Solved

NTFS file permission propogation error

Posted on 2002-07-18
5
369 Views
Last Modified: 2013-12-28
NT4.0sp6a.  Starting with default NTFS permissions I'm trying to apply file/directory permission changes to reach a security baseline.  I tell it Administrators = Full Control then part way through applying the changes I get a pop-up box saying "Unable to save permission changes on Server (C:), the parameter is incorrect. [Retry][Cancel]"  When I look I see that some of the subdirectories changed, some didn't, can't tell where it got interrupted.  Nothing in the event log.  This also happens propogating System, Authenticated User, etc.  Server used to be an Exchange server but mailboxes have been moved and services stopped.  Server is currently a PDC.  I'm prepared to rebuild, but if I get a quick enough answer I'll pass a security inspection  :)
Any ideas?
0
Comment
Question by:joel_a
  • 2
5 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 7163259
I would rebuild it. Just make sure yoi promote a BDC to a PDC and do a domain synch beforehand.
Trying to fix this will take forever otherwise, since Exchange may do all sorts of weird things with permissions.

The only other thing you might try is XACLS or similar in the NT resource kit.
It has an option to restore Default ACLs.

I hope this helps !
0
 
LVL 63

Accepted Solution

by:
SysExpert earned 100 total points
ID: 7163262
Whoops, it is FIXACLS
--------------------
See the last part of this explanation regarding remote use of FIXACL :

                  This tool resets the NTFS file and folder permissions of system files for Windows NT Server or  Windows NT Workstation to their default values.

                  When system permissions have been lost, FIXACLS can restore default permissions to the system files.
                  For example, the Windows NT convert command only converts your file system to NTFS. It does not set
                  the default permissions after the conversion. FIXACLS fills this gap.

                  To use FIXACLS, your user account needs "Backup files and folders" privileges on the computer where
                  the files and folders are stored, and you must be logged on as a member of the Administrators group
                  for the domain or computer where your user account is defined. Otherwise, "Access denied" error
                  messages may occur.

                  FIXACLS sets the permissions to the values defined in %SYSTEMROOT%\INF\PERMS.INF. Therefore,
                  access to this file is also required to run FIXACLS.

                  Although FIXACLS is primarily a GUI utility, it can be run from the command prompt with the /q (quiet)
                  switch. This switch allows the tool to run in a script, or on a remote machine via a utility such as Remote
                  Console, REMOTE.EXE, or RSH.EXE. Note that if the /q switch is used, no messages are displayed
                  regardless of failure or success. FIXACLS has no other command-line switches.

                  For more information

                  For more details on how to use FIXACLS:

  Overview of Windows NT Resource Kit Tools version 4.00.03 © Microsoft Corporation 1985 - 1997
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
extended monitor print screen 8 50
Audit active directory trust relationships 2 27
Server 2016 can't install roles 3 35
psched 3 18
Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question