Solved

NTFS file permission propogation error

Posted on 2002-07-18
5
368 Views
Last Modified: 2013-12-28
NT4.0sp6a.  Starting with default NTFS permissions I'm trying to apply file/directory permission changes to reach a security baseline.  I tell it Administrators = Full Control then part way through applying the changes I get a pop-up box saying "Unable to save permission changes on Server (C:), the parameter is incorrect. [Retry][Cancel]"  When I look I see that some of the subdirectories changed, some didn't, can't tell where it got interrupted.  Nothing in the event log.  This also happens propogating System, Authenticated User, etc.  Server used to be an Exchange server but mailboxes have been moved and services stopped.  Server is currently a PDC.  I'm prepared to rebuild, but if I get a quick enough answer I'll pass a security inspection  :)
Any ideas?
0
Comment
Question by:joel_a
  • 2
5 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 7163259
I would rebuild it. Just make sure yoi promote a BDC to a PDC and do a domain synch beforehand.
Trying to fix this will take forever otherwise, since Exchange may do all sorts of weird things with permissions.

The only other thing you might try is XACLS or similar in the NT resource kit.
It has an option to restore Default ACLs.

I hope this helps !
0
 
LVL 63

Accepted Solution

by:
SysExpert earned 100 total points
ID: 7163262
Whoops, it is FIXACLS
--------------------
See the last part of this explanation regarding remote use of FIXACL :

                  This tool resets the NTFS file and folder permissions of system files for Windows NT Server or  Windows NT Workstation to their default values.

                  When system permissions have been lost, FIXACLS can restore default permissions to the system files.
                  For example, the Windows NT convert command only converts your file system to NTFS. It does not set
                  the default permissions after the conversion. FIXACLS fills this gap.

                  To use FIXACLS, your user account needs "Backup files and folders" privileges on the computer where
                  the files and folders are stored, and you must be logged on as a member of the Administrators group
                  for the domain or computer where your user account is defined. Otherwise, "Access denied" error
                  messages may occur.

                  FIXACLS sets the permissions to the values defined in %SYSTEMROOT%\INF\PERMS.INF. Therefore,
                  access to this file is also required to run FIXACLS.

                  Although FIXACLS is primarily a GUI utility, it can be run from the command prompt with the /q (quiet)
                  switch. This switch allows the tool to run in a script, or on a remote machine via a utility such as Remote
                  Console, REMOTE.EXE, or RSH.EXE. Note that if the /q switch is used, no messages are displayed
                  regardless of failure or success. FIXACLS has no other command-line switches.

                  For more information

                  For more details on how to use FIXACLS:

  Overview of Windows NT Resource Kit Tools version 4.00.03 © Microsoft Corporation 1985 - 1997
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question