<p>Windows 2008 Ent R2 sp1</p><p>Someone, I have my suspicions as to who, but thats neither here nor there, messed up the NTFS permissions on the C: drive of a server.</p><p>This was brought to my attention when I discovered events 257 &amp; 490 happening every hour all day.</p><p>I have run sfc /scannow</p><p>The CBS.log is 14MB and there are scattered failures throughout.<span>&nbsp; </span>Its pretty hard to dig thru cohesively.</p><p>I then ran System Readiness Tool with these results:</p><p><span style="font-size:10pt;">================================</span></p><p><span style="font-size:10pt;">Checking System Update Readiness.</span></p><p><span style="font-size:10pt;">Binary Version 6.1.7601.21645</span></p><p><span style="font-size:10pt;">Package Version 15.0</span></p><p><span style="font-size:10pt;">2012-09-18 09:38</span></p><p></p><p><span style="font-size:10pt;">Checking Windows Servicing Packages</span></p><p></p><p><span style="font-size:10pt;">Checking Package Manifests and Catalogs</span></p><p></p><p><span style="font-size:10pt;">Checking Package Watchlist</span></p><p></p><p><span style="font-size:10pt;">Checking Component Watchlist</span></p><p></p><p><span style="font-size:10pt;">Checking Packages</span></p><p></p><p><span style="font-size:10pt;">Checking Component Store</span></p><p></p><p><span style="font-size:10pt;">Summary:</span></p><p><span style="font-size:10pt;">Seconds executed: 208</span></p><p><span style="font-size:10pt;"><span>&nbsp;</span>No errors detected</span></p><p><span style="font-size:10pt;">(w)<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Unable to get system disk properties<span>&nbsp;&nbsp;&nbsp;&nbsp; </span>0x0000045D<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>IOCTL_STORAGE_QUERY_PROPERTY<span> </span>Disk Cache<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></p><p>When I tried to run </p><p>esentutl /p &lt;%systemroot%&gt;\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb</p><p>I immediately got access denied (yes, in an elevated cmd prmpt) and that led me to discover that the security perms for the catroot2 folder and in fact the system32 folder are markedly different from other Win2k8 servers.</p><p>Someone had changed the ownership of the C: so I changed that back to trustedinstaller.<span>&nbsp; </span>I felt like that was the least invasive place to start, but the esentutl command still failed.</p><p>Once I compared the system32 &amp; catroot2 folders to other servers, I realized there was a big problem.</p><p>Is there any way to reset the c: permissions back to default&nbsp;besides doing a repair install?<span>&nbsp; </span>This is a SQL server.&nbsp;&nbsp; Thanks!</p>

Can you edit your post please ? Looks like formatting has broken !Regards, Santosh I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

original post reformed as following: Windows 2008 Ent R2 sp1 Someone, I have my suspicions as to who, but thats neither here nor there, messed up the NTFS permissions on the C: drive of a server. This was brought to my attention when I discovered events 257 & 490 happening every hour all day. I have run sfc /scannow The CBS.log is 14MB and there are scattered failures throughout. Its pretty hard to dig thru cohesively. I then ran System Readiness Tool with these results: ================================ Checking System Update Readiness. Binary Version 6.1.7601.21645 Package Version 15.0 2012-09-18 09:38 Checking Windows Servicing Packages Checking Package Manifests and Catalogs Checking Package Watchlist Checking Component Watchlist Checking Packages Checking Component Store Summary: Seconds executed: 208 No errors detected (w) Unable to get system disk properties 0x0000045D IOCTL_STORAGE_QUERY_PROPERTY Disk Cache When I tried to run esentutl /p <%systemroot%>\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb I immediately got access denied (yes, in an elevated cmd prmpt) and that led me to discover that the security perms for the catroot2 folder and in fact the system32 folder are markedly different from other Win2k8 servers. Someone had changed the ownership of the C: so I changed that back to trustedinstaller. I felt like that was the least invasive place to start, but the esentutl command still failed. Once I compared the system32 & catroot2 folders to other servers, I realized there was a big problem. Is there any way to reset the c: permissions back to default besides doing a repair install? This is a SQL server. Thanks!

Thanks for fixing the formatting. Not sure what happened.

Resetting NTFS Permissions on Windows Server 2003 ? http://blogs.technet.com/b/sdoakes/archive/2006/03/14/422012.aspx How do I restore security settings to the default settings? http://support.microsoft.com/kb/313222/en-us http://www.arabitpro.com

If Syed's suggestion do not help, then you might want to try in-place upgrade as an last option. How to Perform an In-Place Upgrade on Windows Vista, Windows 7, Windows Server 2008 & Windows Server 2008 R2 http://support.microsoft.com/kb/2255099Regards, Santosh I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

If Syed's suggestion do not help, then you might want to try in-place upgrade as an last option. How to Perform an In-Place Upgrade on Windows Vista, Windows 7, Windows Server 2008 & Windows Server 2008 R2 http://support.microsoft.com/kb/2255099Regards, Santosh I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

This issue apparently started back in august, but my server monitoring app failed to pick it up until this week. I would have to go back to the end of July to get a pre-error system state backup. This server runs SQL and an old proprietary application that I do not control, so I have no way to know how going back that far for the system state would affect it. As such, I am also not sure about an in-place upgrade either, but that may be my only choice. It's a w2k8 server, so the w2k3 post would not apply. Thanks for your suggestions