Resetting NTFS Permissions on Windows Server 2003


I have seen where permissions had gotten changed in the system folders where the Windows 2003 SP1 was applied and the server was rebooted.  After the reboot, nearly all of our automatic services failed to start.  This was because the Remote Procedure Call service failed to start.  Windows Server 2003 changes the logon for the RPC service to Network Service and because the permissions had been changed, that service was getting “Access Denied” when attempting to start the service. 


 


Running Chkdsk on a server can also change security descriptors if you have not applied the required hotfixes to the server.  See the following articles:


 


831375 The CHKDSK utility incorrectly identifies and deletes in-use security descriptors in Windows 2000


http://support.microsoft.com/default.aspx?scid=kb;EN-US;831375


 


831374 The CHKDSK utility incorrectly identifies and deletes in-use security descriptors


http://support.microsoft.com/default.aspx?scid=kb;EN-US;831374


 


 


In order to get the permissions reset, we can use the secedit command to reset the NTFS permissions on the server.


 


Open a command prompt.


 


Run the following command where windows is the %systemroot% variable.


 


If the server has been upgraded you would substitute windows for winnt


 


On a domain controller, run


secedit /configure /db c:\windows\temp\seceditsv.sdb /cfg


“c:\windows\security\templates\DC security.inf” /log c:\windows\temp\seceditsv.log


 


On a non-domain controller, run


secedit /configure /db c:\windows\temp\seceditsv.sdb /cfg


“c:\windows\security\templates\setup security.inf” /log c:\windows\temp\seceditsv.log


 


Note:  I have run the setup security.inf on a domain controller without experiencing any problems.


 


This sets NTFS permissions back to default.


 


You will then be able to start services using the Network Service.


 


 


Refer to the following article on what each security template contains.


 


816585 How to apply predefined security templates in Windows Server 2003


http://support.microsoft.com/default.aspx?scid=kb;EN-US;816585


 


Have a good week.


 


Stephanie B. Doakes


Comments (0)

Skip to main content