JSI Tip 2714. How do I restore default NTFS permissions in Windows 2000?

In tip 2109, I detailed the default NTFS permissions in Windows 2000.

In Windows NT 4.0, you could use Fixacl to reset NTFS permissions.

Windows 2000 includes Security Configuration templates in the %SystemRoot%\Inf folder that contains default NTFS permissions, default Registry ACLs, default user rights, etc. These templates are:

Defltwk.inf: - Windows 2000 Professional.
Defltsv.inf: - Windows 2000 Server/Advanced Server non-domain controller.
Defltdc.inf: - Windows 2000 Server/Advanced Server domain controller.

To use a template:

01. Start / Run / MMC.EXE / OK.

02. On the Console menu, press Add/Remove Snap-in.

03. Press Add.

04. Double-click the Security Configuration and Analysis snap-in.

05. Press Close in the Add Standalone Snap-in window.

06. Press OK in the Add/Remove Snap-in windows.

07. Right-click Security Configuration and Analysis, and then press Open Database.

08. Enter a new file name to house your settings.

09. Press Open.

10. Navigate to one of the above templates, \inf\<Template>, and press Open.

NOTE: You can also right click Security Configuration and Analysis and press Import Template.

NOTE: If you are resetting a Windows 2000 domain controller, see Q250454.

NOTE: The %SystemRoot%\Inf folder is hidden by default.

11. If you double-click Security Configuration and Analysis in the right hand pane, the following is displayed:

C:\Documents and Settings\<User Name>\My Documents\Security\Database\<Step 08 name>.sdb

You can now configure or analyze your computer by using the security settings in this database.

To Configure Your Computer

Right-click the Security Configuration and Analysis scope item
Select Configure Computer Now
In the dialog, type the name of the log file you wish to view, and then click OK
NOTE: After configuration is complete, you must perform an analysis to view the information in your database

To Analyze Your Computer Security Settings

Right-click the Security Configuration and Analysis scope item
Select Analyze Computer Now
In the dialog, type the log file path, and then click OK

NOTE: To view the log file created during a configuration or analysis, select View Log File on the Security Configuration and Analysis context menu.

NOTE: You can open the log in Notepad at C:\Documents and Settings\<User Name>\Local Settings\Temp\<Step 08 name>.log.


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish