Repairing broken NTFS security permissions after running chkdsk

For those of you who have had your installation of windows seemingly corrupted by chkdsk with the repair log looking something like below:
 
Cleaning up minor inconsistencies on the drive.
The security data stream entry at offset 0x***** with length 0x********
crosses the page boundary.
Repairing the security file record segment.
Deleting an index entry with Id 1292 from index $SII of file 9.
Deleting an index entry with Id 1293 from index $SII of file 9.
Deleting an index entry with Id 1294 from index $SII of file 9.
Deleting an index entry with Id 1295 from index $SII of file 9.
Deleting an index entry with Id 1296 from index $SII of file 9.
Deleting an index entry with Id 1297 from index $SII of file 9.
 …
Replacing invalid security id with default security id for file 29.
Replacing invalid security id with default security id for file 30.
Replacing invalid security id with default security id for file 35.
Replacing invalid security id with default security id for file 36.
 …
Cleaning up 1 unused index entries from index $SII of file 9.
Cleaning up 1 unused index entries from index $SDH of file 9.
Cleaning up 1 unused security descriptors.
Fixing mirror copy of the security descriptors data stream.
Security descriptor verification completed.
Windows has made corrections to the file system.
 
And also find one (or more of) the following true:
  • There are missing svchost.exe in task manager.
  • Start menu is missing / not working correctly at all (both in normal startup and in safe mode) – though explorer and cmd still works.
  • Empty service listing in services.msc.
  • Cannot view properties of event log entires (and other MMC snap-ins).
  • Sound is replaced with system beeps.
  • Remote Procedure Call (RPC) (RPCSS) – fails to start via command-line with the error:
    System Error 5 has occurred

    Access is Denied

You might want to check the NTFS security settings for svchost.exe and make sure "Users" have "Read & Execute" permissions.  As the above symptoms all points to one or more services depending on RPC failed to startup (I had the hunch after querying RPC, starting RPC and getting that error message, and the fact that a tonne of services depends on RPC).
 
Oh, and need I remind you to keep an eye on those event logs for any other services that failed to startup – in my case, I also had to add "Read & Execute" for "Users" to alg.exe –  but I guess it all depends on what chkdsk screws up… (and having a second computer definitely helps in determining what the default permission is  – well… that or use secedit as described in MS KB313222 (link) )
 
Advertisements

One Response to “Repairing broken NTFS security permissions after running chkdsk”

  1. Jaša Bartelj Says:

    Nice solution!I had the exact same problem happen to me about 2 weeks ago.  I reinstalled before finding this but I’m very happy to know that people like you share their solutions.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: