Windows 2000 Chkdsk Reports Cleaning Unused Security Descriptors

ID: Q246882

The information in this article applies to:

Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server

SYMPTOMS

If you run the Chkdsk.exe tool with no command-line switches against a Windows NT file system (NTFS) volume, Chkdsk.exe may report that problems were found, and suggest that you run the Chkdsk command with the /f switch to fix the volume. The following is an example of the output of the Chkdsk command:


C:\>chkdsk c:
The type of the file system is NTFS.
Volume label is System.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

If you then run chkdsk /f or chkntfs /c against the NTFS volume to schedule Autochk to run at boot time, or you run a manual interactive chkdsk.exe /f against an inactive NTFS volume, you may see the following Chkdsk.exe output message or event in the Application log:


Event Type:     Information
Event Source:   Winlogon
Event ID:       1001
Computer:       Computer_Name
Description:    Checking file system on C:
                The type of the file system is NTFS.
                Volume label is System.

A disk check has been scheduled.
Windows will now check the disk.                         
Cleaning up minor inconsistencies on the drive.
Cleaning up 153 unused index entries from index $SII of file 0x9.
Cleaning up 153 unused index entries from index $SDH of file 0x9.
Cleaning up 153 unused security descriptors.
Windows has made corrections to the file system.

NOTE: Although the Chkdsk.exe tool with no command-line switches reported that problems existed, there was no indication that the NTFS volume only required minor cleanup. When you run chkdsk /f, Chkdsk.exe reports unused index and security descriptor entries were removed, and nothing more.

CAUSE

This problem occurs because when Chkdsk is run against an NTFS volume, Chkdsk.exe may report that security descriptors are in the database that are no longer referenced by any file or folder, and that it is removing them. However, Chkdsk.exe just reclaims the unused security descriptors as a housekeeping activity, and is not actually fixing any kind of problem.

STATUS

Microsoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article.

MORE INFORMATION

Please note that the message listed in the "Symptoms" section in this article is an informational message, and can be safely ignored. All NTFS volumes contain a security descriptor database. This database is populated with security identifiers that represent unique permission settings applied to files and folders. When files or folders have unique NTFS permissions applied, NTFS stores a unique security descriptor once on the volume, and also stores a pointer to the security descriptor on any file or folder that references it.

If files or folders no longer use that unique security descriptor, NTFS does not remove the unique security descriptor from the database, but instead, keeps it cached. Like any caching strategy, you want to keep the cached information as long as possible because it may be used again.

To determine if more serious problems exist before scheduling or running Chkdsk.exe with the /f switch, run the chkntfs drive letter: command, where drive letter is the drive letter of the drive you want to run the chkdsk /f command against. If this command reports that the "dirty bit" is set, there may be real damage that needs to be fixed. For additional information about using Chkdsk.exe in Windows 2000, click the article number below to view the article in the Microsoft Knowledge Base:

Q218461 Enhanced Chkdsk, Autochk, and Chkntfs Tools in Windows 2000

Additional query words: secure

Keywords : kberrmsg kbtool
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbprb