Microsoft KB Archive/831646

= Chkdsk incorrectly removes corrupted security descriptor information =

PSS ID Number: 831646

Article Last Modified on 1/6/2004

-

The information in this article applies to:


 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional
 * Microsoft Windows 2000 Server

-





SUMMARY
When you run the Chkdsk.exe program with the /F option, security descriptor information may be removed from certain files or folders.

In the following example, the Chkdsk log file contains an error message that indicates that two security data stream entries cross page boundaries: Checking file system on M: The type of the file system is NTFS. Volume label is MyVolume.

A disk check has been scheduled. Windows will now check the disk. Cleaning up minor inconsistencies on the drive. The security data stream entry at offset 0x1bfff0 with length 0x80010033 crosses the page boundary. The security data stream entry at offset 0x4bfff0 with length 0x80010033 crosses the page boundary. Repairing the security file record segment. Deleting an index entry with Id 4971 from index $SII of file 9. Deleting an index entry with Id 9614 from index $SII of file 9. Deleting an index entry with Id 9614 from index $SDH of file 9. Deleting an index entry with Id 4971 from index $SDH of file 9. Replacing invalid security id with default security id for file 97. Replacing invalid security id with default security id for file 1890. Replacing invalid security id with default security id for file 1991.



CAUSE
This problem occurs because you have security descriptors that are logically correct, but that do not conform exactly to the alignment convention for the NTFS file system security stream.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

327009 Chkdsk finds incorrect security IDs after you restore or copy a lot of data



Hotfix information
To resolve this problem, obtain and install the hotfix that is described in the following article in the Microsoft Knowledge Base:

831375 The CHKDSK utility incorrectly identifies and deletes in-use security descriptors

Sometimes, security descriptors may be logically correct, but may not conform perfectly to data alignment conventions for the NTFS security stream. The version of Chkdsk that is included in the hotfix that is described in Microsoft Knowledge Base article 831375 prevents the incorrect removal of security descriptors that meet these criteria.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section of this article.



For additional information about how hotfix packages are named, click the following article number to view the article in the Microsoft Knowledge Base:

816915 New File Naming Schema for Microsoft Windows Software Update Packages

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the Standard Terminology That Is Used to Describe Microsoft Software Updates

Additional query words: autochk autocheck check disk

Keywords: kbBug kbfix kbQFE kbWin2000preSP5fix KB831646

Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Pro kbwin2000ProSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch kbWinAdvServSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.