none
C: permissions were changed

    Question

  • <p>Windows 2008 Ent R2 sp1</p><p>‘Someone’, I have my suspicions as to who, but that’s neither here nor there, messed up the NTFS permissions on the C: drive of a server.</p><p>This was brought to my attention when I discovered events 257 &amp; 490 happening every hour all day.</p><p>I have run ‘sfc /scannow’</p><p>The CBS.log is 14MB and there are scattered failures throughout.<span>&nbsp; </span>It’s pretty hard to dig thru cohesively.</p><p>I then ran System Readiness Tool with these results:</p><p><span style="font-size:10pt;">================================</span></p><p><span style="font-size:10pt;">Checking System Update Readiness.</span></p><p><span style="font-size:10pt;">Binary Version 6.1.7601.21645</span></p><p><span style="font-size:10pt;">Package Version 15.0</span></p><p><span style="font-size:10pt;">2012-09-18 09:38</span></p><p></p><p><span style="font-size:10pt;">Checking Windows Servicing Packages</span></p><p></p><p><span style="font-size:10pt;">Checking Package Manifests and Catalogs</span></p><p></p><p><span style="font-size:10pt;">Checking Package Watchlist</span></p><p></p><p><span style="font-size:10pt;">Checking Component Watchlist</span></p><p></p><p><span style="font-size:10pt;">Checking Packages</span></p><p></p><p><span style="font-size:10pt;">Checking Component Store</span></p><p></p><p><span style="font-size:10pt;">Summary:</span></p><p><span style="font-size:10pt;">Seconds executed: 208</span></p><p><span style="font-size:10pt;"><span>&nbsp;</span>No errors detected</span></p><p><span style="font-size:10pt;">(w)<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Unable to get system disk properties<span>&nbsp;&nbsp;&nbsp;&nbsp; </span>0x0000045D<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>IOCTL_STORAGE_QUERY_PROPERTY<span> </span>Disk Cache<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></p><p>When I tried to run </p><p>esentutl /p &lt;%systemroot%&gt;\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb</p><p>I immediately got ‘access denied’ (yes, in an elevated cmd prmpt) and that led me to discover that the security perms for the catroot2 folder and in fact the system32 folder are markedly different from other Win2k8 servers.</p><p>Someone had changed the ownership of the C: so I changed that back to trustedinstaller.<span>&nbsp; </span>I felt like that was the least invasive place to start, but the esentutl command still failed.</p><p>Once I compared the system32 &amp; catroot2 folders to other servers, I realized there was a big problem.</p><p>Is there any way to reset the c: permissions back to default&nbsp;besides doing a repair install?<span>&nbsp; </span>This is a SQL server.&nbsp;&nbsp; Thanks!</p>
    Tuesday, September 18, 2012 6:58 PM

Answers

All replies

  • Can you edit your post please ? Looks like formatting has broken !

    Regards, Santosh

    I do not represent the organisation I work for, all the opinions expressed here are my own.

    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Tuesday, September 18, 2012 8:37 PM
  • original post reformed as following:

    Windows 2008 Ent R2 sp1

    ‘Someone’, I have my suspicions as to who, but that’s neither here nor there, messed up the NTFS permissions on the C: drive of a server.

    This was brought to my attention when I discovered events 257 & 490 happening every hour all day.

    I have run ‘sfc /scannow’

    The CBS.log is 14MB and there are scattered failures throughout.  It’s pretty hard to dig thru cohesively.

    I then ran System Readiness Tool with these results:

    ================================

    Checking System Update Readiness.

    Binary Version 6.1.7601.21645

    Package Version 15.0

    2012-09-18 09:38


    Checking Windows Servicing Packages


    Checking Package Manifests and Catalogs


    Checking Package Watchlist


    Checking Component Watchlist


    Checking Packages


    Checking Component Store


    Summary:

    Seconds executed: 208

     No errors detected

    (w)        Unable to get system disk properties     0x0000045D      IOCTL_STORAGE_QUERY_PROPERTY Disk Cache      

    When I tried to run

    esentutl /p <%systemroot%>\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

    I immediately got ‘access denied’ (yes, in an elevated cmd prmpt) and that led me to discover that the security perms for the catroot2 folder and in fact the system32 folder are markedly different from other Win2k8 servers.

    Someone had changed the ownership of the C: so I changed that back to trustedinstaller.  I felt like that was the least invasive place to start, but the esentutl command still failed.

    Once I compared the system32 & catroot2 folders to other servers, I realized there was a big problem.

    Is there any way to reset the c: permissions back to default besides doing a repair install?  This is a SQL server.   Thanks!

    Wednesday, September 19, 2012 1:57 AM
  • Thanks for fixing the formatting.  Not sure what happened.
    Wednesday, September 19, 2012 12:13 PM
  • Resetting NTFS Permissions on Windows Server 2003 ? 

    http://blogs.technet.com/b/sdoakes/archive/2006/03/14/422012.aspx

    How do I restore security settings to the default settings?

    http://support.microsoft.com/kb/313222/en-us



    http://www.arabitpro.com

    Wednesday, September 19, 2012 12:30 PM
  • If Syed's suggestion do not help, then you might want to try in-place upgrade as an last option.

    How to Perform an In-Place Upgrade on Windows Vista, Windows 7, Windows Server 2008 & Windows Server 2008 R2

    http://support.microsoft.com/kb/2255099


    Regards, Santosh

    I do not represent the organisation I work for, all the opinions expressed here are my own.

    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Wednesday, September 19, 2012 3:31 PM
  •  This issue apparently started back in august, but my server monitoring app failed to pick it up until this week.

    I would have to go back to the end of July to get a pre-error system state backup.  This server runs SQL and an old proprietary application that I do not control, so I have no way to know how going back that far for the system state would affect it.

    As such, I am also not sure about an in-place upgrade either, but that may be my only choice.

    It's a w2k8 server, so the w2k3 post would not apply.

    Thanks for your suggestions

    Wednesday, September 19, 2012 3:37 PM