2003 chkdsk

Archived from groups: microsoft.public.win2000.file_system (More info?)

Hi,

This is actually a 2003 server, but I cant find the newsgroup.

I'm implementing a new file server, and have been sorting out the
permission for user directories, departments etc etc. I ran a checkdsk
on the volume, this ran, and replaced "invalid security id with default
security id" for about 600,000 files. What exactly does it determine as
"invalid security"? It was working fine until I ran check disk.
Obviously the default security is rather locked down, and denies all my
users from accessing their files. After a few hours of messing, I
eventually sorted it (that and I had a script to do half the work
anyway). The script just sets the owner of files in their user directory
(using subinacl), and gives them full control to anythgin in their user
directory. If its relevant I can copy the code.

I've just run another chkdsk (without /f!!) and its come up with a load
more "invalid security IDs".

what doesn't it like??

Does anyone know of any program that can 'back up' the security settings
on files so that if this happens again - presumably when i next chkdsk
/f, I can just restore them?

Thanks
Barry
6 answers Last reply
More about 2003 chkdsk
  1. Archived from groups: microsoft.public.win2000.file_system (More info?)

    Hope this helps.

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/w2kmsgs/2934.asp

    You'll find them as;
    public.windows.server.*


    --
    Regards,

    Dave Patrick ....Please no email replies - reply in newsgroup.
    Microsoft Certified Professional
    Microsoft MVP [Windows]
    http://www.microsoft.com/protect

    "barry" wrote:
    | Hi,
    |
    | This is actually a 2003 server, but I cant find the newsgroup.
    |
    | I'm implementing a new file server, and have been sorting out the
    | permission for user directories, departments etc etc. I ran a checkdsk
    | on the volume, this ran, and replaced "invalid security id with default
    | security id" for about 600,000 files. What exactly does it determine as
    | "invalid security"? It was working fine until I ran check disk.
    | Obviously the default security is rather locked down, and denies all my
    | users from accessing their files. After a few hours of messing, I
    | eventually sorted it (that and I had a script to do half the work
    | anyway). The script just sets the owner of files in their user directory
    | (using subinacl), and gives them full control to anythgin in their user
    | directory. If its relevant I can copy the code.
    |
    | I've just run another chkdsk (without /f!!) and its come up with a load
    | more "invalid security IDs".
    |
    | what doesn't it like??
    |
    | Does anyone know of any program that can 'back up' the security settings
    | on files so that if this happens again - presumably when i next chkdsk
    | /f, I can just restore them?
    |
    | Thanks
    | Barry
    |
  2. Archived from groups: microsoft.public.win2000.file_system (More info?)

    Dave Patrick wrote:
    > Hope this helps.
    >
    > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/w2kmsgs/2934.asp
    >
    > You'll find them as;
    > public.windows.server.*
    >
    >

    well, everytying works fine until the permissions get buggerd up by
    chkdks. So I think I'll jsut not run it again!
  3. Archived from groups: microsoft.public.win2000.file_system (More info?)

    "Dave Patrick" <mail@Nospam.DSPatrick.com> wrote in message
    news:uhPpWxoTFHA.2392@TK2MSFTNGP10.phx.gbl...
    > Hope this helps.
    >
    > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/w2kmsgs/2934.asp
    >
    > You'll find them as;
    > public.windows.server.*
    >

    would forcing all permission down make it go away? Surely that should reset
    all of the offending ones to soemthign that works. It would be nice if
    chkdsk said which file had an incorrect security ID so that I could test
    this theory out without having to do it to the entire drive...
  4. Archived from groups: microsoft.public.win2000.file_system (More info?)

    It's looking like you're not alone in this.

    http://groups.google.co.uk/groups?as_epq=invalid%20security%20id&as_ugroup=microsoft.public.*&as_drrb=b&as_mind=1&as_minm=1&as_miny=2000&as_maxd=31&as_maxm=12&as_maxy=2005&num=100&as_scoring=d&hl=en


    --
    Regards,

    Dave Patrick ....Please no email replies - reply in newsgroup.
    Microsoft Certified Professional
    Microsoft MVP [Windows]
    http://www.microsoft.com/protect

    "BM" wrote:
    | would forcing all permission down make it go away? Surely that should
    reset
    | all of the offending ones to soemthign that works. It would be nice if
    | chkdsk said which file had an incorrect security ID so that I could test
    | this theory out without having to do it to the entire drive...
    |
    |
  5. Archived from groups: microsoft.public.win2000.file_system (More info?)

    yeah it looks like that. I'm not alone it seems, though no one has a
    solution to it. Anyway, I plan to come in this weekend (hoorah), reboot the
    server, and chkdsk the bugger a few times. I've backed up the security and
    tested restoring it using setacl (quite a handy tool) so I'll give that a
    whir after chkdsk.

    Will check if its my script thats making a mess of it. Though I can't see
    why or how. I'm assuming that there are no known issues with cacls and
    subinacl?

    I'll let you know!


    "Dave Patrick" <mail@Nospam.DSPatrick.com> wrote in message
    news:Oo1fVY%23TFHA.2756@tk2msftngp13.phx.gbl...
    > It's looking like you're not alone in this.
    >
    > http://groups.google.co.uk/groups?as_epq=invalid%20security%20id&as_ugroup=microsoft.public.*&as_drrb=b&as_mind=1&as_minm=1&as_miny=2000&as_maxd=31&as_maxm=12&as_maxy=2005&num=100&as_scoring=d&hl=en
    >
    >
    >
    > --
    > Regards,
    >
    > Dave Patrick ....Please no email replies - reply in newsgroup.
    > Microsoft Certified Professional
    > Microsoft MVP [Windows]
    > http://www.microsoft.com/protect
    >
    > "BM" wrote:
    > | would forcing all permission down make it go away? Surely that should
    > reset
    > | all of the offending ones to soemthign that works. It would be nice if
    > | chkdsk said which file had an incorrect security ID so that I could test
    > | this theory out without having to do it to the entire drive...
    > |
    > |
    >
    >
  6. Archived from groups: microsoft.public.win2000.file_system (More info?)

    barry wrote:
    > Hi,
    >
    > This is actually a 2003 server, but I cant find the newsgroup.
    >
    > I'm implementing a new file server, and have been sorting out the
    > permission for user directories, departments etc etc. I ran a checkdsk
    > on the volume, this ran, and replaced "invalid security id with default
    > security id" for about 600,000 files. What exactly does it determine as
    > "invalid security"? It was working fine until I ran check disk.
    > Obviously the default security is rather locked down, and denies all my
    > users from accessing their files. After a few hours of messing, I
    > eventually sorted it (that and I had a script to do half the work
    > anyway). The script just sets the owner of files in their user directory
    > (using subinacl), and gives them full control to anythgin in their user
    > directory. If its relevant I can copy the code.
    >
    > I've just run another chkdsk (without /f!!) and its come up with a load
    > more "invalid security IDs".
    >
    > what doesn't it like??
    >
    > Does anyone know of any program that can 'back up' the security settings
    > on files so that if this happens again - presumably when i next chkdsk
    > /f, I can just restore them?
    >
    > Thanks
    > Barry
    >


    right, after mucho faffing around, I've come top the conclusion that its
    the setowner switch of subinacl (version is 5.2.3790.1180). It worked
    for the first few users (i cancelled my script and did a chkdsk). I then
    did all of them and im getting the invalid security ID errors. Though
    permissions look fine and its all workign nice.

    Heres the script snippet. Theres a 5 second lag between each iteration.
    Which incidentally isnt always long enough so that there's only one
    subinacl running.

    objShell.Run "cmd /c " &chr(34)& " subinacl.exe /subdirectories
    E:\F_APPS\users\"&f1.name&"\*
    /setowner="&f1.name&"@mynicedomain.com"&chr(34) &""

    I even stopped the AV scanner as I thought this might be it. It wasnt.

    Anyone any ideas?


    I've now altered the script so as to not run more than one copy of
    subinacl, on the off chance that makes a difference. Obviously now I've
    gotta go back and chkdsk the server and mess around for a few hours
    again sporting its permissions out. I can't be bothered as its saturday
    and i need to buy some food :)
Ask a new question

Read More

Security Windows