exadmin2006
asked on
Windows 2003 Server C: drive permission issue
Hey all,
A few weeks ago I tried to install a new AV on my File Server (this is a Windows Server 2003 Standard server, SP2, attached to my EMC Clariion via an iSCSI connection. Outside of some EMC software and a few small apps, the C: drive is mostly clean). Anyway, the tech noticed it wouldn't install because the Everyone group wasn't at the root of C: as it is by default. In fact, when I looked at the Security Properites of the root of C:, only Admnistrators was listed. I know this isn't right unless it was changed by someone...all my other servers have Administrators, SYSTEM, Everyone, Users, etc. at the root.
Anyway, when I added Everyone and hit OK, it wiped out all my C: permissions for some reason (that is, the Security Properties of any folder or file on C: is blank). Using my other servers as a guide, I manually added the default C: permissions and majde sure they pushed to all subfolders and files (added Admnistrators, Everyone, SYSTEM, Users, and CREATOR OWNER).
This worked fine, and the server has has no issues since then. I tested all the apps, etc.
My question is...I haven't rebooted it yet, but have to soon to finish an install. Should it be OK since it's been fine since the change, or will a reboot potentially cause an issue I might not be seeing?
Thanks.
A few weeks ago I tried to install a new AV on my File Server (this is a Windows Server 2003 Standard server, SP2, attached to my EMC Clariion via an iSCSI connection. Outside of some EMC software and a few small apps, the C: drive is mostly clean). Anyway, the tech noticed it wouldn't install because the Everyone group wasn't at the root of C: as it is by default. In fact, when I looked at the Security Properites of the root of C:, only Admnistrators was listed. I know this isn't right unless it was changed by someone...all my other servers have Administrators, SYSTEM, Everyone, Users, etc. at the root.
Anyway, when I added Everyone and hit OK, it wiped out all my C: permissions for some reason (that is, the Security Properties of any folder or file on C: is blank). Using my other servers as a guide, I manually added the default C: permissions and majde sure they pushed to all subfolders and files (added Admnistrators, Everyone, SYSTEM, Users, and CREATOR OWNER).
This worked fine, and the server has has no issues since then. I tested all the apps, etc.
My question is...I haven't rebooted it yet, but have to soon to finish an install. Should it be OK since it's been fine since the change, or will a reboot potentially cause an issue I might not be seeing?
Thanks.
ASKER
Thanks. I made sure the Windows and system32 folders were checked...those did have inheritance disabled and had the TERMINAL SERVER ISERS groups added, which I took care of. I also checked the permissions of the folders on where some of the apps and EMC stuff was installed.
Does that link have a connection? It looks like an article on default GPO templates.
Thanks!
Does that link have a connection? It looks like an article on default GPO templates.
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks. Last question...if I run the command to reset the permissions, this will only affect the C: drive right? The server has a D; drive which is on the SAN, and this is where all the file server data lives (Finance, iT, Marketing, etc.). These have explicit, custom permissions. I want to make sure those won't reset.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://blogs.technet.com/askds/archive/2008/05/28/default-security-templates-in-windows-2008.aspx