Partner Solutions with Stephanie Doakes

Technical information for Partners in the Small and Midsize business space. I will also include techincal information for you as well. Since moving from the technical space, I have needed to change myu blog a bit from the deep technical realm to now m

Blogs

Resetting NTFS Permissions on Windows Server 2003

  • Comments 1
  • Likes

I have seen where permissions had gotten changed in the system folders where the Windows 2003 SP1 was applied and the server was rebooted.  After the reboot, nearly all of our automatic services failed to start.  This was because the Remote Procedure Call service failed to start.  Windows Server 2003 changes the logon for the RPC service to Network Service and because the permissions had been changed, that service was getting “Access Denied” when attempting to start the service. 

 

Running Chkdsk on a server can also change security descriptors if you have not applied the required hotfixes to the server.  See the following articles:

 

831375 The CHKDSK utility incorrectly identifies and deletes in-use security descriptors in Windows 2000

http://support.microsoft.com/default.aspx?scid=kb;EN-US;831375

 

831374 The CHKDSK utility incorrectly identifies and deletes in-use security descriptors

http://support.microsoft.com/default.aspx?scid=kb;EN-US;831374

 

 

In order to get the permissions reset, we can use the secedit command to reset the NTFS permissions on the server.

 

Open a command prompt.

 

Run the following command where windows is the %systemroot% variable.

 

If the server has been upgraded you would substitute windows for winnt

 

On a domain controller, run

secedit /configure /db c:\windows\temp\seceditsv.sdb /cfg

"c:\windows\security\templates\DC security.inf" /log c:\windows\temp\seceditsv.log

 

On a non-domain controller, run

secedit /configure /db c:\windows\temp\seceditsv.sdb /cfg

"c:\windows\security\templates\setup security.inf" /log c:\windows\temp\seceditsv.log

 

Note:  I have run the setup security.inf on a domain controller without experiencing any problems.

 

This sets NTFS permissions back to default.

 

You will then be able to start services using the Network Service.

 

 

Refer to the following article on what each security template contains.

 

816585 How to apply predefined security templates in Windows Server 2003

http://support.microsoft.com/default.aspx?scid=kb;EN-US;816585

 

Have a good week.

 

Stephanie B. Doakes

Comments
  • Thank you ever so much for this article - it just resolved my issue.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment