Fixing up messed up permissions on C:

  • Thread starter Thread starter emmer
  • Start date Start date
E

emmer

Hello,

I have Windows XP Professional SP3, and I just found out almost all my
permissions on C: got messed up.

I would like to know if there is some way to easily change them all. (I
suppose it’s impossible to recover their original state.)

I am considering using the method “Reset the registry and the file
permissions†under “Advanced troubleshooting†described at
http://support.microsoft.com/kb/949377/en-us. Basically, using Subinacl.exe
to change them all. Would it be the easier and most correct way to solve my
problem? Would there be any other/better way to do that?

I am not trying to install Service Pack 3, I already got it installed, I
just want to use that method to fix my permissions up in some way.

So basically that’s my problem. On my next post I’ll try to explain how and
why I got the permissions messed up, just in case the information may be
useful.

Thanks in advance.
 
Well, so here’s my explanation on how I got all my permissions on C: messed
up.

I had both Windows XP SP3 and OpenSuse installed on this 250 GB hard drive.
About a week ago I decided to uninstall OpenSuse. For that I simply booted a
Gparted (partition software) live CD, deleted all the Linux partitions and
extended the Windows NTFS partition to 100% of the hard drive.

My next step would be to boot up the Windows installation CD, call the
recovery console and run FIXMBR. Then I would reboot normally (without the
CD) and let CHKDSK do all the rest. I know it works because I’ve done that to
uninstall Linux distros on other PCs successfully.

But I couldn’t use the recovery console because I couldn’t get the
Administrator password right! Very frustrating. I am not sure, but I think
that would be because I had the Administrator account DISABLED (although the
message I got was something about wrong password). I got desperate.

Then I used an Ubuntu live CD to boot up the machine so I could look for
some solution on the web. I found a program that allegedly could fix the MBR
without a Windows Administrator password. So I used it, rebooted. That didn’t
work. I tried the recovery console again, and this time it didn’t ask me for
a password – probably due to that program. I ran FIXMBR, rebooted. No way.
Recovery console again, FIXBOOT, reboot. No way.

I don’t remember exactly how those reboot sequences occurred, but in the end
I got a partition set as FAT16. If I am not wrong, FIXMBR has done that
because it couldn’t identify the file system used or something. I also got a
partition table error.
I got VERY desperate. Booted up Ubuntu live CD again. Fdisk identified the
partition as NTFS, while Gparted told me it was FAT16. I was completely lost.
I knew my data was there, no file system conversion had been made, so it was
truly NTFS, just set/flagged/whatever as FAT16. So I started looking for some
way to change the partition table and set the partition to NTFS.

Browsing the web, I found this wonderful program called TestDisk. It let me
recover deleted partitions, writing a new partition table in the end. Also I
could write my very own partition table. Well, I just recovered a deleted
partition (probably from the back up before I tried to fix the MBR, or even
from before the installation of OpenSuse) – so my new partition table had the
entire drive as NTFS (the Linux partitions had been already formatted using
Gparted, in case you forgot it).

I rebooted again, and surprisingly Windows XP started (I thought I would
have to try the recovery console again or something). But, before loading the
desktop, it automatically ran CHKDSK.

And I think my Windows security descriptors or something got really messed
up at that point.

....

It was probably the longest CHKDSK I’ve ever seen. Soon I realized I was in
trouble, because CHKDSK is usually fast when I uninstall Linux on other PCs
and use FIXMBR.

So I got something like this (I will try to translate, since my Windows is
in Brazilian Portuguese – I am Brazilian):

Cleaning up minor inconsistencies on the drive.
The hash value 0x433ffdfe from the security descriptor entry with Id 0x105
at offset 0x2f0 is invalid. The correct value is 0xe4e4759.
Repairing an index entry with Id 261 from index $SII of file 9.
Inserting an index entry with Id 261 from index $SDH of file9.
The security data stream entry at offset 0x420 with length 0x3a2b005d
crosses the page boundary.
Repairing the security file record segment.
Deleting an index entry with Id 263 from index $SII of file 9.
Deleting an index entry with Id 264 from index $SII of file 9.
Deleting an index entry with Id 265 from index $SII of file 9.
Deleting an index entry with Id 266 from index $SII of file 9.
....
Deleting an index entry with Id 488 from index $SII of file 9.
Deleting an index entry with Id 489 from index $SII of file 9.
Deleting an index entry with Id 490 from inde

It went like that until the end. The event log stops there, probably because
it couldn’t handle all that data.

When CHKDSK finished, Windows took forever to show the desktop. I realized
everything was so weird, I couldn’t copy and paste, the Windows key didn’t
work, the Taskbar didn’t show the open applications etc. Then I realized the
Remote Procedure Call (RPC) wasn’t running! The PC was almost unusable.

To make it usable (I work at my home so I needed to do this), I ran the
Registry Editor and, on
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs I’ve changed the
ObjectName value from NT AUTHORITY\\NetworkService to LocalSystem. That
allowed me to run the RPC.

When I try to run a service set to log on as Network Service or Local
Service, I got a message box with “Error 5: Access is deniedâ€. On the Events
Viewer, I got errors such as these:

1. Application, source Userenv, ID 1500, user NT AUTHORITY\NETWORK SERVICE
Windows cannot log you on because your profile cannot be loaded. Check that
you are connected to the network, or that your network is functioning
correctly. If this problem persists, contact your network administrator.
Details: Access is denied

2. System, source Service Control Manager, ID 7000, user N/A
The RPC service failed to start due to the following error: Access is denied.

3. System, source Service Control Manager, ID 7005, user N/A
The LoadUserProfile call failed with the following error: Access is denied.

On each boot, I got lots of errors s on the events log. Most (if not all) of
them have Service Control Manager, DCOM or Userenv as sources and “Access is
denied†in its description.

So basically it seems that I can’t run anything as Network Service or Local
Service. The answer will always be “Access is deniedâ€. I am not sure, but it
looks logical to me that it has something to do with the messed up
permissions on C:. If I solve that, I expect everything to run smoothly
again, but I can be wrong.

And that’s pretty much where I am right now. Almost every folder on root
(C:\), including WINDOWS, DOCUMENTS AND SETTINGS and SYSTEM VOLUME
INFORMATION, had its permissions erased. When I right-click on one of them
and check Properties, Security tab, only Administrators and SYSTEM are
listed, and they both have ALL the permission check boxes UNCHECKED. They are
all blank! That probably happened after that long CHKDSK. My registry
permissions probably got messed up as well, but I don’t know how to check it.
(If I remember correctly, I had to change the permissions before editing that
key to run RPC under LocalSystem.)

Well, thank you all who read my long story. I appreciate your help.

Again, thanks in advance.
 
See below.

emmer said:
Well, so here's my explanation on how I got all my permissions on C:
messed
up.

I had both Windows XP SP3 and OpenSuse installed on this 250 GB hard
drive.
About a week ago I decided to uninstall OpenSuse. For that I simply booted
a
Gparted (partition software) live CD, deleted all the Linux partitions and
extended the Windows NTFS partition to 100% of the hard drive.

My next step would be to boot up the Windows installation CD, call the
recovery console and run FIXMBR. Then I would reboot normally (without the
CD) and let CHKDSK do all the rest. I know it works because I've done that
to
uninstall Linux distros on other PCs successfully.

But I couldn't use the recovery console because I couldn't get the
Administrator password right! Very frustrating. I am not sure, but I think
that would be because I had the Administrator account DISABLED (although
the
message I got was something about wrong password). I got desperate.
Click to expand...

I'm surprised to read that a person with your extensive period stoops to use
the rather limited Recovery Console. Have you given any consideration to
creating a universal boot CD such as a Bart PE boot CD?
Then I used an Ubuntu live CD to boot up the machine so I could look for
some solution on the web. I found a program that allegedly could fix the
MBR
without a Windows Administrator password.
Click to expand...

Restoring a Windows-compatible MBR is child's play. Boot the machine with a
Win98 boot diskette/CD (www.bootdisk.com), then run this command:
fdisk /mbr
There is no need for any password.
So I used it, rebooted. That didn't
work. I tried the recovery console again, and this time it didn't ask me
for
a password - probably due to that program. I ran FIXMBR, rebooted. No way.
Recovery console again, FIXBOOT, reboot. No way.
Click to expand...

Would you care to elaborate on the meaning of "no way"?
I don't remember exactly how those reboot sequences occurred, but in the
end
I got a partition set as FAT16. If I am not wrong, FIXMBR has done that
because it couldn't identify the file system used or something. I also got
a
partition table error.
Click to expand...

FAT16 is bad news. Fixmbr did not do it but something else did. It suggests
that your partition table (not the Master Boot Record) is corrupted.
I got VERY desperate. Booted up Ubuntu live CD again. Fdisk identified the
partition as NTFS, while Gparted told me it was FAT16. I was completely
lost.
I knew my data was there, no file system conversion had been made, so it
was
truly NTFS, just set/flagged/whatever as FAT16. So I started looking for
some
way to change the partition table and set the partition to NTFS.
Click to expand...

ptedit (ftp://ftp.symantec.com/public/english_us_canada/tools/pq/utilities/)
would be another tool to edit partition tables.
Browsing the web, I found this wonderful program called TestDisk. It let
me
recover deleted partitions, writing a new partition table in the end. Also
I
could write my very own partition table. Well, I just recovered a deleted
partition (probably from the back up before I tried to fix the MBR, or
even
from before the installation of OpenSuse) - so my new partition table had
the
entire drive as NTFS (the Linux partitions had been already formatted
using
Gparted, in case you forgot it).

I rebooted again, and surprisingly Windows XP started (I thought I would
have to try the recovery console again or something). But, before loading
the
desktop, it automatically ran CHKDSK.

And I think my Windows security descriptors or something got really messed
up at that point.

It was probably the longest CHKDSK I've ever seen. Soon I realized I was
in
trouble, because CHKDSK is usually fast when I uninstall Linux on other
PCs
and use FIXMBR.
Click to expand...

Chkdsk and fixmbr are not related to each other in any way. Fixmbr modifies
the Master Boot Record, which is completely outside the file system. Chkdsk
attemps to fix the file system.
So I got something like this (I will try to translate, since my Windows is
in Brazilian Portuguese - I am Brazilian):

Cleaning up minor inconsistencies on the drive.
The hash value 0x433ffdfe from the security descriptor entry with Id 0x105
at offset 0x2f0 is invalid. The correct value is 0xe4e4759.
Repairing an index entry with Id 261 from index $SII of file 9.
Inserting an index entry with Id 261 from index $SDH of file9.
The security data stream entry at offset 0x420 with length 0x3a2b005d
crosses the page boundary.
Repairing the security file record segment.
Deleting an index entry with Id 263 from index $SII of file 9.
Deleting an index entry with Id 264 from index $SII of file 9.
Deleting an index entry with Id 265 from index $SII of file 9.
Deleting an index entry with Id 266 from index $SII of file 9.
...
Deleting an index entry with Id 488 from index $SII of file 9.
Deleting an index entry with Id 489 from index $SII of file 9.
Deleting an index entry with Id 490 from inde

It went like that until the end. The event log stops there, probably
because
it couldn't handle all that data.

When CHKDSK finished, Windows took forever to show the desktop. I realized
everything was so weird, I couldn't copy and paste, the Windows key didn't
work, the Taskbar didn't show the open applications etc. Then I realized
the
Remote Procedure Call (RPC) wasn't running! The PC was almost unusable.

To make it usable (I work at my home so I needed to do this), I ran the
Registry Editor and, on
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs I've changed
the
ObjectName value from NT AUTHORITY\\NetworkService to LocalSystem. That
allowed me to run the RPC.

When I try to run a service set to log on as Network Service or Local
Service, I got a message box with "Error 5: Access is denied". On the
Events
Viewer, I got errors such as these:

1. Application, source Userenv, ID 1500, user NT AUTHORITY\NETWORK SERVICE
Windows cannot log you on because your profile cannot be loaded. Check
that
you are connected to the network, or that your network is functioning
correctly. If this problem persists, contact your network administrator.
Details: Access is denied

2. System, source Service Control Manager, ID 7000, user N/A
The RPC service failed to start due to the following error: Access is
denied.

3. System, source Service Control Manager, ID 7005, user N/A
The LoadUserProfile call failed with the following error: Access is
denied.

On each boot, I got lots of errors s on the events log. Most (if not all)
of
them have Service Control Manager, DCOM or Userenv as sources and "Access
is
denied" in its description.

So basically it seems that I can't run anything as Network Service or
Local
Service. The answer will always be "Access is denied". I am not sure, but
it
looks logical to me that it has something to do with the messed up
permissions on C:. If I solve that, I expect everything to run smoothly
again, but I can be wrong.

And that's pretty much where I am right now. Almost every folder on root
(C:\), including WINDOWS, DOCUMENTS AND SETTINGS and SYSTEM VOLUME
INFORMATION, had its permissions erased. When I right-click on one of them
and check Properties, Security tab, only Administrators and SYSTEM are
listed, and they both have ALL the permission check boxes UNCHECKED. They
are
all blank! That probably happened after that long CHKDSK. My registry
permissions probably got messed up as well, but I don't know how to check
it.
(If I remember correctly, I had to change the permissions before editing
that
key to run RPC under LocalSystem.)

Well, thank you all who read my long story. I appreciate your help.

Again, thanks in advance.
Click to expand...

In my humble opinion your installation has been so badly messed up that you
would save yourself a lot of time by just reloading it from scratch.
 
emmer said:
Hello,

I have Windows XP Professional SP3, and I just found out almost all my
permissions on C: got messed up.

I would like to know if there is some way to easily change them all. (I
suppose it's impossible to recover their original state.)

I am considering using the method "Reset the registry and the file
permissions" under "Advanced troubleshooting" described at
http://support.microsoft.com/kb/949377/en-us. Basically, using
Subinacl.exe
to change them all. Would it be the easier and most correct way to solve
my
problem? Would there be any other/better way to do that?

I am not trying to install Service Pack 3, I already got it installed, I
just want to use that method to fix my permissions up in some way.

So basically that's my problem. On my next post I'll try to explain how
and
why I got the permissions messed up, just in case the information may be
useful.

Thanks in advance.
Click to expand...

Log on as Admministrator, then use Windows Explorer to seize ownership of
all files and folders. As a next step you must grant full access rights to
all folders for the System account and the Administrators group. Lastly you
need to give "Everyone" appropriate access rights.
 
Back
Top