Sensible W2K NTFS permissions

[jjjdavidson]

Windows 2000 NTFS: Is there something hidden somewhere
that controls how permissions are assigned to new files?
I've read up on NTFS permissions and ACL inheritance, and
I'm apparently missing something.

Part of the time (with no pattern I've yet identified)
permissions on new files and edited files are being set
incorrectly. Instead of inheriting permissions from the
parent folder, they are getting an ACL that just contains
[CreatingUsername]:F and NT AUTHORITY\SYSTEM:F (whatever
that is).

System updates by ADMINISTRATOR are sometimes being left
unreadable by ordinary users; just today I had to manually
reset permissions on the entire C:\WINNT and C:\PROGRAM
FILES directories because Internet Explorer would only
work right for an administrator.

Also today, I discovered that the ACL for C:\RECYCLER did
NOT include any user access at all; when I deleted files
from drive C: they did not go into my Recycle Bin.

Is there some system setting that controls whether new
files or edited files inherit permissions from the parent
folder?

Also, is there some utility that can search for (and
update) files with a specific ACL? (Sort of a super-
XCACLS?)

Finally, just what is the normal ACL for system files, the
files that every user needs for Windows 2000 to run
correctly?

 

[Joe Griffin [MSFT]]

How many files are on this partition?
What happens when you run chkdsk on this partition? Any errors?
Do not run chkdsk in read only mode. Use the /F switch to fix errors.
Joe Griffin [MS]
Windows 2000 Server Setup Team

 

[jjjdavidson]

It's my system drive, so I had to do a restart. Here's
the result from the Application Log:

Checking file system on C:
The type of the file system is NTFS.
Volume label is System.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up 192 unused index entries from index $SII of
file 0x9.
Cleaning up 192 unused index entries from index $SDH of
file 0x9.
Cleaning up 192 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

20482843 KB total disk space.
3566180 KB in 53661 files.
16724 KB in 1731 indexes.
0 KB in bad sectors.
131411 KB in use by the system.
65536 KB occupied by the log file.
16768528 KB available on disk.

4096 bytes in each allocation unit.
5120710 total allocation units on disk.
4192132 allocation units available on disk.

Does this answer any questions? Are those "unused
security descriptors" something bad?

-----Original Message-----
How many files are on this partition?
What happens when you run chkdsk on this partition? Any errors?
Do not run chkdsk in read only mode. Use the /F switch to fix errors.
Joe Griffin [MS]
Windows 2000 Server Setup Team

confers no rights.

 

[Joe Griffin [MSFT]]

Review this article:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;831375

Call support and ask for hotfix 831375.

Joe Griffin [MS]

 

[Guest]

Unlike KB 831375, our system has never had very many files
on it; I doubt the system drive has ever had more than
100,000 files. (Presumably the master file table has
never come close to 4GB in size either.)

To go back to a couple of my original questions:

What should the ACL for most public system files be (since
I've had to manually reset several key folders)?

Is there some tool that will search for files that have a
particular ACL (or that lack it)?

Thanks!

-----Original Message-----
Review this article:

http://support.microsoft.com/default.aspx?scid=KB;EN- US;831375

Call support and ask for hotfix 831375.

Joe Griffin [MS]

confers no rights.

 

[Joe Griffin [MSFT]]

You still need the hotfix I mentioned. Otherwise, you will continue to have this issue even after you fix everything.
As far as fixing the ACL, I believe there is a template that is used for that. The Active Directory group is familiar with how to fix the ACL. I believe they use
secedit. This is an article you may want to refer to.

http://support.microsoft.com/default.aspx?scid=KB;EN-US;834424

Joe Griffin [MS]
Server Setup Team