ThinkPaper
asked on
dumb noob mistake - permissions on C drive changed and can't log on at all W2k3 Server
Ok. I can hear everyone yelling at me already. =(
We're going thru an Security Readiness Review and have been checking and configure servers we have on the network to make sure they're all compliant. I've been remotely logging on servers and manually checking and updating it. On one of the servers one of the "security alerts" that came up were improper ACLs to the C drive and it's sub folders. There were instructions on how to 'securely' set the permissions. So I went and changed it. Except I don't think I did it right. I'm not sure but I either may have accidentally messed up SYSTEM access or had not set Administrators access properly (although I swear I thought I did). And soon after I was unable to look inside the C drive or access any of the files. When I rightclicked the file and looked at the properites, the Security Tab disappeared. I went to the Start menu and tried to pull up Administrative Tools, but when I hover over it, it also comes up empty.
Then I did the major mistake. I told one of the other admins the problem and he suggested I try to log on using a local acct. I had reservations of logging off because I was afraid something bad might happen and I may not be able to access the Server. But I did. I logged off. And tried to log back on (remotely). It failed. Went upstairs to the server and tried to directly log on the server, but it wouldn't come up with the username/pw prompt (it only came up with the CTRL+ALT+DELETE window and would keep jumping back to it).
Tried to manage it and it still wouldn't give me access. So now the server is basically unaccessible. Most likely because the system folders as well as everything else on the C drive is unaccessible. Short of taking the server down and reimaging it, is there anything I can do to set this right?
We're going thru an Security Readiness Review and have been checking and configure servers we have on the network to make sure they're all compliant. I've been remotely logging on servers and manually checking and updating it. On one of the servers one of the "security alerts" that came up were improper ACLs to the C drive and it's sub folders. There were instructions on how to 'securely' set the permissions. So I went and changed it. Except I don't think I did it right. I'm not sure but I either may have accidentally messed up SYSTEM access or had not set Administrators access properly (although I swear I thought I did). And soon after I was unable to look inside the C drive or access any of the files. When I rightclicked the file and looked at the properites, the Security Tab disappeared. I went to the Start menu and tried to pull up Administrative Tools, but when I hover over it, it also comes up empty.
Then I did the major mistake. I told one of the other admins the problem and he suggested I try to log on using a local acct. I had reservations of logging off because I was afraid something bad might happen and I may not be able to access the Server. But I did. I logged off. And tried to log back on (remotely). It failed. Went upstairs to the server and tried to directly log on the server, but it wouldn't come up with the username/pw prompt (it only came up with the CTRL+ALT+DELETE window and would keep jumping back to it).
Tried to manage it and it still wouldn't give me access. So now the server is basically unaccessible. Most likely because the system folders as well as everything else on the C drive is unaccessible. Short of taking the server down and reimaging it, is there anything I can do to set this right?
Not sure what services you're running, but if you're running exchange the exadmin account should be able to get in. If you borked the local, you should still be able to get in with a user that has domain admin access. Or I misread everything. :/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
as this is a server and dependant on how long you can afford to have it down (ussually not long) it sounds like its time to suck it up and ring microsoft support.
ASKER
well, luckily the server isn't critical and isn't being used for any day-to-day things.. so i guess the answer is just reimaging it. >_<
ASKER
well.. ended up reimaging it. a real careless mistake on my part. well.. i'll chalk it up to some onsite education.. O_O;
as long as you can take the positive!