[blackwingcat]

Windows XP is extended Wellknown SID

S-1-5-19 NT AUTHORITY\LOCAL SERVICE
S-1-5-20 NT AUTHORITY\NETWORK SERVICE

how can add these SID on Windows 2000 ?

I try to add registory

HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\S-1-5-19
HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\S-1-5-20
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20

But no effect.
Are there any ideas ?

[allen2]

Just an idea : Did you also tried to replace the whole security hive from an xp (perhaps with also the SAM hive) ?

[blackwingcat]

allen2, on 08 December 2012 - 03:59 AM, said:

Just an idea : Did you also tried to replace the whole security hive from an xp (perhaps with also the SAM hive) ?

Result: Security error. Windows 2000 can't boot.
Thx

[Phenomic]

Have you tried \system32\regedt32.exe > Security > Permissions ?

[blackwingcat]

Phenomic, on 13 December 2012 - 07:47 AM, said:

Have you tried \system32\regedt32.exe > Security > Permissions ?

Hi,

Windows 2000 does not have "NT Authority\LocalService" and "NT Authority\NetworkService" which is username.
So I want to create them.

[allen2]

I can't be sure but if it is hard coded somewhere it should be in Lsasrv.dll as it is the dll used for most security things.

[dencorso]

blackwingcat, on 07 December 2012 - 11:17 PM, said:

I try to add to registry

HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\S-1-5-19
HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\S-1-5-20
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20

But no effect.

Did you try it from outside Win 2k... say, by booting a Win PE CD, then importing the relevant hive, adding the users to it, and saving it back?

[blackwingcat]

Umm...

When I access XP Driver from Windows 2000, I can't find LocalService and NetworkService folders in C:\Documents and Settings\.
Are anyone know the reason ?

[dencorso]

They are hidden by default. If you're working with XP on NTFS, you'll need to take ownership of everything from Documents and Settings downwards... Your life would be much easier if you were working with XP on FAT-32...

[blackwingcat]

Of course I set "system super hidden folder shown" folder option.
There are not these folders physically

dencorso, on 14 December 2012 - 12:02 AM, said:

They are hidden by default. If you're working with XP on NTFS, you'll need to take ownership of everything from Documents and Settings downwards... Your life would be much easier if you were working with XP on FAT-32...

[Phenomic]

Have you tried opening the System hive off-line from another instance of Win2k or XP?

REG.EXE load "HKLM\_offline_" ...\system

Then it's just a database.

[jimmsta]

The issue is that on XP+ there are folders with ntuser.dat registry hives dedicated to these hidden users - on 2000, that's not the case. 2000 doesn't have these users nor their corresponding ntuser.dat hives. As such, some form of registry redirection will need to take place to handle applications that try to write to the 'hidden' service hives. I have no idea how BWC will get this working on 2000. As far as I know, those users/hives aren't used by anything but Windows core services - adding the users themselves to the registry is only one part of the equation.