DOCUMENT:Q155315 09-AUG-2001 [winnt] TITLE :Cannot Log On After User Access to Boot Partition Removed PRODUCT :Microsoft Windows NT PROD/VER:winnt:4.0 OPER/SYS: KEYWORDS:kbusage ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Server version 4.0 - Microsoft Windows NT Workstation version 4.0 ------------------------------------------------------------------------------- SYMPTOMS ======== If you remove access for the Everyone group from a Windows NT File System (NTFS) boot partition and click the Replace Permissions On Subdirectories check box so that it is selected, you lose all access to the partition, even if you are currently logged on as an administrator. You may also receive error messages stating that your desktop is not accessible. In addition, no other users can log on. When the Everyone group does not have access to the partition, no user has rights to make any change or log on to the system. If you attempt to log on, Windows NT returns you to the logon screen. If you restart Windows NT, you may receive the following error message on a blue screen: STOP: c000021A {Fatal System Error} After you log on, you may receive the following error messages: Limited Virtual Memory: Your system is running without a properly sized paging file. Please use the Virtual Memory option of the System applet in the Control Panel to create a paging file, or to increase the initial size of your paging file. Desktop: Can't access this folder. The path is too long NOTE: You do not receive any warning that removing the Everyone group removes all users, including administrators, and you are not warned that some system-wide functions may no longer work. CAUSE ===== Removing the Everyone group and selecting the Replace Permissions On Subdirectories check box removes all users, including administrators, and prevents anyone from accessing the partition. RESOLUTION ========== To resolve this issue and allow users to log on after this problem has occurred, use any of the following methods: Method 1 -------- Set up Windows NT on another partition or hard disk in the computer, using the following steps: 1. Set up Windows NT on another partition or hard disk. 2. Log on to the new installation of Windows NT as an administrator. 3. Take ownership of the original partition. You should be able to gain access to the data files on the original partition. Method 2 -------- Reformat the partition and reinstall Windows NT using the following steps: 1. Reformat the hard disk partition on which Windows NT is installed. 2. Reinstall Windows NT, and then restore any data files from a backup. Method 3 -------- Use File Manager to change the permissions. To do so, follow these steps: 1. Log on to the computer using an account with administrator privileges. 2. Press CTRL+ALT+DELETE, and then click Task Manager. 3. On the File menu, click New Task(Run). 4. In the Open box, type "winfile" (without quotation marks), and then press ENTER. 5. Click the boot drive, and then click Permissions on the Security menu. 6. Grant the Everyone group Change permissions. 7. Close File Manager, and then restart your computer. MORE INFORMATION ================ To prevent the Everyone group from having explicit rights to the partition without preventing access by any user, use the following steps: 1. Grant the user who is currently logged on, or a group that contains the user currently logged on, proper access to the partition. For example, the Administrators group should be granted Full Control permissions. 2. Grant the System group Full Rights. 3. Remove the Everyone group. 4. Click the Replace Permissions On Subdirectories check box so that it is selected. 5. Click OK. NOTE: Granting the System and Owner groups full access to the partition after removing the Everyone group does not allow the default user ID, or administrator, permissions to log on and access files even though it is considered an owner. To grant permissions to the Administrators group, you must explicitly add the Administrators group. The user attempting to log on must have sufficient permissions granted before logging on. The minimum permissions necessary to log on (assuming the System group has full control of the volume root and all system directories and files) are: %SystemRoot%: Everyone - READ %SystemRoot%\System32: Everyone - READ/EXECUTE %SystemRoot%\System32\Repl\Import\Scripts: Everyone - READ/EXECUTE (if users have logon scripts) Depending on your environment, additional permissions may be necessary. Additional query words: prodnt subsystem session manager terminated 0xc000021a ====================================================================== Keywords : kbusage Technology : kbWinNTsearch kbWinNTWsearch kbWinNTW400 kbWinNTW400search kbWinNT400search kbWinNTSsearch kbWinNTS400search kbWinNTS400 Version : winnt:4.0 ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.