Fixing up messed up permissions on C:

Hello,

I have Windows XP Professional SP3, and I just found out almost all my
permissions on C: got messed up.

I would like to know if there is some way to easily change them all. (I
suppose it’s impossible to recover their original state.)

I am considering using the method “Reset the registry and the file
permissions” under “Advanced troubleshooting” described at
http://support.microsoft.com/kb/949377/en-us. Basically, using Subinacl.exe
to change them all. Would it be the easier and most correct way to solve my
problem? Would there be any other/better way to do that?

I am not trying to install Service Pack 3, I already got it installed, I
just want to use that method to fix my permissions up in some way.

So basically that’s my problem. On my next post I’ll try to explain how and
why I got the permissions messed up, just in case the information may be
useful.

Thanks in advance.

Well, so here’s my explanation on how I got all my permissions on C: messed
up.

I had both Windows XP SP3 and OpenSuse installed on this 250 GB hard drive.
About a week ago I decided to uninstall OpenSuse. For that I simply booted a
Gparted (partition software) live CD, deleted all the Linux partitions and
extended the Windows NTFS partition to 100% of the hard drive.

My next step would be to boot up the Windows installation CD, call the
recovery console and run FIXMBR. Then I would reboot normally (without the
CD) and let CHKDSK do all the rest. I know it works because I’ve done that to
uninstall Linux distros on other PCs successfully.

But I couldn’t use the recovery console because I couldn’t get the
Administrator password right! Very frustrating. I am not sure, but I think
that would be because I had the Administrator account DISABLED (although the
message I got was something about wrong password). I got desperate.

Then I used an Ubuntu live CD to boot up the machine so I could look for
some solution on the web. I found a program that allegedly could fix the MBR
without a Windows Administrator password. So I used it, rebooted. That didn’t
work. I tried the recovery console again, and this time it didn’t ask me for
a password – probably due to that program. I ran FIXMBR, rebooted. No way.
Recovery console again, FIXBOOT, reboot. No way.

I don’t remember exactly how those reboot sequences occurred, but in the end
I got a partition set as FAT16. If I am not wrong, FIXMBR has done that
because it couldn’t identify the file system used or something. I also got a
partition table error.
I got VERY desperate. Booted up Ubuntu live CD again. Fdisk identified the
partition as NTFS, while Gparted told me it was FAT16. I was completely lost.
I knew my data was there, no file system conversion had been made, so it was
truly NTFS, just set/flagged/whatever as FAT16. So I started looking for some
way to change the partition table and set the partition to NTFS.

Browsing the web, I found this wonderful program called TestDisk. It let me
recover deleted partitions, writing a new partition table in the end. Also I
could write my very own partition table. Well, I just recovered a deleted
partition (probably from the back up before I tried to fix the MBR, or even
from before the installation of OpenSuse) – so my new partition table had the
entire drive as NTFS (the Linux partitions had been already formatted using
Gparted, in case you forgot it).

I rebooted again, and surprisingly Windows XP started (I thought I would
have to try the recovery console again or something). But, before loading the
desktop, it automatically ran CHKDSK.

And I think my Windows security descriptors or something got really messed
up at that point.

....

It was probably the longest CHKDSK I’ve ever seen. Soon I realized I was in
trouble, because CHKDSK is usually fast when I uninstall Linux on other PCs
and use FIXMBR.

So I got something like this (I will try to translate, since my Windows is
in Brazilian Portuguese – I am Brazilian):

Cleaning up minor inconsistencies on the drive.
The hash value 0x433ffdfe from the security descriptor entry with Id 0x105
at offset 0x2f0 is invalid. The correct value is 0xe4e4759.
Repairing an index entry with Id 261 from index $SII of file 9.
Inserting an index entry with Id 261 from index $SDH of file9.
The security data stream entry at offset 0x420 with length 0x3a2b005d
crosses the page boundary.
Repairing the security file record segment.
Deleting an index entry with Id 263 from index $SII of file 9.
Deleting an index entry with Id 264 from index $SII of file 9.
Deleting an index entry with Id 265 from index $SII of file 9.
Deleting an index entry with Id 266 from index $SII of file 9.
....
Deleting an index entry with Id 488 from index $SII of file 9.
Deleting an index entry with Id 489 from index $SII of file 9.
Deleting an index entry with Id 490 from inde

It went like that until the end. The event log stops there, probably because
it couldn’t handle all that data.

When CHKDSK finished, Windows took forever to show the desktop. I realized
everything was so weird, I couldn’t copy and paste, the Windows key didn’t
work, the Taskbar didn’t show the open applications etc. Then I realized the
Remote Procedure Call (RPC) wasn’t running! The PC was almost unusable.

To make it usable (I work at my home so I needed to do this), I ran the
Registry Editor and, on
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs I’ve changed the
ObjectName value from NT AUTHORITY\\NetworkService to LocalSystem. That
allowed me to run the RPC.

When I try to run a service set to log on as Network Service or Local
Service, I got a message box with “Error 5: Access is denied”. On the Events
Viewer, I got errors such as these:

1. Application, source Userenv, ID 1500, user NT AUTHORITY\NETWORK SERVICE
Windows cannot log you on because your profile cannot be loaded. Check that
you are connected to the network, or that your network is functioning
correctly. If this problem persists, contact your network administrator.
Details: Access is denied

2. System, source Service Control Manager, ID 7000, user N/A
The RPC service failed to start due to the following error: Access is denied.

3. System, source Service Control Manager, ID 7005, user N/A
The LoadUserProfile call failed with the following error: Access is denied.

On each boot, I got lots of errors s on the events log. Most (if not all) of
them have Service Control Manager, DCOM or Userenv as sources and “Access is
denied” in its description.

So basically it seems that I can’t run anything as Network Service or Local
Service. The answer will always be “Access is denied”. I am not sure, but it
looks logical to me that it has something to do with the messed up
permissions on C:. If I solve that, I expect everything to run smoothly
again, but I can be wrong.

And that’s pretty much where I am right now. Almost every folder on root
(C:\), including WINDOWS, DOCUMENTS AND SETTINGS and SYSTEM VOLUME
INFORMATION, had its permissions erased. When I right-click on one of them
and check Properties, Security tab, only Administrators and SYSTEM are
listed, and they both have ALL the permission check boxes UNCHECKED. They are
all blank! That probably happened after that long CHKDSK. My registry
permissions probably got messed up as well, but I don’t know how to check it.
(If I remember correctly, I had to change the permissions before editing that
key to run RPC under LocalSystem.)

Well, thank you all who read my long story. I appreciate your help.

Again, thanks in advance.

See below.

"emmer" <emmer@discussions.microsoft.com> wrote in message
news:BE9C6A28-5EF5-45DB-9269-6982EC067298@microsoft.com...
>
> Well, so here's my explanation on how I got all my permissions on C:
> messed
> up.
>
> I had both Windows XP SP3 and OpenSuse installed on this 250 GB hard
> drive.
> About a week ago I decided to uninstall OpenSuse. For that I simply booted
> a
> Gparted (partition software) live CD, deleted all the Linux partitions and
> extended the Windows NTFS partition to 100% of the hard drive.
>
> My next step would be to boot up the Windows installation CD, call the
> recovery console and run FIXMBR. Then I would reboot normally (without the
> CD) and let CHKDSK do all the rest. I know it works because I've done that
> to
> uninstall Linux distros on other PCs successfully.
>
> But I couldn't use the recovery console because I couldn't get the
> Administrator password right! Very frustrating. I am not sure, but I think
> that would be because I had the Administrator account DISABLED (although
> the
> message I got was something about wrong password). I got desperate.

I'm surprised to read that a person with your extensive period stoops to use
the rather limited Recovery Console. Have you given any consideration to
creating a universal boot CD such as a Bart PE boot CD?

> Then I used an Ubuntu live CD to boot up the machine so I could look for
> some solution on the web. I found a program that allegedly could fix the
> MBR
> without a Windows Administrator password.

Restoring a Windows-compatible MBR is child's play. Boot the machine with a
Win98 boot diskette/CD (www.bootdisk.com), then run this command:
fdisk /mbr
There is no need for any password.

> So I used it, rebooted. That didn't
> work. I tried the recovery console again, and this time it didn't ask me
> for
> a password - probably due to that program. I ran FIXMBR, rebooted. No way.
> Recovery console again, FIXBOOT, reboot. No way.

Would you care to elaborate on the meaning of "no way"?

> I don't remember exactly how those reboot sequences occurred, but in the
> end
> I got a partition set as FAT16. If I am not wrong, FIXMBR has done that
> because it couldn't identify the file system used or something. I also got
> a
> partition table error.

FAT16 is bad news. Fixmbr did not do it but something else did. It suggests
that your partition table (not the Master Boot Record) is corrupted.

> I got VERY desperate. Booted up Ubuntu live CD again. Fdisk identified the
> partition as NTFS, while Gparted told me it was FAT16. I was completely
> lost.
> I knew my data was there, no file system conversion had been made, so it
> was
> truly NTFS, just set/flagged/whatever as FAT16. So I started looking for
> some
> way to change the partition table and set the partition to NTFS.

ptedit (ftp://ftp.symantec.com/public/englis.../pq/utilities/)
would be another tool to edit partition tables.

> Browsing the web, I found this wonderful program called TestDisk. It let
> me
> recover deleted partitions, writing a new partition table in the end. Also
> I
> could write my very own partition table. Well, I just recovered a deleted
> partition (probably from the back up before I tried to fix the MBR, or
> even
> from before the installation of OpenSuse) - so my new partition table had
> the
> entire drive as NTFS (the Linux partitions had been already formatted
> using
> Gparted, in case you forgot it).
>
> I rebooted again, and surprisingly Windows XP started (I thought I would
> have to try the recovery console again or something). But, before loading
> the
> desktop, it automatically ran CHKDSK.
>
> And I think my Windows security descriptors or something got really messed
> up at that point.
>
> It was probably the longest CHKDSK I've ever seen. Soon I realized I was
> in
> trouble, because CHKDSK is usually fast when I uninstall Linux on other
> PCs
> and use FIXMBR.

Chkdsk and fixmbr are not related to each other in any way. Fixmbr modifies
the Master Boot Record, which is completely outside the file system. Chkdsk
attemps to fix the file system.

> So I got something like this (I will try to translate, since my Windows is
> in Brazilian Portuguese - I am Brazilian):
>
> Cleaning up minor inconsistencies on the drive.
> The hash value 0x433ffdfe from the security descriptor entry with Id 0x105
> at offset 0x2f0 is invalid. The correct value is 0xe4e4759.
> Repairing an index entry with Id 261 from index $SII of file 9.
> Inserting an index entry with Id 261 from index $SDH of file9.
> The security data stream entry at offset 0x420 with length 0x3a2b005d
> crosses the page boundary.
> Repairing the security file record segment.
> Deleting an index entry with Id 263 from index $SII of file 9.
> Deleting an index entry with Id 264 from index $SII of file 9.
> Deleting an index entry with Id 265 from index $SII of file 9.
> Deleting an index entry with Id 266 from index $SII of file 9.
> ...
> Deleting an index entry with Id 488 from index $SII of file 9.
> Deleting an index entry with Id 489 from index $SII of file 9.
> Deleting an index entry with Id 490 from inde
>
> It went like that until the end. The event log stops there, probably
> because
> it couldn't handle all that data.
>
> When CHKDSK finished, Windows took forever to show the desktop. I realized
> everything was so weird, I couldn't copy and paste, the Windows key didn't
> work, the Taskbar didn't show the open applications etc. Then I realized
> the
> Remote Procedure Call (RPC) wasn't running! The PC was almost unusable.
>
> To make it usable (I work at my home so I needed to do this), I ran the
> Registry Editor and, on
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs I've changed
> the
> ObjectName value from NT AUTHORITY\\NetworkService to LocalSystem. That
> allowed me to run the RPC.
>
> When I try to run a service set to log on as Network Service or Local
> Service, I got a message box with "Error 5: Access is denied". On the
> Events
> Viewer, I got errors such as these:
>
> 1. Application, source Userenv, ID 1500, user NT AUTHORITY\NETWORK SERVICE
> Windows cannot log you on because your profile cannot be loaded. Check
> that
> you are connected to the network, or that your network is functioning
> correctly. If this problem persists, contact your network administrator.
> Details: Access is denied
>
> 2. System, source Service Control Manager, ID 7000, user N/A
> The RPC service failed to start due to the following error: Access is
> denied.
>
> 3. System, source Service Control Manager, ID 7005, user N/A
> The LoadUserProfile call failed with the following error: Access is
> denied.
>
> On each boot, I got lots of errors s on the events log. Most (if not all)
> of
> them have Service Control Manager, DCOM or Userenv as sources and "Access
> is
> denied" in its description.
>
> So basically it seems that I can't run anything as Network Service or
> Local
> Service. The answer will always be "Access is denied". I am not sure, but
> it
> looks logical to me that it has something to do with the messed up
> permissions on C:. If I solve that, I expect everything to run smoothly
> again, but I can be wrong.
>
> And that's pretty much where I am right now. Almost every folder on root
> (C:\), including WINDOWS, DOCUMENTS AND SETTINGS and SYSTEM VOLUME
> INFORMATION, had its permissions erased. When I right-click on one of them
> and check Properties, Security tab, only Administrators and SYSTEM are
> listed, and they both have ALL the permission check boxes UNCHECKED. They
> are
> all blank! That probably happened after that long CHKDSK. My registry
> permissions probably got messed up as well, but I don't know how to check
> it.
> (If I remember correctly, I had to change the permissions before editing
> that
> key to run RPC under LocalSystem.)
>
> Well, thank you all who read my long story. I appreciate your help.
>
> Again, thanks in advance.
>

In my humble opinion your installation has been so badly messed up that you
would save yourself a lot of time by just reloading it from scratch.

"emmer" <emmer@discussions.microsoft.com> wrote in message
news:E2090232-3819-4812-817D-E89BB5188260@microsoft.com...
> Hello,
>
> I have Windows XP Professional SP3, and I just found out almost all my
> permissions on C: got messed up.
>
> I would like to know if there is some way to easily change them all. (I
> suppose it's impossible to recover their original state.)
>
> I am considering using the method "Reset the registry and the file
> permissions" under "Advanced troubleshooting" described at
> http://support.microsoft.com/kb/949377/en-us. Basically, using
> Subinacl.exe
> to change them all. Would it be the easier and most correct way to solve
> my
> problem? Would there be any other/better way to do that?
>
> I am not trying to install Service Pack 3, I already got it installed, I
> just want to use that method to fix my permissions up in some way.
>
> So basically that's my problem. On my next post I'll try to explain how
> and
> why I got the permissions messed up, just in case the information may be
> useful.
>
> Thanks in advance.
>

Log on as Admministrator, then use Windows Explorer to seize ownership of
all files and folders. As a next step you must grant full access rights to
all folders for the System account and the Administrators group. Lastly you
need to give "Everyone" appropriate access rights.

Repair file and registry permissions automatically:

Dial-a-fix 0.60.0.24 336 KB (Freeware)
Info: http://wiki.djlizard.net/Dial-a-fix#...C_and_articles
Download: http://djlizard.net.nyud.net:8080/so...v0.60.0.24.zip

Click the "Tools" button at the bottom that looks like a hammer
and select "Repair permissions" then press the "Go" button.


ju.c


"emmer" <emmer@discussions.microsoft.com> wrote in message news:E2090232-3819-4812-817D-E89BB5188260@microsoft.com...
> Hello,
>
> I have Windows XP Professional SP3, and I just found out almost all my
> permissions on C: got messed up.
>
> I would like to know if there is some way to easily change them all. (I
> suppose it’s impossible to recover their original state.)
>
> I am considering using the method “Reset the registry and the file
> permissions” under “Advanced troubleshooting” described at
> http://support.microsoft.com/kb/949377/en-us. Basically, using Subinacl.exe
> to change them all. Would it be the easier and most correct way to solve my
> problem? Would there be any other/better way to do that?
>
> I am not trying to install Service Pack 3, I already got it installed, I
> just want to use that method to fix my permissions up in some way.
>
> So basically that’s my problem. On my next post I’ll try to explain how and
> why I got the permissions messed up, just in case the information may be
> useful.
>
> Thanks in advance.
>