[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 390
  • Last Modified:

NTFS file permission propogation error

NT4.0sp6a.  Starting with default NTFS permissions I'm trying to apply file/directory permission changes to reach a security baseline.  I tell it Administrators = Full Control then part way through applying the changes I get a pop-up box saying "Unable to save permission changes on Server (C:), the parameter is incorrect. [Retry][Cancel]"  When I look I see that some of the subdirectories changed, some didn't, can't tell where it got interrupted.  Nothing in the event log.  This also happens propogating System, Authenticated User, etc.  Server used to be an Exchange server but mailboxes have been moved and services stopped.  Server is currently a PDC.  I'm prepared to rebuild, but if I get a quick enough answer I'll pass a security inspection  :)
Any ideas?
0
joel_a
Asked:
joel_a
  • 2
1 Solution
 
SysExpertCommented:
I would rebuild it. Just make sure yoi promote a BDC to a PDC and do a domain synch beforehand.
Trying to fix this will take forever otherwise, since Exchange may do all sorts of weird things with permissions.

The only other thing you might try is XACLS or similar in the NT resource kit.
It has an option to restore Default ACLs.

I hope this helps !
0
 
SysExpertCommented:
Whoops, it is FIXACLS
--------------------
See the last part of this explanation regarding remote use of FIXACL :

                  This tool resets the NTFS file and folder permissions of system files for Windows NT Server or  Windows NT Workstation to their default values.

                  When system permissions have been lost, FIXACLS can restore default permissions to the system files.
                  For example, the Windows NT convert command only converts your file system to NTFS. It does not set
                  the default permissions after the conversion. FIXACLS fills this gap.

                  To use FIXACLS, your user account needs "Backup files and folders" privileges on the computer where
                  the files and folders are stored, and you must be logged on as a member of the Administrators group
                  for the domain or computer where your user account is defined. Otherwise, "Access denied" error
                  messages may occur.

                  FIXACLS sets the permissions to the values defined in %SYSTEMROOT%\INF\PERMS.INF. Therefore,
                  access to this file is also required to run FIXACLS.

                  Although FIXACLS is primarily a GUI utility, it can be run from the command prompt with the /q (quiet)
                  switch. This switch allows the tool to run in a script, or on a remote machine via a utility such as Remote
                  Console, REMOTE.EXE, or RSH.EXE. Note that if the /q switch is used, no messages are displayed
                  regardless of failure or success. FIXACLS has no other command-line switches.

                  For more information

                  For more details on how to use FIXACLS:

  Overview of Windows NT Resource Kit Tools version 4.00.03 © Microsoft Corporation 1985 - 1997
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now