?
Solved

dumb noob mistake - permissions on C drive changed and can't log on at all W2k3 Server

Posted on 2007-03-27
7
Medium Priority
?
177 Views
Last Modified: 2010-04-20
Ok. I can hear everyone yelling at me already. =(
We're going thru an Security Readiness Review and have been checking and configure servers we have on the network to make sure they're all compliant. I've been remotely logging on servers and manually checking and updating it. On one of the servers one of the "security alerts" that came up were improper ACLs to the C drive and it's sub folders. There were instructions on how to 'securely' set the permissions. So I went and changed it. Except I don't think I did it right. I'm not sure but I either may have accidentally messed up SYSTEM access or had not set Administrators access properly (although I swear I thought I did). And soon after I was unable to look inside the C drive or access any of the files. When I rightclicked the file and looked at the properites, the Security Tab disappeared. I went to the Start menu and tried to pull up Administrative Tools, but when I hover over it, it also comes up empty.
Then I did the major mistake. I told one of the other admins the problem and he suggested I try to log on using a local acct. I had reservations of logging off because I was afraid something bad might happen and I may not be able to access the Server.  But I did. I logged off. And tried to log back on (remotely). It failed. Went upstairs to the server and tried to directly log on the server, but it wouldn't come up with the username/pw prompt (it only came up with the CTRL+ALT+DELETE window and would keep jumping back to it).
Tried to manage it and it still wouldn't give me access. So now the server is basically unaccessible. Most likely because the system folders as well as everything else on the C drive is unaccessible. Short of taking the server down and reimaging it, is there anything I can do to set this right?
0
Comment
Question by:ThinkPaper
7 Comments
 
LVL 1

Expert Comment

by:Iateacricket
ID: 18803721
Not sure what services you're running, but if you're running exchange the exadmin account should be able to get in. If you borked the local, you should still be able to get in with a user that has domain admin access. Or I misread everything. :/
0
 
LVL 70

Accepted Solution

by:
KCTS earned 1200 total points
ID: 18804059
If you have managed to remove permissions such to the extent that you can't even log in in safe mode then it looks like you are stuffed. Looks like a rebuild is on the cards.
0
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 800 total points
ID: 18804107
ThinkPaper ,

not sure of the chances here but if you are running SP2 you can now use xacls from the recov console to reset permissions.....

Regards,

James
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 19

Expert Comment

by:Andrew Davis
ID: 18804154
as this is a server and dependant on how long you can afford to have it down (ussually not long) it sounds like its time to suck it up and ring microsoft support.
0
 
LVL 16

Author Comment

by:ThinkPaper
ID: 18808601
well, luckily the server isn't critical and isn't being used for any day-to-day things.. so i guess the answer is just reimaging it. >_<
0
 
LVL 16

Author Comment

by:ThinkPaper
ID: 18811038
well.. ended up reimaging it. a real careless mistake on my part. well.. i'll chalk it up to some onsite education.. O_O;
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18812907
as long as you can take the positive!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article covers five tools all IT professionals should know about, as they up productivity by a great deal!
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question