Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

NTFS file permission propogation error

Posted on 2002-07-18
5
Medium Priority
?
384 Views
Last Modified: 2013-12-28
NT4.0sp6a.  Starting with default NTFS permissions I'm trying to apply file/directory permission changes to reach a security baseline.  I tell it Administrators = Full Control then part way through applying the changes I get a pop-up box saying "Unable to save permission changes on Server (C:), the parameter is incorrect. [Retry][Cancel]"  When I look I see that some of the subdirectories changed, some didn't, can't tell where it got interrupted.  Nothing in the event log.  This also happens propogating System, Authenticated User, etc.  Server used to be an Exchange server but mailboxes have been moved and services stopped.  Server is currently a PDC.  I'm prepared to rebuild, but if I get a quick enough answer I'll pass a security inspection  :)
Any ideas?
0
Comment
Question by:joel_a
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 7163259
I would rebuild it. Just make sure yoi promote a BDC to a PDC and do a domain synch beforehand.
Trying to fix this will take forever otherwise, since Exchange may do all sorts of weird things with permissions.

The only other thing you might try is XACLS or similar in the NT resource kit.
It has an option to restore Default ACLs.

I hope this helps !
0
 
LVL 63

Accepted Solution

by:
SysExpert earned 400 total points
ID: 7163262
Whoops, it is FIXACLS
--------------------
See the last part of this explanation regarding remote use of FIXACL :

                  This tool resets the NTFS file and folder permissions of system files for Windows NT Server or  Windows NT Workstation to their default values.

                  When system permissions have been lost, FIXACLS can restore default permissions to the system files.
                  For example, the Windows NT convert command only converts your file system to NTFS. It does not set
                  the default permissions after the conversion. FIXACLS fills this gap.

                  To use FIXACLS, your user account needs "Backup files and folders" privileges on the computer where
                  the files and folders are stored, and you must be logged on as a member of the Administrators group
                  for the domain or computer where your user account is defined. Otherwise, "Access denied" error
                  messages may occur.

                  FIXACLS sets the permissions to the values defined in %SYSTEMROOT%\INF\PERMS.INF. Therefore,
                  access to this file is also required to run FIXACLS.

                  Although FIXACLS is primarily a GUI utility, it can be run from the command prompt with the /q (quiet)
                  switch. This switch allows the tool to run in a script, or on a remote machine via a utility such as Remote
                  Console, REMOTE.EXE, or RSH.EXE. Note that if the /q switch is used, no messages are displayed
                  regardless of failure or success. FIXACLS has no other command-line switches.

                  For more information

                  For more details on how to use FIXACLS:

  Overview of Windows NT Resource Kit Tools version 4.00.03 © Microsoft Corporation 1985 - 1997
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configuring Remote Assistance for use with SCCM
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question