[AccessD] What a mess (otherwise knbown as "who owns things")

Drew Wutka DWUTKA at Marlow.com
Mon Jun 1 15:46:46 CDT 2009 

NTFS bases it's security on username/domain name, in a sort of hash.  If
you rebuild a machine, but only one partition, other partitions aren't
automatically set to be used by the new machine's credentials.  This is
because an account on a local machine is not going to be quite the same
as an account on the same machine with the OS reloaded.  So all the
files/partitions will be 'foreign'.

I know this is kind of annoying, but it is a failed attempt to provide
security for your files.  NTFS can't really do that since it doesn't
encrypt anything by default.  I have a program called Restore Pro 2000,
which lets me recover anything from NTFS partitions (so you can format a
drive, and I can recover the data....unless you do a low level 'zeroing'
of that drive).  It completely ignores NTFS security, because it doesn't
use Windows to read the drive, it is using lower level BIOS calls.  Very
handy.  NTFS is only applicable if you are accessing folders/files
through windows itself.  Even more bizarre is that Microsoft released an
NTFS driver for Windows 9x, which allows a windows 9x machine to
read/write to an NTFS partition...and it completely ignores the NTFS
security flags.

So, to answer your question about how to prevent this from happening, if
you have a license (or 2) for Windows 2003 Server (or copies you are
using), then I would recommend setting up a domain.  By setting up a
domain, with Active Directory, you are centralizing your users and
groups, so your login account will have the same permissions no matter
what machine you are using.  (And if you wipe the C drive of a machine,
and reinstall the OS, as soon as you join it to the domain, all your
permissions are back!).  Setting up a domain controller can also make
home networking WAY easier (and more efficient).  The DHCP, WINS and DNS
servers available in a Windows Server are pretty easy to use, and
provide some pretty slick options as to setting up pointers to what is
what!

Just my two cents though....

Drew

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of jwcolby
Sent: Sunday, May 31, 2009 10:07 PM
To: Dba-Sqlserver; Access Developers discussion and problem solving
Subject: [AccessD] What a mess (otherwise knbown as "who owns things")

I rebuilt a server from C:\ format on up.  New Windows Server 2003 X64,
New SQL Server 2005 etc.

Now the current administrator (apparently) does not own the files on the
raid arrays which of course 
survive quite nicely.  When I tried to attach a database it gave me an
"insufficient rights" kind of 
error which I Googled and that tells me that I do not own the files.  I
took ownership which worked 
(I can now attach),  but then I tried to attach and it said it couldn't
because the files were read 
only.

Only it DID the attach, and now I have a database in read only mode,
which I cannot detach 
because... it is read only.

Sigh.

So... this invites MANY questions...

1) How do I take ownership of a disk drive on down and all the files on
that disk drive?
2) Why are the files read only?
3) Now that I have one of the databases mounted (read only) how do I
detach it so that I can make it 
read / write and reattach it?  Or how do I make it non-readonly?

4)Why did all of this happen?
5) Is there an easy way to prevent all this in the future?  I have a
second server which I will be 
rebuilding when new parts get here mid week.  New motherboard /
processor and 5 new terabyte drives 
for the server I rebuilt this weekend and 5 new drives for the one to be
rebuilt next.  Obviously if 
there is something I can do in advance to prevent this mess I am all for
that.

In fact the new motherboard is the same motherboard as I have in the
current rebuild, and my plan is 
to clone the boot drive and just use that clone in the new system.  I
have gone to much trouble to 
get all the multitude of software installed etc so when I am done I HOPE
to end up with two 
literally identical machines, other than the second machine having some
additional storage (and a 
next generation processor).

Any words of wisdom out there?

-- 
John W. Colby
www.ColbyConsulting.com
-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com
The information contained in this transmission is intended only for the person or entity 
to which it is addressed and may contain II-VI Proprietary and/or II-VI Business 
Sensitive material. If you are not the intended recipient, please contact the sender 
immediately and destroy the material in its entirety, whether electronic or hard copy. 
You are notified that any review, retransmission, copying, disclosure, dissemination, 
or other use of, or taking of any action in reliance upon this information by persons 
or entities other than the intended recipient is prohibited.

More information about the AccessD mailing list