Microsoft KB Archive/255008

= Windows 2000 Chkdsk Reports Cleaning Unused Security Descriptors =

Article ID: 255008

Article Last Modified on 2/20/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition

-



This article was previously published under Q255008



SYMPTOMS
If you run the Chkdsk.exe tool with no command-line switches against a volume that uses the NTFS file system, Chkdsk.exe may report that problems were found and suggest that you run the Chkdsk command with the /f switch to fix the volume. For example, the following message is the result of the Chkdsk command:

C:\>chkdsk c: The type of the file system is NTFS. Volume label is System.

WARNING! F parameter not specified. Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)... File verification completed. CHKDSK is verifying indexes (stage 2 of 3)... Index verification completed. CHKDSK is verifying security descriptors (stage 3 of 3)... Security descriptor verification completed. Windows found problems with the file system. Run CHKDSK with the /F (fix) option to correct these.

If you then run chkdsk /f or chkntfs /c against the NTFS volume to schedule Autochk to run at boot time, or you run a manual interactive chkdsk.exe /f against an inactive NTFS volume, you may receive the following Chkdsk.exe message or event in the application log:

Event Type:    Information Event Source:  Winlogon Event ID:      1001 Computer:      Computer_Name Description:   Checking file system on C:                The type of the file system is NTFS. Volume label is System.

A disk check has been scheduled. Windows will now check the disk. Cleaning up minor inconsistencies on the drive. Cleaning up 153 unused index entries from index $SII of file 0x9. Cleaning up 153 unused index entries from index $SDH of file 0x9. Cleaning up 153 unused security descriptors. Windows has made corrections to the file system.

NOTE: Although the Chkdsk.exe tool with no command-line switches reported that problems existed, there was no indication that the NTFS volume only required minor cleanup. When you run chkdsk /f, Chkdsk.exe reports only unused index and security descriptor entries that were removed.



CAUSE
This problem occurs because if Chkdsk is run against an NTFS volume, Chkdsk.exe may report that security descriptors are in the database that are no longer referenced by any file or folder and that it is removing them. However, Chkdsk.exe just reclaims the unused security descriptors as a housekeeping activity, and it does not actually fix any kind of problem.



RESOLUTION
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

The English version of this fix should have the following file attributes or later:   Date        Time    Size     File name --  01/25/2000  09:12p  558,864  Autochk.exe 01/25/2000 09:12p   26,384  Cnvfat.dll 01/25/2000 09:13p   77,072  Diskedit.exe 01/25/2000 09:12p  304,400  Untfs.dll



STATUS
Microsoft has confirmed that this is a problem in Windows 2000. This problem was first corrected in Windows 2000 Service Pack 1.



MORE INFORMATION
Make sure that the problem you are seeing is not caused by the issue discussed in the following Microsoft Knowledge Base article:

327009 Chkdsk Finds Incorrect Security IDs After You Restore or Copy a Lot of Data

Otherwise, the message listed in the "Symptoms" section in this article is an informational message and can be safely ignored.

All NTFS volumes contain a security descriptor database. This database is populated with security identifiers that represent unique permission settings that are applied to files and folders. When files or folders have unique NTFS permissions applied, NTFS stores a unique security descriptor once on the volume, and it also stores a pointer to the security descriptor on any file or folder that references it.

If files or folders no longer use that unique security descriptor, NTFS does not remove the unique security descriptor from the database, but instead, keeps it cached. Like any caching strategy, you want to keep the cached information as long as possible because it may be used again.

To determine if more serious problems exist before scheduling or running Chkdsk.exe with the /f switch, run the chkntfs : command, where   is the drive against which you want to run the chkdsk /f command. If this command reports that the "dirty bit" is set, there may be real damage that has to be fixed.

For additional information about using Chkdsk.exe in Windows 2000, click the article number below to view the article in the Microsoft Knowledge Base:

218461 Description of Enhanced Chkdsk, Autochk, and Chkntfs Tools in Windows 2000

Additional query words: secure

Keywords: kberrmsg kbfix kbprb kbwin2000sp1fix KB255008

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.