The Default NTFS Permissions Are Not Applied to a Converted Boot Partition

• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows 2000 Professional
• Microsoft Windows 2000 Server

SUMMARY

When you install Windows 2000 to an NTFS partition, part of the set up process is to apply default security settings to the system files and folders located on the boot partition.

If you initially installed Windows 2000 to a FAT or FAT32 partition, and then later used the Convert.exe utility to convert the partition to NTFS, default security settings are not applied.

You may also want to re-apply default NTFS permissions to the system boot partition if you accidentally removed access to parts of the file system necessary for the operating system to function properly.

MORE INFORMATION

The following procedure only applies default NTFS security settings to the %Windir% and "Program Files" folders and not the "Documents and Settings" folder. However, it is possible to create a user defined .inf file that contains custom security settings for additional files and folders and apply them the same way.

To Apply Default NTFS Security to a Windows 2000 NTFS Boot Partition

1. Log on to the workstation or server with administrator rights.



2. At a command prompt, type one of the following commands:
   
   
   • Windows 2000 Workstation:
     
     Secedit /configure /db C:\winnt\temp\temp.mdb /Cfg c:\winnt\inf\defltwk.inf /areas filestore
   
   
   
   • Windows 2000 Server:
     
     Secedit /configure /db c:\winnt\temp\tmp.mdb /Cfg C:\winnt\inf\defltsv.inf /areas filestore
     
     NOTE: After security permissions are applied, you may receive the following message that it is alright to ignore:
     
     Task is completed. Some files in the configuration are not found on this system so security cannot be set/queried.
     
     See the %windir%\security\logs\scesrv.log file for detailed information.
   
   
   



3. View the NTFS security settings on the Windows 2000 system files and folders and note that additional security has been applied.
   
   NOTE: You may also want to re-apply default NTFS permissions to the system boot partition if you accidentally removed access to parts of the file system necessary for the operating system to function properly, however the computer must still be bootable for the preceding procedure to work.

If the Computer Does Not Start and Generates a STOP 0xC000021A Error Message on a Blue Screen

1. Install a new installation of Windows 2000 onto a separate partition or drive.
   
   WARNING: If you install a new installation of Windows 2000 in the same folder as the existing installation, you will erase the existing installation, including all existing accounts, and so on.



2. Boot to the new installation of Windows 2000.



3. Use Windows Explorer to give the "System" account full control of the original volumes root folder and all system files and folders. You should now be able to boot to the original installation of Windows 2000.



4. Follow the preceding instructions to restore default NTFS security permissions on your system boot partition.
   
   NOTE: For computers running Microsoft Windows NT versions 3.5, 3.51, or 4.0, please refer to the following Microsoft Knowledge Base article:
   
   

   Q153094 Restoring Default Permissions to Windows NT System Files

Additional query words: setacl 0xc21a c21a

Keywords : kbenv kbtool kbui
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbprb