Sign in with
Sign up | Sign in
Your question

2003 chkdsk

Last response: in Windows 2000/NT
Share
May 1, 2005 10:47:06 PM

Archived from groups: microsoft.public.win2000.file_system (More info?)

Hi,

This is actually a 2003 server, but I cant find the newsgroup.

I'm implementing a new file server, and have been sorting out the
permission for user directories, departments etc etc. I ran a checkdsk
on the volume, this ran, and replaced "invalid security id with default
security id" for about 600,000 files. What exactly does it determine as
"invalid security"? It was working fine until I ran check disk.
Obviously the default security is rather locked down, and denies all my
users from accessing their files. After a few hours of messing, I
eventually sorted it (that and I had a script to do half the work
anyway). The script just sets the owner of files in their user directory
(using subinacl), and gives them full control to anythgin in their user
directory. If its relevant I can copy the code.

I've just run another chkdsk (without /f!!) and its come up with a load
more "invalid security IDs".

what doesn't it like??

Does anyone know of any program that can 'back up' the security settings
on files so that if this happens again - presumably when i next chkdsk
/f, I can just restore them?

Thanks
Barry

More about : 2003 chkdsk

Anonymous
a b 8 Security
May 1, 2005 10:47:07 PM

Archived from groups: microsoft.public.win2000.file_system (More info?)

Hope this helps.

http://msdn.microsoft.com/library/default.asp?url=/libr...

You'll find them as;
public.windows.server.*


--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

"barry" wrote:
| Hi,
|
| This is actually a 2003 server, but I cant find the newsgroup.
|
| I'm implementing a new file server, and have been sorting out the
| permission for user directories, departments etc etc. I ran a checkdsk
| on the volume, this ran, and replaced "invalid security id with default
| security id" for about 600,000 files. What exactly does it determine as
| "invalid security"? It was working fine until I ran check disk.
| Obviously the default security is rather locked down, and denies all my
| users from accessing their files. After a few hours of messing, I
| eventually sorted it (that and I had a script to do half the work
| anyway). The script just sets the owner of files in their user directory
| (using subinacl), and gives them full control to anythgin in their user
| directory. If its relevant I can copy the code.
|
| I've just run another chkdsk (without /f!!) and its come up with a load
| more "invalid security IDs".
|
| what doesn't it like??
|
| Does anyone know of any program that can 'back up' the security settings
| on files so that if this happens again - presumably when i next chkdsk
| /f, I can just restore them?
|
| Thanks
| Barry
|
May 2, 2005 3:26:43 AM

Archived from groups: microsoft.public.win2000.file_system (More info?)

Dave Patrick wrote:
> Hope this helps.
>
> http://msdn.microsoft.com/library/default.asp?url=/libr...
>
> You'll find them as;
> public.windows.server.*
>
>

well, everytying works fine until the permissions get buggerd up by
chkdks. So I think I'll jsut not run it again!
Related resources
May 3, 2005 11:59:29 AM

Archived from groups: microsoft.public.win2000.file_system (More info?)

"Dave Patrick" <mail@Nospam.DSPatrick.com> wrote in message
news:uhPpWxoTFHA.2392@TK2MSFTNGP10.phx.gbl...
> Hope this helps.
>
> http://msdn.microsoft.com/library/default.asp?url=/libr...
>
> You'll find them as;
> public.windows.server.*
>

would forcing all permission down make it go away? Surely that should reset
all of the offending ones to soemthign that works. It would be nice if
chkdsk said which file had an incorrect security ID so that I could test
this theory out without having to do it to the entire drive...
Anonymous
a b 8 Security
May 3, 2005 11:59:30 AM

Archived from groups: microsoft.public.win2000.file_system (More info?)

It's looking like you're not alone in this.

http://groups.google.co.uk/groups?as_epq=invalid%20secu....*&as_drrb=b&as_mind=1&as_minm=1&as_miny=2000&as_maxd=31&as_maxm=12&as_maxy=2005&num=100&as_scoring=d&hl=en



--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

"BM" wrote:
| would forcing all permission down make it go away? Surely that should
reset
| all of the offending ones to soemthign that works. It would be nice if
| chkdsk said which file had an incorrect security ID so that I could test
| this theory out without having to do it to the entire drive...
|
|
May 3, 2005 6:26:59 PM

Archived from groups: microsoft.public.win2000.file_system (More info?)

yeah it looks like that. I'm not alone it seems, though no one has a
solution to it. Anyway, I plan to come in this weekend (hoorah), reboot the
server, and chkdsk the bugger a few times. I've backed up the security and
tested restoring it using setacl (quite a handy tool) so I'll give that a
whir after chkdsk.

Will check if its my script thats making a mess of it. Though I can't see
why or how. I'm assuming that there are no known issues with cacls and
subinacl?

I'll let you know!


"Dave Patrick" <mail@Nospam.DSPatrick.com> wrote in message
news:o o1fVY%23TFHA.2756@tk2msftngp13.phx.gbl...
> It's looking like you're not alone in this.
>
> http://groups.google.co.uk/groups?as_epq=invalid%20secu....*&as_drrb=b&as_mind=1&as_minm=1&as_miny=2000&as_maxd=31&as_maxm=12&as_maxy=2005&num=100&as_scoring=d&hl=en
>
>
>
> --
> Regards,
>
> Dave Patrick ....Please no email replies - reply in newsgroup.
> Microsoft Certified Professional
> Microsoft MVP [Windows]
> http://www.microsoft.com/protect
>
> "BM" wrote:
> | would forcing all permission down make it go away? Surely that should
> reset
> | all of the offending ones to soemthign that works. It would be nice if
> | chkdsk said which file had an incorrect security ID so that I could test
> | this theory out without having to do it to the entire drive...
> |
> |
>
>
May 7, 2005 7:03:30 PM

Archived from groups: microsoft.public.win2000.file_system (More info?)

barry wrote:
> Hi,
>
> This is actually a 2003 server, but I cant find the newsgroup.
>
> I'm implementing a new file server, and have been sorting out the
> permission for user directories, departments etc etc. I ran a checkdsk
> on the volume, this ran, and replaced "invalid security id with default
> security id" for about 600,000 files. What exactly does it determine as
> "invalid security"? It was working fine until I ran check disk.
> Obviously the default security is rather locked down, and denies all my
> users from accessing their files. After a few hours of messing, I
> eventually sorted it (that and I had a script to do half the work
> anyway). The script just sets the owner of files in their user directory
> (using subinacl), and gives them full control to anythgin in their user
> directory. If its relevant I can copy the code.
>
> I've just run another chkdsk (without /f!!) and its come up with a load
> more "invalid security IDs".
>
> what doesn't it like??
>
> Does anyone know of any program that can 'back up' the security settings
> on files so that if this happens again - presumably when i next chkdsk
> /f, I can just restore them?
>
> Thanks
> Barry
>


right, after mucho faffing around, I've come top the conclusion that its
the setowner switch of subinacl (version is 5.2.3790.1180). It worked
for the first few users (i cancelled my script and did a chkdsk). I then
did all of them and im getting the invalid security ID errors. Though
permissions look fine and its all workign nice.

Heres the script snippet. Theres a 5 second lag between each iteration.
Which incidentally isnt always long enough so that there's only one
subinacl running.

objShell.Run "cmd /c " &chr(34)& " subinacl.exe /subdirectories
E:\F_APPS\users\"&f1.name&"\*
/setowner="&f1.name&"@mynicedomain.com"&chr(34) &""

I even stopped the AV scanner as I thought this might be it. It wasnt.

Anyone any ideas?


I've now altered the script so as to not run more than one copy of
subinacl, on the off chance that makes a difference. Obviously now I've
gotta go back and chkdsk the server and mess around for a few hours
again sporting its permissions out. I can't be bothered as its saturday
and i need to buy some food :) 
!