HELP: sorts out & cleans up NTFS security permissions

[Andrew Wan]

I used SysInternal's AccessEnum and found it quite useful for Windows 2003
Server admin work, but laborious.

I have 2 HDs, C:\ & D:\. What if another admin played about with the NTFS
security permissions of C:\? Is there a "revert back to system defaults"
option? Currently the only way I see is to install Windows 2003 Server on
another PC and compare NTFS security permissions on all files/folders in
C:\.

As for D:\ I have been trying to setup NTFS security permissions. But I like
to revert back to defaults. Is it safe to select all root folders and in
Advanced Security Settings tick both the "Inherit from parent..." & "Replace
permission entries...". I notice generally that normal (non-system) folders
inherit the root drive (C:\, D:\) permissions.

Administrators (group)
CREATOR OWNER
Everyone
SYSTEM
Users (group)



Or does anyone know a better tool than AccessEnum which sorts out & cleans
up NTFS security permissions?

 

[Mark L. Ferguson]

HOW TO Reset Security Settings Back to the Defaults:
http://support.microsoft.com/default.aspx?scid=kb;en-us;313222

After you do this, watch your event viewer. You may get file corruption
errors on whatever was causing your security problems.

 

[Enkidu]

I used SysInternal's AccessEnum and found it quite useful for Windows 2003
Server admin work, but laborious.

I have 2 HDs, C:\ & D:\. What if another admin played about with the NTFS
security permissions of C:\? Is there a "revert back to system defaults"
option? Currently the only way I see is to install Windows 2003 Server on
another PC and compare NTFS security permissions on all files/folders in
C:\.

As for D:\ I have been trying to setup NTFS security permissions. But I like
to revert back to defaults. Is it safe to select all root folders and in
Advanced Security Settings tick both the "Inherit from parent..." & "Replace
permission entries...". I notice generally that normal (non-system) folders
inherit the root drive (C:\, D:\) permissions.

Administrators (group)
CREATOR OWNER
Everyone
SYSTEM
Users (group)

Or does anyone know a better tool than AccessEnum which sorts out & cleans
up NTFS security permissions?

Do you suspect that someone has or is likely to change all your C: drive
permissions? In more years than I care to remember looking after NTFS
systems, I've never had to fiddle with the default permissions on the C:.

Yes, you would have problems if someone DID change all the permissions,
but the likelihood of that is very, very, small.

I've only ever used the standard tools.

Cheers,

Cliff

 

[Guest]

The most useful tool that I have found for NTFS file maintenance is Security
Explorer - as it allows a GUI which is far easier to view and change
permissions than the typical NTFS GUI. It also has a batch file mechanism for
applying permissions selectively. The GUI seems to work more quickly than the
regular Security tab interface.