is defined. Otherwise, "Access denied" error
                  messages may occur.

                  FIXACLS sets the permissions to the values defined in %SYSTEMROOT%\INF\PERMS.INF. Therefore,
                  access to this file is also required to run FIXACLS.

                  Although FIXACLS is primarily a GUI utility, it can be run from the command prompt with the /q (quiet)
                  switch. This switch allows the tool to run in a script, or on a remote machine via a utility such as Remote
                  Console, REMOTE.EXE, or RSH.EXE. Note that if the /q switch is used, no messages are displayed
                  regardless of failure or success. FIXACLS has no other command-line switches.

                  For more information

                  For more details on how to use FIXACLS:

  Overview of Windows NT Resource Kit Tools version 4.00.03 © Microsoft Corporation 1985 - 1997
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now