Microsoft
Software
Hardware
Network
Question : Server 2008 R2 DC File Permissions
Hi,
I am building a Server 2008 R2 domain controller (custom build with select computer components) and was making pretty good progress. OS, hardware, drivers, Active Directory, Certificate of Authority, DHCP, DNS, WINS, Print Management, some patches, and a couple apps were installed and configured. She was bluescreening routinely and I finally traced it down to one bad DIMM out of four (quality Corsair memory no doubt !). I probably suffered 8-12 bluescreens before finally tracing the issue. No file fragments or orphaned files or anything similar. File structure is good.
After replacing the bad dimm there were no further bluescreens and everything seemed solid. Then one day I installed a couple more updates and rebooted upon which chkdsk wanted to do a consistency check. It then did the "replacing invalid security id with default security id for file number" for thousands of files. This has never happened to me in my career. I would then boot up to a black screen with only the mouse working and nothing else.
After some troubleshooting I finally pulled out my trusty older Winternals CD and changed the file permissions on all files to Everyone for Full Control. It probably uses xcalcs. I added the System account at Full Control as well. This worked. I booted up and it is once again working.
However, I know that this is not what Microsoft intended so I want to restore the default NTFS file permissions as well as anything else that should be restored back to the default. I am trying to get some ideas on the best way to do this ? Secedit and import certain security templates ?
Should I also disable chkdsk from future consistency checks ? This sounds like a bug that was present until Server 2003 SP2.
One thing I notice is that I have a GPO that automatic updates is supposed to work only for admins not domain users and it does not appear to work for anyone right now. Thank you !
Answer : Server 2008 R2 DC File Permissions
If you have a backup of the files youc an restore the security data but without a backup then you will not be able too.
On the system files you can run sfc /scannow.
Random Solutions
Programmatic Access Security (Outlook 2007)
Windows 2003/2008 NTFS permissions
Access request header in C#
Looking for a simple reversible cryptogtaphic algorithm to code / decode a string of 6-10 digits
Adding Configurations via ASDM
VBA Code
What is the "terminal services profile" tab for?
i want the iframe to be the height of the text in the iframe
Remove the last Exchange 2000 server from a 2007 Domain
DNS config between different domain trees in forest