Microsoft
Software
Hardware
Network
Question : Server 2008 R2 DC File Permissions
Hi,
I am building a Server 2008 R2 domain controller (custom build with select computer components) and was making pretty good progress. OS, hardware, drivers, Active Directory, Certificate of Authority, DHCP, DNS, WINS, Print Management, some patches, and a couple apps were installed and configured. She was bluescreening routinely and I finally traced it down to one bad DIMM out of four (quality Corsair memory no doubt !). I probably suffered 8-12 bluescreens before finally tracing the issue. No file fragments or orphaned files or anything similar. File structure is good.
After replacing the bad dimm there were no further bluescreens and everything seemed solid. Then one day I installed a couple more updates and rebooted upon which chkdsk wanted to do a consistency check. It then did the "replacing invalid security id with default security id for file number" for thousands of files. This has never happened to me in my career. I would then boot up to a black screen with only the mouse working and nothing else.
After some troubleshooting I finally pulled out my trusty older Winternals CD and changed the file permissions on all files to Everyone for Full Control. It probably uses xcalcs. I added the System account at Full Control as well. This worked. I booted up and it is once again working.
However, I know that this is not what Microsoft intended so I want to restore the default NTFS file permissions as well as anything else that should be restored back to the default. I am trying to get some ideas on the best way to do this ? Secedit and import certain security templates ?
Should I also disable chkdsk from future consistency checks ? This sounds like a bug that was present until Server 2003 SP2.
One thing I notice is that I have a GPO that automatic updates is supposed to work only for admins not domain users and it does not appear to work for anyone right now. Thank you !
Answer : Server 2008 R2 DC File Permissions
If you have a backup of the files youc an restore the security data but without a backup then you will not be able too.
On the system files you can run sfc /scannow.
Random Solutions
Fake Antivirus
ESXI Does not recognize SCSI Controller on DRS 301 Server
In Symantec Backup Exec 11d, how can I restore files that have been backed up to an alternate location?
MS Access 2003 ADP using 2 dependant combo boxes but getting error
Out of Office Assistant in Outlook 2007 does not show the Schedule window to select date for OOF
Add function to Zend framework for global use
Using ColdFusion Flash Forms to change group membership/moving data from one cfgrid to another.
Microsoft Access 2007 - Export Changing Db Data into Formated Excel Spreadsheet
Laptop wont boot from LAN to accept ghost image
SQL 2005 Update Multiple Records
