Jump to content

Lost all security permissions.

Guest Eli

By Guest Eli
in Windows 2003 Server

 Share

Recommended Posts

Guest Eli

Guest Eli

Posted
Posted

Need help with file security permissions.

There are a lot of files that for some unknown reason lost all permissions

info.

If I try to open or copy them I get access denied error.

Using cacls command doesn’t help – denied.

If I go to security tab there are no permissions set. I have to take over

ownership of the file, apply and then close it. Then open security tab again

and add “system” account full access, then apply. After that I can see all

the permissions that were supposed to be there originally.

There are about 5000 files like that spread out around 100s of different

folders with different hierarchy.

Anyone know why it could of happen and how to fix it?

  • Replies 7
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Pegasus \(MVP\)

Guest Pegasus \(MVP\)

Posted
Posted

Re: Lost all security permissions.

 

 

"Eli" <eli@newsgroup.nospam> wrote in message

news:52DA95EF-6A04-460A-8EC2-5930B2678D0F@microsoft.com...

> Need help with file security permissions.

> There are a lot of files that for some unknown reason lost all permissions

> info.

> If I try to open or copy them I get access denied error.

> Using cacls command doesn't help - denied.

> If I go to security tab there are no permissions set. I have to take over

> ownership of the file, apply and then close it. Then open security tab

> again

> and add "system" account full access, then apply. After that I can see

> all

> the permissions that were supposed to be there originally.

> There are about 5000 files like that spread out around 100s of different

> folders with different hierarchy.

> Anyone know why it could of happen and how to fix it?

>

 

You could use subinacl.exe (Windows Resource Kit) or fileacl.exe

(http://www.microsoft.com/downloads/details.aspx?FamilyID=723f64ea-34f0-4e6d-9a72-004d35de4e64&displaylang=en)

to seize ownership of a large number of files and folders. Make sure

to test the commands first!

Guest Eli

Guest Eli

Posted
Posted

Re: Lost all security permissions.

 

I'm getting errors.

can you give an example command. maybe i'm doing something wrong.

 

"Pegasus (MVP)" wrote:

>

> "Eli" <eli@newsgroup.nospam> wrote in message

> news:52DA95EF-6A04-460A-8EC2-5930B2678D0F@microsoft.com...

> > Need help with file security permissions.

> > There are a lot of files that for some unknown reason lost all permissions

> > info.

> > If I try to open or copy them I get access denied error.

> > Using cacls command doesn't help - denied.

> > If I go to security tab there are no permissions set. I have to take over

> > ownership of the file, apply and then close it. Then open security tab

> > again

> > and add "system" account full access, then apply. After that I can see

> > all

> > the permissions that were supposed to be there originally.

> > There are about 5000 files like that spread out around 100s of different

> > folders with different hierarchy.

> > Anyone know why it could of happen and how to fix it?

> >

>

> You could use subinacl.exe (Windows Resource Kit) or fileacl.exe

> (http://www.microsoft.com/downloads/details.aspx?FamilyID=723f64ea-34f0-4e6d-9a72-004d35de4e64&displaylang=en)

> to seize ownership of a large number of files and folders. Make sure

> to test the commands first!

>

>

>

Guest Pegasus \(MVP\)

Guest Pegasus \(MVP\)

Posted
Posted

Re: Lost all security permissions.

 

FILEACL 2.8.0.1, Copyright Guillaume Bordier 1999, gbordier@gbordier.com or

g_bordier@hotmail.com

Display/Modify File permissions (local and remote)

Running Windows NT 5.1 Service Pack 2

usage :

fileacl <File/Directory> [/{S|G|R|T|O}

{trustee}:[!][mask][/[!]mask][/[!]mask] [options]

or :

fileacl <File/Directory> [/{S|G|R|T|O}

{trustee}:[mask][:Inheritance[/inheritance]...] [options]

mask = {U,R,Rr,Re,Ra,W,Ww,We,Wa,A,P,p,X,Dc,D,F}|0xXXXXXX}

inheritance can be given using XCALCS style : IO,OI,NP,CI,FO

or explorer like abbreviations : F,FF,FSF,FSFF,SFF,SF,NP

/G=Grant /S=Set /R=Revoke /T=Suppress DENY Aces /O change owner /D Deny

U=Unspecified R=Read W=Write X=Execute F=Full Control D=Delete Dc=Delete

Child O=Take Ownership P=Set Permissions

Warning : for same inheritance, Grant is additive, Set is not (better use

/S).

Mask can be a letter-coded permissions string or an Hexadecimal mask

 

Display mode Options

/LINE operate in single-line mode display all ACEs on a file or directory

on One row

/OWNER Get the owner name as well

/NOINHERITED do not print inherited rights

/SIMPLE Merge inherited and direct ACL

/BATCH Generate a batch file for reapplying the same permissions, use with

/SUB

/BATCHREAL Same as /BATCH, generate a protected ACL for the given root dir

/RAW[sID|MASK] Show the RAW ACE SID and/or Mask

/RAWSECDESC [WIN2K] Show the RAW Security Descriptor

with Textual Form ou may use this to generate Win2K

securitytemplates and apply them with secedit

/QUOTE add quotes to file and directory names

 

Change mode options

/PROTECT This permissions will be protected from upper levels permissions

propagation [WIN2K]

/INHERIT Force Propagation from upper levels [WIN2K]

/REMOVEDENY Remove all DENY Aces

/NOROOT use with /SUB, apply rights to all subdirs/subfile except the root

dir

/REPLACE deletes existing ACL and replace with specified (SET )

 

Both mode options

/SUB[:n] treats n levels of subdirectories as well

/FILES treats files in directories as well

/NODIRS treats files only (/FILES implicit)

/FORCE uses SeBackupPrivilege and SeRestorePrivilege to Treat Objects

without any rights nor ownership

/NT4 Enforce NT 4.0 compatibility for Write Masks later version will test

dest computer

 

Rarely used :

/DEBUG give debug information

/VERBOSE give [many] debug information

/MANUALACE Create Ace manually (do not use SetEntriesinACL, default for

NT4)

/USEOLDSEC Use SetFileSecurity instead of SetNamedSecurity, default for NT4

Warning REPLACE deletes existent ACL on file !

 

For Directories, permissions can be written with 3 different format

 

Let's first define "inheriting" :

-Inheriting files are files that will be created in the future in that

directory

-Inheriting directories are sub directories that will be created in the

future in that directory

-After W2K inheriting also means permissions applied to existing files and

directories

Moreover, If you ask fileacl to apply to all existing files and

subdirectories

it will use these inheriting Rights to apply to all subdirectories and

files

XXXX means XXXX is the permissions for the directory, the inheriting Files

and Sub-directories

XXXX/YYYY means as usual : XXXX is the permissions for the directory and

inheriting Sub-directories, YYYY for the permissions on inheriting files.

XXXX/YYYY/ZZZZ means : XXXX is the permissions for the directory, YYYY is

the

permission for inheriting files (files that will be created later), and ZZZZ

is the permission for inheriting

to put non heritable permissions, use XXXX/U/U, to put inherit-only

permissions, use U/XXX/ZZZ

 

Adding '!' before permissions will prevent them to propagate beyond the

first

level like checking the "apply permissions to objects and containers in this

folder only"

you also can give one mask and set the inheritance you want using to ways

1) a combination of XCACLS style keywords

CI : Container Inherit

OI : Object Inherit

IO : Inherit Only

NP : Non propagation beyond first level

2)an abbreviation of explorer inheritance selection box terms

FO : Folder only (no inheritance)

F : Files only (inherited to files)

FF : Folder and files

SF : SubFolders

SFF : SubFolders and files

FSFF : Folder and subfolders and files (default)

FSF : Folder and subfolders

NP : Non propagation beyond first level

Those should be placed after the access mask separated by a colon ":"

and separatedfrom other inheritance flags with a slash "/"

example :

FILEACL c:\temp /s user:R:OI/NP

equals

FILEACL c:\temp /s user:R:FF/NP

equals

FILEACL c:\temp /s user:R/!R/U

NOTE: inheriting items are items created under the current directory

AFTER the application of new permissions

With W2K and later, this permissions also propagate to the existing items

also

 

Ex: FILEACL \\testsrv\d$\testacl /S domain\user1:RWXD/W/RX /S

administrators:F

will set Full right and inheritance on \\testsrv\d$\testacl for

administrators

and Modify right on the directory, write only on created files, and RX on

created directories

NOTE for v2.4 and above : To use the /FORCE directive, the user need

SeRestorePrivilege, SeBackupPrivilege and SeTakeOwnershipPrivilege from the

user manager for the server

New with 2.5, you can now give a TEXTUAL SID instead of the username and an

Hexa mask (0x1000000) instead of a text mask

2.6 is W2K compatible it checks local machine for W2K, when you set perms

from a

W2K Workstation to an NT4 server, be sure to use /NT4 otherwise, WRITE masks

may not show In NT4 GUI

WIN2K : Autopropagation feature : keep the protected/unprotected (agains

propagation) status of the permission

unless /PROTECT or /INHERIT is given

 

OUTPUT :

d:\test;Administrators:F Administrators have Full Control from

Autopropagation()

d:\test;Everyone:F/RW Everyone has Full Control over this directory and

future sub-directories and RW on future Files

d:\test;Guest:F/W/R Guest has Full Control in the dir, W on future files,

and Read on future subdirs

 

Detailed Permissions Mapping

U :no right, use to set permissions with special inheritance

Rr : Read Data / List Directory (FILE_READ_DATA)

Ww : Write Data / Add Files to directory (FILE_WRITE_DATA )

Ra/Wa : Read / Write Attributes (file or dir, Read-only, Hidden ...)

Re/We : Read / Write Extended Attributes (compressed, encrypted ..)

p/P : Read / Write Permissions

A : Append data to file / Add subdir to directory

D : Delete File / Delete Dir

Dc : Delete Child (sub file/sub dir)

X Execute File/ CD to dir

 

R = Rr+Ra+Re+p

W = Ww+A+Wa+We (NT4 : W=Ww+A+Wa+We+P+p

File Deletion is performed if :

Parent dir has Rr and Dc access OR file has D (not Dc)

Minimum Access for reading a file is Rr on parent dir and RrRep on file

Minimum Access for saving an open file is Rr on parent and RrRepW on file

Minimum Access for creating new file is Ww on parent dir

Minimum Access for creating new dir is A on parent dir

 

 

"Eli" <eli@newsgroup.nospam> wrote in message

news:48B6DB2D-3818-479E-B7F4-F71297ADC41F@microsoft.com...

> I'm getting errors.

> can you give an example command. maybe i'm doing something wrong.

>

> "Pegasus (MVP)" wrote:

>

>>

>> "Eli" <eli@newsgroup.nospam> wrote in message

>> news:52DA95EF-6A04-460A-8EC2-5930B2678D0F@microsoft.com...

>> > Need help with file security permissions.

>> > There are a lot of files that for some unknown reason lost all

>> > permissions

>> > info.

>> > If I try to open or copy them I get access denied error.

>> > Using cacls command doesn't help - denied.

>> > If I go to security tab there are no permissions set. I have to take

>> > over

>> > ownership of the file, apply and then close it. Then open security tab

>> > again

>> > and add "system" account full access, then apply. After that I can see

>> > all

>> > the permissions that were supposed to be there originally.

>> > There are about 5000 files like that spread out around 100s of

>> > different

>> > folders with different hierarchy.

>> > Anyone know why it could of happen and how to fix it?

>> >

>>

>> You could use subinacl.exe (Windows Resource Kit) or fileacl.exe

>> (http://www.microsoft.com/downloads/details.aspx?FamilyID=723f64ea-34f0-4e6d-9a72-004d35de4e64&displaylang=en)

>> to seize ownership of a large number of files and folders. Make sure

>> to test the commands first!

>>

>>

>>

Guest Ken Zhao [MSFT]

Guest Ken Zhao [MSFT]

Posted
Posted

RE: Lost all security permissions.

 

Hello Eli,

 

Thank you for using newsgroup!

 

From your post, I want to provide a tool to reset the permission of the

whole registry.

 

SubInAcl.

 

1. Download and install subinacl from:

<http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91

-93cf-ed6985e3927b&displaylang=en>

 

2. Create a file named reset.cmd in C:\Program Files\Windows Resource

Kits\Tools folder.

 

3. Edit the reset.cmd file with the following content.

 

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f

subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f

subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f

subinacl /subdirectories %SystemDrive% /grant=administrators=f

 

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f

subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f

subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f

subinacl /subdirectories %SystemDrive% /grant=system=f

 

4. Enter into CMD prompt.

 

5. Enter the following commands one at a time and click Enter.

 

cd\

cd "C:\Program Files\Windows Resource Kits\Tools"

reset.cmd

 

6. After a few minutes by processing subinacl, please test the problem

again.

 

Thanks & Regards,

 

Ken Zhao

 

Microsoft Online Support

Microsoft Global Technical Support Center

 

Get Secure! - http://www.microsoft.com/security <http://www.microsoft.com/security>

====================================================

When responding to posts, please "Reply to Group" via your newsreader so

that others may learn and benefit from your issue.

====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

 

 

 

--------------------

| Thread-Topic: Lost all security permissions.

| thread-index: Acg6N9I9OSM2OtpwT9e+FKgxQj/pRA==

| X-WBNR-Posting-Host: 207.46.19.168

| From: =?Utf-8?B?RWxp?= <eli@newsgroup.nospam>

| Subject: Lost all security permissions.

| Date: Sat, 8 Dec 2007 23:48:00 -0800

| Lines: 13

| Message-ID: <52DA95EF-6A04-460A-8EC2-5930B2678D0F@microsoft.com>

| MIME-Version: 1.0

| Content-Type: text/plain;

| charset="Utf-8"

| Content-Transfer-Encoding: 8bit

| X-Newsreader: Microsoft CDO for Windows 2000

| Content-Class: urn:content-classes:message

| Importance: normal

| Priority: normal

| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992

| Newsgroups: microsoft.public.windows.server.general

| Path: TK2MSFTNGHUB02.phx.gbl

| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.general:28308

| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148

| X-Tomcat-NG: microsoft.public.windows.server.general

|

| Need help with file security permissions.

| There are a lot of files that for some unknown reason lost all

permissions

| info.

| If I try to open or copy them I get access denied error.

| Using cacls command doesn’t help �denied.

| If I go to security tab there are no permissions set. I have to take

over

| ownership of the file, apply and then close it. Then open security tab

again

| and add “system�account full access, then apply. After that I can

see all

| the permissions that were supposed to be there originally.

| There are about 5000 files like that spread out around 100s of different

| folders with different hierarchy.

| Anyone know why it could of happen and how to fix it?

|

|

Guest Ken Zhao [MSFT]

Guest Ken Zhao [MSFT]

Posted
Posted

RE: Lost all security permissions.

 

Hi Eli,

 

I am just writing to see how everything is going. If you have any updates

or need any further assistance on this issue, please feel free to let me

know.

 

Thanks & Regards,

 

Ken Zhao

 

Microsoft Online Support

Microsoft Global Technical Support Center

 

Get Secure! - http://www.microsoft.com/security <http://www.microsoft.com/security>

====================================================

When responding to posts, please "Reply to Group" via your newsreader so

that others may learn and benefit from your issue.

====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

 

 

 

--------------------

| X-Tomcat-ID: 19044760

| References: <52DA95EF-6A04-460A-8EC2-5930B2678D0F@microsoft.com>

| MIME-Version: 1.0

| Content-Type: text/plain

| Content-Transfer-Encoding: 7bit

| From: v-kzhao@online.microsoft.com ("Ken Zhao [MSFT]")

| Organization: Microsoft

| Date: Mon, 10 Dec 2007 02:46:29 GMT

| Subject: RE: Lost all security permissions.

| X-Tomcat-NG: microsoft.public.windows.server.general

| Message-ID: <YT3qobtOIHA.6908@TK2MSFTNGHUB02.phx.gbl>

| Newsgroups: microsoft.public.windows.server.general

| Lines: 85

| Path: TK2MSFTNGHUB02.phx.gbl

| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.general:28341

| NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182

|

| Hello Eli,

|

| Thank you for using newsgroup!

|

| From your post, I want to provide a tool to reset the permission of the

| whole registry.

|

| SubInAcl.

|

| 1. Download and install subinacl from:

|

<http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91

| -93cf-ed6985e3927b&displaylang=en>

|

| 2. Create a file named reset.cmd in C:\Program Files\Windows Resource

| Kits\Tools folder.

|

| 3. Edit the reset.cmd file with the following content.

|

| subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f

| subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f

| subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f

| subinacl /subdirectories %SystemDrive% /grant=administrators=f

|

| subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f

| subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f

| subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f

| subinacl /subdirectories %SystemDrive% /grant=system=f

|

| 4. Enter into CMD prompt.

|

| 5. Enter the following commands one at a time and click Enter.

|

| cd\

| cd "C:\Program Files\Windows Resource Kits\Tools"

| reset.cmd

|

| 6. After a few minutes by processing subinacl, please test the problem

| again.

|

| Thanks & Regards,

|

| Ken Zhao

|

| Microsoft Online Support

| Microsoft Global Technical Support Center

|

| Get Secure! - http://www.microsoft.com/security

<http://www.microsoft.com/security>

| ====================================================

| When responding to posts, please "Reply to Group" via your newsreader so

| that others may learn and benefit from your issue.

| ====================================================

| This posting is provided "AS IS" with no warranties, and confers no

rights.

|

|

|

|

| --------------------

| | Thread-Topic: Lost all security permissions.

| | thread-index: Acg6N9I9OSM2OtpwT9e+FKgxQj/pRA==

| | X-WBNR-Posting-Host: 207.46.19.168

| | From: =?Utf-8?B?RWxp?= <eli@newsgroup.nospam>

| | Subject: Lost all security permissions.

| | Date: Sat, 8 Dec 2007 23:48:00 -0800

| | Lines: 13

| | Message-ID: <52DA95EF-6A04-460A-8EC2-5930B2678D0F@microsoft.com>

| | MIME-Version: 1.0

| | Content-Type: text/plain;

| | charset="Utf-8"

| | Content-Transfer-Encoding: 8bit

| | X-Newsreader: Microsoft CDO for Windows 2000

| | Content-Class: urn:content-classes:message

| | Importance: normal

| | Priority: normal

| | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992

| | Newsgroups: microsoft.public.windows.server.general

| | Path: TK2MSFTNGHUB02.phx.gbl

| | Xref: TK2MSFTNGHUB02.phx.gbl

microsoft.public.windows.server.general:28308

| | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148

| | X-Tomcat-NG: microsoft.public.windows.server.general

| |

| | Need help with file security permissions.

| | There are a lot of files that for some unknown reason lost all

| permissions

| | info.

| | If I try to open or copy them I get access denied error.

| | Using cacls command doesn’t help �denied.

| | If I go to security tab there are no permissions set. I have to take

| over

| | ownership of the file, apply and then close it. Then open security tab

| again

| | and add “system�account full access, then apply. After that I can

| see all

| | the permissions that were supposed to be there originally.

| | There are about 5000 files like that spread out around 100s of

different

| | folders with different hierarchy.

| | Anyone know why it could of happen and how to fix it?

| |

| |

|

|

Guest Eli

Guest Eli

Posted
Posted

RE: Lost all security permissions.

 

Sorry, forgot to put the fix.

 

Your script went thru fine, no errors, but it didn't fix the problem

What I found is, if I go to take ownership of the main folder and take

ownership to admin, then close it and open it. Then propagate ownerships

down, it resets ownerships to all folders down below.

Then I had to do same thing for “system” account and give it full access,

and then propagate.

After all above every folder and file got back all permissions and I was

able to access them.

 

 

""Ken Zhao [MSFT]"" wrote:

> Hi Eli,

>

> I am just writing to see how everything is going. If you have any updates

> or need any further assistance on this issue, please feel free to let me

> know.

>

> Thanks & Regards,

>

> Ken Zhao

>

> Microsoft Online Support

> Microsoft Global Technical Support Center

>

> Get Secure! - http://www.microsoft.com/security <http://www.microsoft.com/security>

> ====================================================

> When responding to posts, please "Reply to Group" via your newsreader so

> that others may learn and benefit from your issue.

> ====================================================

> This posting is provided "AS IS" with no warranties, and confers no rights.

>

>

>

>

> --------------------

> | X-Tomcat-ID: 19044760

> | References: <52DA95EF-6A04-460A-8EC2-5930B2678D0F@microsoft.com>

> | MIME-Version: 1.0

> | Content-Type: text/plain

> | Content-Transfer-Encoding: 7bit

> | From: v-kzhao@online.microsoft.com ("Ken Zhao [MSFT]")

> | Organization: Microsoft

> | Date: Mon, 10 Dec 2007 02:46:29 GMT

> | Subject: RE: Lost all security permissions.

> | X-Tomcat-NG: microsoft.public.windows.server.general

> | Message-ID: <YT3qobtOIHA.6908@TK2MSFTNGHUB02.phx.gbl>

> | Newsgroups: microsoft.public.windows.server.general

> | Lines: 85

> | Path: TK2MSFTNGHUB02.phx.gbl

> | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.general:28341

> | NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182

> |

> | Hello Eli,

> |

> | Thank you for using newsgroup!

> |

> | From your post, I want to provide a tool to reset the permission of the

> | whole registry.

> |

> | SubInAcl.

> |

> | 1. Download and install subinacl from:

> |

> <http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91

> | -93cf-ed6985e3927b&displaylang=en>

> |

> | 2. Create a file named reset.cmd in C:\Program Files\Windows Resource

> | Kits\Tools folder.

> |

> | 3. Edit the reset.cmd file with the following content.

> |

> | subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f

> | subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f

> | subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f

> | subinacl /subdirectories %SystemDrive% /grant=administrators=f

> |

> | subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f

> | subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f

> | subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f

> | subinacl /subdirectories %SystemDrive% /grant=system=f

> |

> | 4. Enter into CMD prompt.

> |

> | 5. Enter the following commands one at a time and click Enter.

> |

> | cd\

> | cd "C:\Program Files\Windows Resource Kits\Tools"

> | reset.cmd

> |

> | 6. After a few minutes by processing subinacl, please test the problem

> | again.

> |

> | Thanks & Regards,

> |

> | Ken Zhao

> |

> | Microsoft Online Support

> | Microsoft Global Technical Support Center

> |

> | Get Secure! - http://www.microsoft.com/security

> <http://www.microsoft.com/security>

> | ====================================================

> | When responding to posts, please "Reply to Group" via your newsreader so

> | that others may learn and benefit from your issue.

> | ====================================================

> | This posting is provided "AS IS" with no warranties, and confers no

> rights.

> |

> |

> |

> |

> | --------------------

> | | Thread-Topic: Lost all security permissions.

> | | thread-index: Acg6N9I9OSM2OtpwT9e+FKgxQj/pRA==

> | | X-WBNR-Posting-Host: 207.46.19.168

> | | From: =?Utf-8?B?RWxp?= <eli@newsgroup.nospam>

> | | Subject: Lost all security permissions.

> | | Date: Sat, 8 Dec 2007 23:48:00 -0800

> | | Lines: 13

> | | Message-ID: <52DA95EF-6A04-460A-8EC2-5930B2678D0F@microsoft.com>

> | | MIME-Version: 1.0

> | | Content-Type: text/plain;

> | | charset="Utf-8"

> | | Content-Transfer-Encoding: 8bit

> | | X-Newsreader: Microsoft CDO for Windows 2000

> | | Content-Class: urn:content-classes:message

> | | Importance: normal

> | | Priority: normal

> | | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992

> | | Newsgroups: microsoft.public.windows.server.general

> | | Path: TK2MSFTNGHUB02.phx.gbl

> | | Xref: TK2MSFTNGHUB02.phx.gbl

> microsoft.public.windows.server.general:28308

> | | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148

> | | X-Tomcat-NG: microsoft.public.windows.server.general

> | |

> | | Need help with file security permissions.

> | | There are a lot of files that for some unknown reason lost all

> | permissions

> | | info.

> | | If I try to open or copy them I get access denied error.

> | | Using cacls command doesn’t help �denied.

> | | If I go to security tab there are no permissions set. I have to take

> | over

> | | ownership of the file, apply and then close it. Then open security tab

> | again

> | | and add “system�account full access, then apply. After that I can

> | see all

> | | the permissions that were supposed to be there originally.

> | | There are about 5000 files like that spread out around 100s of

> different

> | | folders with different hierarchy.

> | | Anyone know why it could of happen and how to fix it?

> | |

> | |

> |

> |

>

>

Guest Ken Zhao [MSFT]

Guest Ken Zhao [MSFT]

Posted
Posted

RE: Lost all security permissions.

 

Hi Eli,

 

Thanks for your reply and let us know your resolution.

 

Thanks & Regards,

 

Ken Zhao

 

Microsoft Online Support

Microsoft Global Technical Support Center

 

Get Secure! - http://www.microsoft.com/security <http://www.microsoft.com/security>

====================================================

When responding to posts, please "Reply to Group" via your newsreader so

that others may learn and benefit from your issue.

====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

 

 

 

--------------------

| Thread-Topic: Lost all security permissions.

| thread-index: AchBkbW+AxjFrUCMSmyo10mEfhM4MQ==

| X-WBNR-Posting-Host: 207.46.193.207

| From: =?Utf-8?B?RWxp?= <eli@newsgroup.nospam>

| References: <52DA95EF-6A04-460A-8EC2-5930B2678D0F@microsoft.com>

<YT3qobtOIHA.6908@TK2MSFTNGHUB02.phx.gbl>

<3gkjFtIPIHA.5204@TK2MSFTNGHUB02.phx.gbl>

| Subject: RE: Lost all security permissions.

| Date: Tue, 18 Dec 2007 08:19:05 -0800

| Lines: 162

| Message-ID: <F06F6785-ADBF-4C46-9BDB-2B0102A80CD1@microsoft.com>

| MIME-Version: 1.0

| Content-Type: text/plain;

| charset="Utf-8"

| Content-Transfer-Encoding: 8bit

| X-Newsreader: Microsoft CDO for Windows 2000

| Content-Class: urn:content-classes:message

| Importance: normal

| Priority: normal

| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992

| Newsgroups: microsoft.public.windows.server.general

| Path: TK2MSFTNGHUB02.phx.gbl

| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.general:28918

| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149

| X-Tomcat-NG: microsoft.public.windows.server.general

|

| Sorry, forgot to put the fix.

|

| Your script went thru fine, no errors, but it didn't fix the problem

| What I found is, if I go to take ownership of the main folder and take

| ownership to admin, then close it and open it. Then propagate ownerships

| down, it resets ownerships to all folders down below.

| Then I had to do same thing for “system�account and give it full

access,

| and then propagate.

| After all above every folder and file got back all permissions and I was

| able to access them.

|

|

| ""Ken Zhao [MSFT]"" wrote:

|

| > Hi Eli,

| >

| > I am just writing to see how everything is going. If you have any

updates

| > or need any further assistance on this issue, please feel free to let

me

| > know.

| >

| > Thanks & Regards,

| >

| > Ken Zhao

| >

| > Microsoft Online Support

| > Microsoft Global Technical Support Center

| >

| > Get Secure! - http://www.microsoft.com/security

<http://www.microsoft.com/security>

| > ====================================================

| > When responding to posts, please "Reply to Group" via your newsreader

so

| > that others may learn and benefit from your issue.

| > ====================================================

| > This posting is provided "AS IS" with no warranties, and confers no

rights.

| >

| >

| >

| >

| > --------------------

| > | X-Tomcat-ID: 19044760

| > | References: <52DA95EF-6A04-460A-8EC2-5930B2678D0F@microsoft.com>

| > | MIME-Version: 1.0

| > | Content-Type: text/plain

| > | Content-Transfer-Encoding: 7bit

| > | From: v-kzhao@online.microsoft.com ("Ken Zhao [MSFT]")

| > | Organization: Microsoft

| > | Date: Mon, 10 Dec 2007 02:46:29 GMT

| > | Subject: RE: Lost all security permissions.

| > | X-Tomcat-NG: microsoft.public.windows.server.general

| > | Message-ID: <YT3qobtOIHA.6908@TK2MSFTNGHUB02.phx.gbl>

| > | Newsgroups: microsoft.public.windows.server.general

| > | Lines: 85

| > | Path: TK2MSFTNGHUB02.phx.gbl

| > | Xref: TK2MSFTNGHUB02.phx.gbl

microsoft.public.windows.server.general:28341

| > | NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182

| > |

| > | Hello Eli,

| > |

| > | Thank you for using newsgroup!

| > |

| > | From your post, I want to provide a tool to reset the permission of

the

| > | whole registry.

| > |

| > | SubInAcl.

| > |

| > | 1. Download and install subinacl from:

| > |

| >

<http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91

| > | -93cf-ed6985e3927b&displaylang=en>

| > |

| > | 2. Create a file named reset.cmd in C:\Program Files\Windows Resource

| > | Kits\Tools folder.

| > |

| > | 3. Edit the reset.cmd file with the following content.

| > |

| > | subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f

| > | subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f

| > | subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f

| > | subinacl /subdirectories %SystemDrive% /grant=administrators=f

| > |

| > | subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f

| > | subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f

| > | subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f

| > | subinacl /subdirectories %SystemDrive% /grant=system=f

| > |

| > | 4. Enter into CMD prompt.

| > |

| > | 5. Enter the following commands one at a time and click Enter.

| > |

| > | cd\

| > | cd "C:\Program Files\Windows Resource Kits\Tools"

| > | reset.cmd

| > |

| > | 6. After a few minutes by processing subinacl, please test the

problem

| > | again.

| > |

| > | Thanks & Regards,

| > |

| > | Ken Zhao

| > |

| > | Microsoft Online Support

| > | Microsoft Global Technical Support Center

| > |

| > | Get Secure! - http://www.microsoft.com/security

| > <http://www.microsoft.com/security>

| > | ====================================================

| > | When responding to posts, please "Reply to Group" via your newsreader

so

| > | that others may learn and benefit from your issue.

| > | ====================================================

| > | This posting is provided "AS IS" with no warranties, and confers no

| > rights.

| > |

| > |

| > |

| > |

| > | --------------------

| > | | Thread-Topic: Lost all security permissions.

| > | | thread-index: Acg6N9I9OSM2OtpwT9e+FKgxQj/pRA==

| > | | X-WBNR-Posting-Host: 207.46.19.168

| > | | From: =?Utf-8?B?RWxp?= <eli@newsgroup.nospam>

| > | | Subject: Lost all security permissions.

| > | | Date: Sat, 8 Dec 2007 23:48:00 -0800

| > | | Lines: 13

| > | | Message-ID: <52DA95EF-6A04-460A-8EC2-5930B2678D0F@microsoft.com>

| > | | MIME-Version: 1.0

| > | | Content-Type: text/plain;

| > | | charset="Utf-8"

| > | | Content-Transfer-Encoding: 8bit

| > | | X-Newsreader: Microsoft CDO for Windows 2000

| > | | Content-Class: urn:content-classes:message

| > | | Importance: normal

| > | | Priority: normal

| > | | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992

| > | | Newsgroups: microsoft.public.windows.server.general

| > | | Path: TK2MSFTNGHUB02.phx.gbl

| > | | Xref: TK2MSFTNGHUB02.phx.gbl

| > microsoft.public.windows.server.general:28308

| > | | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148

| > | | X-Tomcat-NG: microsoft.public.windows.server.general

| > | |

| > | | Need help with file security permissions.

| > | | There are a lot of files that for some unknown reason lost all

| > | permissions

| > | | info.

| > | | If I try to open or copy them I get access denied error.

| > | | Using cacls command doesn’t help â�denied.

| > | | If I go to security tab there are no permissions set. I have to

take

| > | over

| > | | ownership of the file, apply and then close it. Then open security

tab

| > | again

| > | | and add “systemâ�account full access, then apply. After

that I can

| > | see all

| > | | the permissions that were supposed to be there originally.

| > | | There are about 5000 files like that spread out around 100s of

| > different

| > | | folders with different hierarchy.

| > | | Anyone know why it could of happen and how to fix it?

| > | |

| > | |

| > |

| > |

| >

| >

|

 Share
Go to topic listing
×
×
  • Create New...