Well, so here’s my explanation on how I got all my permissions on C: messed
up.
I had both Windows XP SP3 and OpenSuse installed on this 250 GB hard drive.
About a week ago I decided to uninstall OpenSuse. For that I simply booted a
Gparted (partition software) live CD, deleted all the Linux partitions and
extended the Windows NTFS partition to 100% of the hard drive.
My next step would be to boot up the Windows installation CD, call the
recovery console and run FIXMBR. Then I would reboot normally (without the
CD) and let CHKDSK do all the rest. I know it works because I’ve done that to
uninstall Linux distros on other PCs successfully.
But I couldn’t use the recovery console because I couldn’t get the
Administrator password right! Very frustrating. I am not sure, but I think
that would be because I had the Administrator account DISABLED (although the
message I got was something about wrong password). I got desperate.
Then I used an Ubuntu live CD to boot up the machine so I could look for
some solution on the web. I found a program that allegedly could fix the MBR
without a Windows Administrator password. So I used it, rebooted. That didn’t
work. I tried the recovery console again, and this time it didn’t ask me for
a password – probably due to that program. I ran FIXMBR, rebooted. No way.
Recovery console again, FIXBOOT, reboot. No way.
I don’t remember exactly how those reboot sequences occurred, but in the end
I got a partition set as FAT16. If I am not wrong, FIXMBR has done that
because it couldn’t identify the file system used or something. I also got a
partition table error.
I got VERY desperate. Booted up Ubuntu live CD again. Fdisk identified the
partition as NTFS, while Gparted told me it was FAT16. I was completely lost.
I knew my data was there, no file system conversion had been made, so it was
truly NTFS, just set/flagged/whatever as FAT16. So I started looking for some
way to change the partition table and set the partition to NTFS.
Browsing the web, I found this wonderful program called TestDisk. It let me
recover deleted partitions, writing a new partition table in the end. Also I
could write my very own partition table. Well, I just recovered a deleted
partition (probably from the back up before I tried to fix the MBR, or even
from before the installation of OpenSuse) – so my new partition table had the
entire drive as NTFS (the Linux partitions had been already formatted using
Gparted, in case you forgot it).
I rebooted again, and surprisingly Windows XP started (I thought I would
have to try the recovery console again or something). But, before loading the
desktop, it automatically ran CHKDSK.
And I think my Windows security descriptors or something got really messed
up at that point.
....
It was probably the longest CHKDSK I’ve ever seen. Soon I realized I was in
trouble, because CHKDSK is usually fast when I uninstall Linux on other PCs
and use FIXMBR.
So I got something like this (I will try to translate, since my Windows is
in Brazilian Portuguese – I am Brazilian):
Cleaning up minor inconsistencies on the drive.
The hash value 0x433ffdfe from the security descriptor entry with Id 0x105
at offset 0x2f0 is invalid. The correct value is 0xe4e4759.
Repairing an index entry with Id 261 from index $SII of file 9.
Inserting an index entry with Id 261 from index $SDH of file9.
The security data stream entry at offset 0x420 with length 0x3a2b005d
crosses the page boundary.
Repairing the security file record segment.
Deleting an index entry with Id 263 from index $SII of file 9.
Deleting an index entry with Id 264 from index $SII of file 9.
Deleting an index entry with Id 265 from index $SII of file 9.
Deleting an index entry with Id 266 from index $SII of file 9.
....
Deleting an index entry with Id 488 from index $SII of file 9.
Deleting an index entry with Id 489 from index $SII of file 9.
Deleting an index entry with Id 490 from inde
It went like that until the end. The event log stops there, probably because
it couldn’t handle all that data.
When CHKDSK finished, Windows took forever to show the desktop. I realized
everything was so weird, I couldn’t copy and paste, the Windows key didn’t
work, the Taskbar didn’t show the open applications etc. Then I realized the
Remote Procedure Call (RPC) wasn’t running! The PC was almost unusable.
To make it usable (I work at my home so I needed to do this), I ran the
Registry Editor and, on
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs I’ve changed the
ObjectName value from NT AUTHORITY\\NetworkService to LocalSystem. That
allowed me to run the RPC.
When I try to run a service set to log on as Network Service or Local
Service, I got a message box with “Error 5: Access is deniedâ€. On the Events
Viewer, I got errors such as these:
1. Application, source Userenv, ID 1500, user NT AUTHORITY\NETWORK SERVICE
Windows cannot log you on because your profile cannot be loaded. Check that
you are connected to the network, or that your network is functioning
correctly. If this problem persists, contact your network administrator.
Details: Access is denied
2. System, source Service Control Manager, ID 7000, user N/A
The RPC service failed to start due to the following error: Access is denied.
3. System, source Service Control Manager, ID 7005, user N/A
The LoadUserProfile call failed with the following error: Access is denied.
On each boot, I got lots of errors s on the events log. Most (if not all) of
them have Service Control Manager, DCOM or Userenv as sources and “Access is
denied†in its description.
So basically it seems that I can’t run anything as Network Service or Local
Service. The answer will always be “Access is deniedâ€. I am not sure, but it
looks logical to me that it has something to do with the messed up
permissions on C:. If I solve that, I expect everything to run smoothly
again, but I can be wrong.
And that’s pretty much where I am right now. Almost every folder on root
(C:\), including WINDOWS, DOCUMENTS AND SETTINGS and SYSTEM VOLUME
INFORMATION, had its permissions erased. When I right-click on one of them
and check Properties, Security tab, only Administrators and SYSTEM are
listed, and they both have ALL the permission check boxes UNCHECKED. They are
all blank! That probably happened after that long CHKDSK. My registry
permissions probably got messed up as well, but I don’t know how to check it.
(If I remember correctly, I had to change the permissions before editing that
key to run RPC under LocalSystem.)
Well, thank you all who read my long story. I appreciate your help.
Again, thanks in advance.
