Microsoft KB Archive/246882
Windows 2000 Chkdsk Reports Cleaning Unused Security Descriptors
The information in this article applies to:
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server
If you run the Chkdsk.exe tool with no command-line switches against a Windows NT file system (NTFS) volume, Chkdsk.exe may report that problems were found, and suggest that you run the Chkdsk command with the /f switch to fix the volume. The following is an example of the output of the Chkdsk command:
C:\>chkdsk c: The type of the file system is NTFS. Volume label is System. WARNING! F parameter not specified. Running CHKDSK in read-only mode. CHKDSK is verifying files (stage 1 of 3)... File verification completed. CHKDSK is verifying indexes (stage 2 of 3)... Index verification completed. CHKDSK is verifying security descriptors (stage 3 of 3)... Security descriptor verification completed. Windows found problems with the file system. Run CHKDSK with the /F (fix) option to correct these.
If you then run chkdsk /f or chkntfs /c against the NTFS volume to schedule Autochk to run at boot time, or you run a manual interactive chkdsk.exe /f against an inactive NTFS volume, you may see the following Chkdsk.exe output message or event in the Application log:
Event Type: Information Event Source: Winlogon Event ID: 1001 Computer: Computer_Name Description: Checking file system on C: The type of the file system is NTFS. Volume label is System. A disk check has been scheduled. Windows will now check the disk. Cleaning up minor inconsistencies on the drive. Cleaning up 153 unused index entries from index $SII of file 0x9. Cleaning up 153 unused index entries from index $SDH of file 0x9. Cleaning up 153 unused security descriptors. Windows has made corrections to the file system.
NOTE: Although the Chkdsk.exe tool with no command-line switches reported that problems existed, there was no indication that the NTFS volume only required minor cleanup. When you run chkdsk /f, Chkdsk.exe reports unused index and security descriptor entries were removed, and nothing more.
This problem occurs because when Chkdsk is run against an NTFS volume, Chkdsk.exe may report that security descriptors are in the database that are no longer referenced by any file or folder, and that it is removing them. However, Chkdsk.exe just reclaims the unused security descriptors as a housekeeping activity, and is not actually fixing any kind of problem.
A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next that contains this fix.
To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:
The English version of this fix should have the following file attributes or later:
Date Time Version Size File name ------------------------------------------------ 01/25/2000 09:12p 558,864 Autochk.exe 01/25/2000 09:12p 26,384 Cnvfat.dll 01/25/2000 09:13p 77,072 Diskedit.exe 01/25/2000 09:12p 304,400 Untfs.dll
NOTE: To view the version, right-click the file in Windows Explorer, click Properties on the menu that appears, and then click the Version tab.
Microsoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article.
Please note that the message listed in the "Symptoms" section in this article is an informational message, and can be safely ignored.
All NTFS volumes contain a security descriptor database. This database is populated with security identifiers that represent unique permission settings applied to files and folders. When files or folders have unique NTFS permissions applied, NTFS stores a unique security descriptor once on the volume, and also stores a pointer to the security descriptor on any file or folder that references it.
If files or folders no longer use that unique security descriptor, NTFS does not remove the unique security descriptor from the database, but instead, keeps it cached. Like any caching strategy, you want to keep the cached information as long as possible because it may be used again.
To determine if more serious problems exist before scheduling or running Chkdsk.exe with the /f switch, run the chkntfs drive letter: command, where drive letter is the drive letter of the drive you want to run the chkdsk /f command against. If this command reports that the "dirty bit" is set, there may be real damage that needs to be fixed. For additional information about using Chkdsk.exe in Windows 2000, click the article number below to view the article in the Microsoft Knowledge Base:
Q218461 Enhanced Chkdsk, Autochk, and Chkntfs Tools in Windows 2000
Additional query words: secure
Keywords : kberrmsg kbtool
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbprb
Technology : kbwin2kAdvSerSearch kbwin2kDataSerSearch kbwin2kSSearch kbwin2kSearch kbwin2kProSearch
Last Reviewed: September 15, 2000