Jump to content

Permissions removed from domain controler, how to fix

Guest ThatsIT.net.au

By Guest ThatsIT.net.au
in Windows 2003 Server

 Share

Recommended Posts

Guest ThatsIT.net.au

Guest ThatsIT.net.au

Posted
Posted

I have a problem where a windows 2000 domain controller has had its hard

disk permissions changed.

By default everyone has full access to files on c drive.

Someone has changed this believing that it was a security risk. He removed

everyone permissions and gave administrators full control, and users read

and execute.

 

At next reboot the domain controller would not function, it gives a error I

can not remember at the moment, but to do with security and asks you to

reboot in directory restore mode. You can not log in and they have forgotten

the system restore password or it is not accepting it.

 

My guess is that the system can not access files it needs. What I want to do

is reset the permissions on the disk.

 

Is there any way to do this?

  • Replies 8
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Coraleigh Miller

Guest Coraleigh Miller

Posted
Posted

Re: Permissions removed from domain controler, how to fix

 

Hi ThatsIT.net.au,

 

Are you able to login using Last Known Good Config, or Safe Mode? If Last

Known Good Config does not work but you are able to get into your system

using Safe Mode, you can use one of these methods..

http://www.petri.co.il/change_recovery_console_password.htm to change you

recovery console/directory restore password.

 

Coraleigh Miller

 

 

"ThatsIT.net.au" <me@thatsit> wrote in message

news:1E0F348A-E0C7-4849-814B-84C3108A9987@microsoft.com...

>I have a problem where a windows 2000 domain controller has had its hard

>disk permissions changed.

> By default everyone has full access to files on c drive.

> Someone has changed this believing that it was a security risk. He removed

> everyone permissions and gave administrators full control, and users read

> and execute.

>

> At next reboot the domain controller would not function, it gives a error

> I can not remember at the moment, but to do with security and asks you to

> reboot in directory restore mode. You can not log in and they have

> forgotten the system restore password or it is not accepting it.

>

> My guess is that the system can not access files it needs. What I want to

> do is reset the permissions on the disk.

>

> Is there any way to do this?

Guest ThatsIT.net.au

Guest ThatsIT.net.au

Posted
Posted

Re: Permissions removed from domain controler, how to fix

 

 

"Coraleigh Miller" <CoraleighMiller@yahoo.com> wrote in message

news:%23pAtNoe3HHA.5164@TK2MSFTNGP05.phx.gbl...

> Hi ThatsIT.net.au,

>

> Are you able to login using Last Known Good Config, or Safe Mode? If Last

> Known Good Config does not work but you are able to get into your system

> using Safe Mode, you can use one of these methods..

> http://www.petri.co.il/change_recovery_console_password.htm to change you

> recovery console/directory restore password.

>

 

 

tried them all, none worked, I just finished reinstalling, I have a day of

reconfiguring ahead

 

> Coraleigh Miller

>

>

> "ThatsIT.net.au" <me@thatsit> wrote in message

> news:1E0F348A-E0C7-4849-814B-84C3108A9987@microsoft.com...

>>I have a problem where a windows 2000 domain controller has had its hard

>>disk permissions changed.

>> By default everyone has full access to files on c drive.

>> Someone has changed this believing that it was a security risk. He

>> removed everyone permissions and gave administrators full control, and

>> users read and execute.

>>

>> At next reboot the domain controller would not function, it gives a error

>> I can not remember at the moment, but to do with security and asks you to

>> reboot in directory restore mode. You can not log in and they have

>> forgotten the system restore password or it is not accepting it.

>>

>> My guess is that the system can not access files it needs. What I want to

>> do is reset the permissions on the disk.

>>

>> Is there any way to do this?

>

>

Guest Pegasus \(MVP\)

Guest Pegasus \(MVP\)

Posted
Posted

Re: Permissions removed from domain controler, how to fix

 

 

"ThatsIT.net.au" <me@thatsit> wrote in message

news:DB85D963-B47E-4C3A-ADBA-C7D46B1774AE@microsoft.com...

>

> "Coraleigh Miller" <CoraleighMiller@yahoo.com> wrote in message

> news:%23pAtNoe3HHA.5164@TK2MSFTNGP05.phx.gbl...

>> Hi ThatsIT.net.au,

>>

>> Are you able to login using Last Known Good Config, or Safe Mode? If

>> Last Known Good Config does not work but you are able to get into your

>> system using Safe Mode, you can use one of these methods..

>> http://www.petri.co.il/change_recovery_console_password.htm to change you

>> recovery console/directory restore password.

>>

>

>

> tried them all, none worked, I just finished reinstalling, I have a day of

> reconfiguring ahead

>

 

Now is a good time to review your backup policy.

Guest ThatsIT.net.au

Guest ThatsIT.net.au

Posted
Posted

Re: Permissions removed from domain controler, how to fix

 

 

"Pegasus (MVP)" <I.can@fly.com> wrote in message

news:OjKC2yr3HHA.2752@TK2MSFTNGP06.phx.gbl...

>

> "ThatsIT.net.au" <me@thatsit> wrote in message

> news:DB85D963-B47E-4C3A-ADBA-C7D46B1774AE@microsoft.com...

>>

>> "Coraleigh Miller" <CoraleighMiller@yahoo.com> wrote in message

>> news:%23pAtNoe3HHA.5164@TK2MSFTNGP05.phx.gbl...

>>> Hi ThatsIT.net.au,

>>>

>>> Are you able to login using Last Known Good Config, or Safe Mode? If

>>> Last Known Good Config does not work but you are able to get into your

>>> system using Safe Mode, you can use one of these methods..

>>> http://www.petri.co.il/change_recovery_console_password.htm to change

>>> you recovery console/directory restore password.

>>>

>>

>>

>> tried them all, none worked, I just finished reinstalling, I have a day

>> of reconfiguring ahead

>>

>

> Now is a good time to review your backup policy.

 

we have backups.

 

but we could not get into machine to restore them. could not even repair as

it would not copy files onto disk.

A staff member changed permissions on cdrive, removed everybody group, I

assume this had something to do with it

Guest Coraleigh Miller

Guest Coraleigh Miller

Posted
Posted

Re: Permissions removed from domain controler, how to fix

 

I have seen many networks which have succesfully removed the Everyone group

from the root without issue, however it was done carefully ensuring that any

services using Anonymous login were accounted for as well as adding the

Authenticated Users group in place of Everyone. FYI - Its not recommended

to do this on an Exchange server as it needs Anonymous login for a number of

processes. I would suggest that before one removes the everyone group from

a server, that some research be done with regards to the functional role of

the server and the possible impact of this change.

 

Winternals ERP Commander would have been the perfect tool for you (and

should be in everyone's toolkit) unfortunately Microsoft bought them and has

yet to release their own version yet. (I still have my copy though, Yay!

lol) If you can get a copy from someone though i can't even tell you how

much aggrevation it will save you.

 

http://articles.techrepublic.com.com/5100-1035-6086282.html

 

http://www.microsoft.com/systemcenter/winternals.mspx

 

 

Coraleigh

 

 

 

"ThatsIT.net.au" <me@thatsit> wrote in message

news:92A944A0-CDA9-4DFA-9B73-C423A5830C38@microsoft.com...

>

> "Pegasus (MVP)" <I.can@fly.com> wrote in message

> news:OjKC2yr3HHA.2752@TK2MSFTNGP06.phx.gbl...

>>

>> "ThatsIT.net.au" <me@thatsit> wrote in message

>> news:DB85D963-B47E-4C3A-ADBA-C7D46B1774AE@microsoft.com...

>>>

>>> "Coraleigh Miller" <CoraleighMiller@yahoo.com> wrote in message

>>> news:%23pAtNoe3HHA.5164@TK2MSFTNGP05.phx.gbl...

>>>> Hi ThatsIT.net.au,

>>>>

>>>> Are you able to login using Last Known Good Config, or Safe Mode? If

>>>> Last Known Good Config does not work but you are able to get into your

>>>> system using Safe Mode, you can use one of these methods..

>>>> http://www.petri.co.il/change_recovery_console_password.htm to change

>>>> you recovery console/directory restore password.

>>>>

>>>

>>>

>>> tried them all, none worked, I just finished reinstalling, I have a day

>>> of reconfiguring ahead

>>>

>>

>> Now is a good time to review your backup policy.

>

> we have backups.

>

> but we could not get into machine to restore them. could not even repair

> as it would not copy files onto disk.

> A staff member changed permissions on cdrive, removed everybody group, I

> assume this had something to do with it

Guest Pegasus \(MVP\)

Guest Pegasus \(MVP\)

Posted
Posted

Re: Permissions removed from domain controler, how to fix

 

 

"ThatsIT.net.au" <me@thatsit> wrote in message

news:92A944A0-CDA9-4DFA-9B73-C423A5830C38@microsoft.com...

>

> "Pegasus (MVP)" <I.can@fly.com> wrote in message

> news:OjKC2yr3HHA.2752@TK2MSFTNGP06.phx.gbl...

>>

>> "ThatsIT.net.au" <me@thatsit> wrote in message

>> news:DB85D963-B47E-4C3A-ADBA-C7D46B1774AE@microsoft.com...

>>>

>>> "Coraleigh Miller" <CoraleighMiller@yahoo.com> wrote in message

>>> news:%23pAtNoe3HHA.5164@TK2MSFTNGP05.phx.gbl...

>>>> Hi ThatsIT.net.au,

>>>>

>>>> Are you able to login using Last Known Good Config, or Safe Mode? If

>>>> Last Known Good Config does not work but you are able to get into your

>>>> system using Safe Mode, you can use one of these methods..

>>>> http://www.petri.co.il/change_recovery_console_password.htm to change

>>>> you recovery console/directory restore password.

>>>>

>>>

>>>

>>> tried them all, none worked, I just finished reinstalling, I have a day

>>> of reconfiguring ahead

>>>

>>

>> Now is a good time to review your backup policy.

>

> we have backups.

>

> but we could not get into machine to restore them. could not even repair

> as it would not copy files onto disk.

> A staff member changed permissions on cdrive, removed everybody group, I

> assume this had something to do with it

 

A backup facility is only as good as the subsequent restore

process. If you are unable to restore the System State then

I suspect that your backup was never been tested and that

its usefulness is limited. There are several third-party products

that let you restore anything, regardless of the state of your

machine, Acronis being one of them.

Guest ThatsIT.net.au

Guest ThatsIT.net.au

Posted
Posted

Re: Permissions removed from domain controler, how to fix

 

 

"Coraleigh Miller" <CoraleighMiller@yahoo.com> wrote in message

news:uINYXDD4HHA.948@TK2MSFTNGP06.phx.gbl...

>I have seen many networks which have succesfully removed the Everyone group

>from the root without issue, however it was done carefully ensuring that

>any services using Anonymous login were accounted for as well as adding the

>Authenticated Users group in place of Everyone. FYI - Its not recommended

>to do this on an Exchange server as it needs Anonymous login for a number

>of processes. I would suggest that before one removes the everyone group

>from a server, that some research be done with regards to the functional

>role of the server and the possible impact of this change.

>

 

I think what he did was remove everyone from the c drive and replaced it

with users read and administrators full.

 

any how could not write to disk at all, could not even reinstall leaving

file system in tact

 

 

> Winternals ERP Commander would have been the perfect tool for you (and

> should be in everyone's toolkit) unfortunately Microsoft bought them and

> has yet to release their own version yet. (I still have my copy though,

> Yay! lol) If you can get a copy from someone though i can't even tell you

> how much aggrevation it will save you.

>

> http://articles.techrepublic.com.com/5100-1035-6086282.html

>

> http://www.microsoft.com/systemcenter/winternals.mspx

>

>

> Coraleigh

>

>

>

> "ThatsIT.net.au" <me@thatsit> wrote in message

> news:92A944A0-CDA9-4DFA-9B73-C423A5830C38@microsoft.com...

>>

>> "Pegasus (MVP)" <I.can@fly.com> wrote in message

>> news:OjKC2yr3HHA.2752@TK2MSFTNGP06.phx.gbl...

>>>

>>> "ThatsIT.net.au" <me@thatsit> wrote in message

>>> news:DB85D963-B47E-4C3A-ADBA-C7D46B1774AE@microsoft.com...

>>>>

>>>> "Coraleigh Miller" <CoraleighMiller@yahoo.com> wrote in message

>>>> news:%23pAtNoe3HHA.5164@TK2MSFTNGP05.phx.gbl...

>>>>> Hi ThatsIT.net.au,

>>>>>

>>>>> Are you able to login using Last Known Good Config, or Safe Mode? If

>>>>> Last Known Good Config does not work but you are able to get into your

>>>>> system using Safe Mode, you can use one of these methods..

>>>>> http://www.petri.co.il/change_recovery_console_password.htm to change

>>>>> you recovery console/directory restore password.

>>>>>

>>>>

>>>>

>>>> tried them all, none worked, I just finished reinstalling, I have a day

>>>> of reconfiguring ahead

>>>>

>>>

>>> Now is a good time to review your backup policy.

>>

>> we have backups.

>>

>> but we could not get into machine to restore them. could not even repair

>> as it would not copy files onto disk.

>> A staff member changed permissions on cdrive, removed everybody group, I

>> assume this had something to do with it

>

>

Guest ThatsIT.net.au

Guest ThatsIT.net.au

Posted
Posted

Re: Permissions removed from domain controler, how to fix

 

 

"Pegasus (MVP)" <I.can@fly.com> wrote in message

news:euSmNeD4HHA.4184@TK2MSFTNGP06.phx.gbl...

>

> "ThatsIT.net.au" <me@thatsit> wrote in message

> news:92A944A0-CDA9-4DFA-9B73-C423A5830C38@microsoft.com...

>>

>> "Pegasus (MVP)" <I.can@fly.com> wrote in message

>> news:OjKC2yr3HHA.2752@TK2MSFTNGP06.phx.gbl...

>>>

>>> "ThatsIT.net.au" <me@thatsit> wrote in message

>>> news:DB85D963-B47E-4C3A-ADBA-C7D46B1774AE@microsoft.com...

>>>>

>>>> "Coraleigh Miller" <CoraleighMiller@yahoo.com> wrote in message

>>>> news:%23pAtNoe3HHA.5164@TK2MSFTNGP05.phx.gbl...

>>>>> Hi ThatsIT.net.au,

>>>>>

>>>>> Are you able to login using Last Known Good Config, or Safe Mode? If

>>>>> Last Known Good Config does not work but you are able to get into your

>>>>> system using Safe Mode, you can use one of these methods..

>>>>> http://www.petri.co.il/change_recovery_console_password.htm to change

>>>>> you recovery console/directory restore password.

>>>>>

>>>>

>>>>

>>>> tried them all, none worked, I just finished reinstalling, I have a day

>>>> of reconfiguring ahead

>>>>

>>>

>>> Now is a good time to review your backup policy.

>>

>> we have backups.

>>

>> but we could not get into machine to restore them. could not even repair

>> as it would not copy files onto disk.

>> A staff member changed permissions on cdrive, removed everybody group, I

>> assume this had something to do with it

>

> A backup facility is only as good as the subsequent restore

> process. If you are unable to restore the System State then

> I suspect that your backup was never been tested and that

> its usefulness is limited.

 

The system state is fine, all the backs ups are in tact

 

But we can not log on or copy anything to disk, not in safe mode not in

directory restore mode not in recovery mode.

 

in recovery mode the console will accept one character then keyboard will

not work

 

There are several third-party products

> that let you restore anything, regardless of the state of your

> machine, Acronis being one of them.

>

>

>

 Share
Go to topic listing
×
×
  • Create New...