Article ID: 327009 - View products that this article applies to.
This article was previously published under Q327009
After you restore or copy a lot of data and the NTFS file system security information that is associated with that data, Chkdsk.exe may report errors on the partition. This problem may occur even if you restore or copy the data to a partition that you know to be error-free. Chkdsk may report errors that are similar to these:
Note that the number of reported errors and the security IDs may vary. The index entry IDs and the file numbers may also vary.
CHKDSK is verifying security descriptors (stage 3 of 3)...
Repairing the security file record segment.
Deleting an index entry with Id 8447 from index $SII of file 9.
Deleting an index entry with Id 31126 from index $SII of file 9.
Deleting an index entry with Id 50636 from index $SII of file 9.
Deleting an index entry with Id 31126 from index $SDH of file 9.
Deleting an index entry with Id 50636 from index $SDH of file 9.
Deleting an index entry with Id 8447 from index $SDH of file 9.
Replacing invalid security id with default security id for file 1461234.
Security descriptor verification completed.
Windows found problems with the file system.
If you then run the chkdsk /f command on the partition and you perform an audit of the applied permissions, some files and folders may have lost user-defined permissions. These permissions may have been replaced by default permissions that give access only to Local System and Administrators.
This problem may occur no matter which program you use to restore or copy the data. The problem has been reported after restoring data (with its security information) by using the Ntbackup.exe tool, and after copying data (with its security information) by using Xcopy.exe with the /o and /x switches.
The design of the NTFS file system requires that security descriptors be written in blocks, and that at least 20 bytes be left free at the end of each security descriptor block. This leaves space for a security descriptor header. However, in some cases, a miscalculation by the NTFS code might cause security descriptors to be written near the end of a block so that less than 20 bytes free space is left.
Chkdsk.exe then removes these security descriptors and replaces them with default security descriptors to make sure that a minimum of 20 bytes of free space remains at the end of the block. This causes a loss of user-defined security for some files and folders.
Service Pack InformationTo resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/260910/ )How to Obtain the Latest Windows 2000 Service Pack
Hotfix informationA supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=supportNote The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
Restart requirementYou must restart your computer after you apply this hotfix.
File informationThe English version of this hotfix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
To resolve this problem, obtain and install the hotfix that this article describes, and then restart the computer. The version of Ntfs.sys that is included in this hotfix has been corrected to make sure that security descriptors are written correctly, and that the required free space is left at the end of each security descriptor block.
Date Time Version Size File name ----------------------------------------------------- Oct-03-2002 14:45 5.0.2195.6078 513,616 Ntfs.sys
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section of this article. This problem was first corrected in Windows 2000 Service Pack 4.
For additional information about how to obtain a hotfix for Windows 2000 Datacenter Server, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/265173/ )The Datacenter Program and Windows 2000 Datacenter Server product
Article ID: 327009 - Last Review: February 1, 2007 - Revision: 9.6