Article ID: 237399 - View products that this article applies to.
When you install Windows 2000 to an NTFS file system partition, part of the set up process is to apply default security settings to the system files and folders located on the boot partition.
If you initially installed Windows 2000 to a FAT or FAT32 partition, and then later used the Convert.exe utility to convert the partition to NTFS, default security settings are not applied. To apply default Security settings after a convert you can use the below steps to apply "setup security.inf" to the system. However, in Windows 2000 Microsoft does not support setting security on already installed files to match NTFS security after a convert from FAT(32). To get a file permission that matches the security settings of a NTFS install, the system must be formatted and reinstalled selecting NTFS as the file system during the text portion of the Windows 2000 install. If a clean install is not possible, you can perform an in-place upgrade of the system after the files system has been converted to NTFS. The upgrade will address the file permission of all operating system components, however any program that had custom security will not have the correct permissions set. If you want, you can create a user defined .inf file that contains custom security settings for additional files and folders and apply them the same way.
You may also want to re-apply default NTFS permissions to the system boot partition if you accidentally removed access to parts of the file system you must have for the operating system to function properly.
During setup on an NTFS partition, an Access Control List (ACL) is created for the file system using a predefined set of default security templates. Additionally, components that use the Setup API can also use the [.security] section in their installation (.inf) file(s) to specify their own file security. Both the permissions from the default security templates and the permissions that are set by the .inf files are captured into one "setup security.inf" template.
During setup onto a FAT partition, the same "setup security.inf" template is created. This "setup security.inf" template can be used to set default permissions after using the Convert.exe utility to convert the FAT partition to NTFS.
The following procedure only applies default NTFS security settings to the %Windir% and "Program Files" folders and optional components that get installed through OCM and specifies their security in their INFs and does not apply security to the "Documents and Settings" folder. Although applying "setup security.inf" applies default NTFS permission it will not result in security settings that match a clean NTFS install, security settings that are missing include:
To Apply Default NTFS Security to a Windows 2000 NTFS Boot PartitionWARNING: You must have a full backup of the boot partition before you try this procedure.
If the Computer Does Not Start and Generates a STOP 0xC000021A Error Message on a Blue ScreenIf the administrator has modified permissions, restarted the computer, and now receives an error message on a blue screen, the most likely cause is that the SYSTEM account does not have the required permissions to provide access to the system files and folders.
To restore access to the boot partition:
Article ID: 237399 - Last Review: June 19, 2014 - Revision: 4.0