Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 135
  • Last Modified:

Windows 2000 drive/folder security

I rebooted our Windows 2000 Advanced Server machine and got a bsod with the inaccessable_boot_device message.  I was able to get into the recovery console and  run chkdsk /r and after that it booted up just fine.  This pc has a webserver and terminal server running on it.  We use it to do some data entry on our in house software and the webserver uses odbc to connect to the backend and run some queries and display reports.  The hard drive is partitioned.  The webserver and system files sit on the c drive and our software sits on the d drive.  Anyway, after I ran chkdsk on the c drive it screwed up some security settings.  The d drive hasn't been affected.  Now when someone tries to log into the server via TS (they're in the users group) they get an access denied error.  If I log in as the administrator I have no problem.  If I add the user to the administrator group they can get in just fine.  When someone tries to load a webpage from the server they get a login screen that pops up.  You have to login as the administrator before you can view the webpage.  I noticed that the security on the c drive and several folders in that drive only has the administrator in it.  Several of the folders in the c drive I could probably configure the security on but the majority I wouldn't know what to set for some of the folders.  Especially the windows folder.  Is there a way I can set it back to default (prior to bsod) or am I stuck using trial and error to get the correct settings back.
0
tnkrtrn
Asked:
tnkrtrn
  • 3
  • 2
  • 2
1 Solution
 
f_umarCommented:
give read & execute permissions to local user group domain users group should be a member of your local  user group.

full control for local administrator group domain administrators should be a member of local administrator group.

give these permissions in security tab of your c drive then reset these permissions to  all child objects in advanced.

cheers!!
0
 
tnkrtrnAuthor Commented:
What about SYSTEM?
0
 
f_umarCommented:
give full control to system.
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
tnkrtrnAuthor Commented:
Well I set it up and still am getting errors with the webserver.  The actual pages sit in c:\web and there's only a couple of pages.  Although it does use a ms acces db to check the user/pass.  That file sits in c:\web\data.  Should I assign this folder special security settings.
0
 
f_umarCommented:
set the permissions in iiis for the web site contents along with ntfs permisssions.


0
 
andyswarbsCommented:
run sysinternals.com ntfilmon nd regmon and watch the process of a user logging on.  If there is an access denied then the error should show up in one of these logs.

You know it makes sense!
0
 
andyswarbsCommented:
also add a tricky user to admin group - and check they are ok.  It could be something else!
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now