Solved

dumb noob mistake - permissions on C drive changed and can't log on at all W2k3 Server

Posted on 2007-03-27
7
162 Views
Last Modified: 2010-04-20
Ok. I can hear everyone yelling at me already. =(
We're going thru an Security Readiness Review and have been checking and configure servers we have on the network to make sure they're all compliant. I've been remotely logging on servers and manually checking and updating it. On one of the servers one of the "security alerts" that came up were improper ACLs to the C drive and it's sub folders. There were instructions on how to 'securely' set the permissions. So I went and changed it. Except I don't think I did it right. I'm not sure but I either may have accidentally messed up SYSTEM access or had not set Administrators access properly (although I swear I thought I did). And soon after I was unable to look inside the C drive or access any of the files. When I rightclicked the file and looked at the properites, the Security Tab disappeared. I went to the Start menu and tried to pull up Administrative Tools, but when I hover over it, it also comes up empty.
Then I did the major mistake. I told one of the other admins the problem and he suggested I try to log on using a local acct. I had reservations of logging off because I was afraid something bad might happen and I may not be able to access the Server.  But I did. I logged off. And tried to log back on (remotely). It failed. Went upstairs to the server and tried to directly log on the server, but it wouldn't come up with the username/pw prompt (it only came up with the CTRL+ALT+DELETE window and would keep jumping back to it).
Tried to manage it and it still wouldn't give me access. So now the server is basically unaccessible. Most likely because the system folders as well as everything else on the C drive is unaccessible. Short of taking the server down and reimaging it, is there anything I can do to set this right?
0
Comment
Question by:ThinkPaper
7 Comments
 
LVL 1

Expert Comment

by:Iateacricket
ID: 18803721
Not sure what services you're running, but if you're running exchange the exadmin account should be able to get in. If you borked the local, you should still be able to get in with a user that has domain admin access. Or I misread everything. :/
0
 
LVL 70

Accepted Solution

by:
KCTS earned 300 total points
ID: 18804059
If you have managed to remove permissions such to the extent that you can't even log in in safe mode then it looks like you are stuffed. Looks like a rebuild is on the cards.
0
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 200 total points
ID: 18804107
ThinkPaper ,

not sure of the chances here but if you are running SP2 you can now use xacls from the recov console to reset permissions.....

Regards,

James
0
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 
LVL 18

Expert Comment

by:Andrew Davis
ID: 18804154
as this is a server and dependant on how long you can afford to have it down (ussually not long) it sounds like its time to suck it up and ring microsoft support.
0
 
LVL 16

Author Comment

by:ThinkPaper
ID: 18808601
well, luckily the server isn't critical and isn't being used for any day-to-day things.. so i guess the answer is just reimaging it. >_<
0
 
LVL 16

Author Comment

by:ThinkPaper
ID: 18811038
well.. ended up reimaging it. a real careless mistake on my part. well.. i'll chalk it up to some onsite education.. O_O;
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18812907
as long as you can take the positive!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now