Cannot Log On After User Access to Boot Partition Removed

 Last reviewed: January 29, 1998
Article ID: Q155315
The information in this article applies to:
  • Microsoft Windows NT Server version 4.0
  • Microsoft Windows NT Workstation version 4.0

SYMPTOMS

If you remove access for the Everyone group from an NTFS boot partition and click the Replace Permissions On Subdirectories check box so that it is selected, you lose all access to the partition, even if you are currently logged on as an administrator. You may also receive error messages stating that your desktop is not accessible. In addition, no other users can log on.

When the Everyone group does not have access to the partition, no user has rights to make any change or log on to the system. If you attempt to log on, Windows NT returns you to the logon screen.

If you reboot the computer, you may receive the following error messages on a blue screen: 

   STOP: c000021A {Fatal System Error}
and 

   Can't access this folder, the path is to long" error when logging on.
NOTE: You do not receive any warning that removing the Everyone group removes all users, including administrators, and you are not warned that some system-wide functions may no longer work.

CAUSE

Removing the Everyone group and selecting the Replace Permissions On Subdirectories check box removes all users, including administrators, and prevents anyone from accessing the partition.

RESOLUTION

To resolve this issue and allow users to log on after this problem has occurred, use either of the following methods:

  • Set up Windows NT on another partition or hard disk in the computer, using the following steps:

    1. Set up Windows NT on the another partition or hard disk.

    2. Log on to the new installation of Windows NT as an administrator.

    3. Take ownership of the original partition.

    You should be able to gain access to the data files on the original partition.

  • Reformat the partition and reinstall Windows NT using the following steps:

    1. Reformat the hard disk partition on which Windows NT is installed.

    2. Reinstall Windows NT, and then restore any data files from a 

          backup.

MORE INFORMATION

To prevent the Everyone group from having explicit rights to the partition without preventing access by any user, use the following steps:

  1. Grant the user who is currently logged on, or a group that contains the user currently logged on, proper access to the partition. For example, the Administrators group should be granted Full Control permissions.

  2. Grant the System group Full Rights.

  3. Remove the Everyone group.

  4. Click the Replace Permissions On Subdirectories check box so that it is selected.

  5. Click OK.

NOTE: Granting the System and Owner groups full access to the partition after removing the Everyone group does not allow the default user ID, or administrator, permissions to log on and access files even though it is considered an owner. To grant permissions to the Administrators group, you must explicitly add the Administrators group.

The user attempting to log on must have sufficient permissions granted before logging on. The minimum permissions necessary to log on (assuming the System group has full control of the volume root and all system directories and files) are: 

   %SystemRoot%:                               Everyone - READ

   %SystemRoot%\System32:                      Everyone - READ/EXECUTE

   %SystemRoot%\System32\Repl\Import\Scripts:  Everyone - READ/EXECUTE
   (if users have logon scripts)
Depending on your environment, additional permissions may be necessary.

Additional query words: prodnt subsystem session manager terminated
0xc000021a
Keywords : ntsecurity NTSrvWkst kbusage
Version : 4.0
Platform : winnt
Issue type : kberrmsg

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: January 29, 1998
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.