Resetting NTFS Permissions on Windows Server 2003

  • Article

I have seen where permissions had gotten changed in the system folders where the Windows 2003 SP1 was applied and the server was rebooted.  After the reboot, nearly all of our automatic services failed to start.  This was because the Remote Procedure Call service failed to start.  Windows Server 2003 changes the logon for the RPC service to Network Service and because the permissions had been changed, that service was getting “Access Denied” when attempting to start the service. 

 

Running Chkdsk on a server can also change security descriptors if you have not applied the required hotfixes to the server.  See the following articles:

 

831375 The CHKDSK utility incorrectly identifies and deletes in-use security descriptors in Windows 2000

https://support.microsoft.com/default.aspx?scid=kb;EN-US;831375

 

831374 The CHKDSK utility incorrectly identifies and deletes in-use security descriptors

https://support.microsoft.com/default.aspx?scid=kb;EN-US;831374

 

 

In order to get the permissions reset, we can use the secedit command to reset the NTFS permissions on the server.

 

Open a command prompt.

 

Run the following command where windows is the %systemroot% variable.

 

If the server has been upgraded you would substitute windows for winnt

 

On a domain controller, run

secedit /configure /db c:\windows\temp\seceditsv.sdb /cfg

"c:\windows\security\templates\DC security.inf" /log c:\windows\temp\seceditsv.log

 

On a non-domain controller, run

secedit /configure /db c:\windows\temp\seceditsv.sdb /cfg

"c:\windows\security\templates\setup security.inf" /log c:\windows\temp\seceditsv.log

 

Note:  I have run the setup security.inf on a domain controller without experiencing any problems.

 

This sets NTFS permissions back to default.

 

You will then be able to start services using the Network Service.

 

 

Refer to the following article on what each security template contains.

 

816585 How to apply predefined security templates in Windows Server 2003

https://support.microsoft.com/default.aspx?scid=kb;EN-US;816585

 

Have a good week.

 

Stephanie B. Doakes