Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

POSReady 2009 updates ported to Windows XP SP3 ENU

- - - - -

  • Please log in to reply
453 replies to this topic

#451
cdob

cdob

    MSFN Expert

  • Member
  • PipPipPipPipPipPip
  • 1,029 posts
  • Joined 29-September 05

https://technet.micr...5.aspx#ID0EBEAE
https://technet.micr...1.aspx#ID0E3NAC
https://technet.micr...0.aspx#ID0EOIAC

 

Windows Server 2003 is listed as an affected product; why is Microsoft not issuing an update for it?

 

https://support.micr... Server 2003 R2
2003 is supported til 7/14/2015, but it's not fixed currently.

There is no 2003 fix and not for POSReady 2009.
What to do at POSReady 2009?




How to remove advertisement from MSFN

#452
dencorso

dencorso

    Iuvat plus qui nihil obstat

  • Supervisor
  • 5,841 posts
  • Joined 07-April 07
  • OS:98SE
  • Country: Country Flag

Donator

There is no 2003 fix and not for POSReady 2009.
What to do at POSReady 2009?


Be careful, and hope for the best. What else? dubbio.gif

#453
w2k4eva

w2k4eva
  • Member
  • 9 posts
  • Joined 07-April 15
  • OS:none specified
  • Country: Country Flag

KB3021674 is is userenv.dll version 5.1.2600.6689, as a matter of fact.
It did not cause that error in any of my 4 XP machines, but something wrong may have happened when you installed it.
I don't think your machine is in any deep trouble, however: on the contrary, I think that's a minor glitch that may be ignored for now, but probably can be fixed, with some patience.

 

I think I figured out what's going on, at least for my own system since I've gotten rid of those eventlog entries. And it seems just KB3021674 is the immediate culprit since the KB mentions that one "could leverage the Windows User Profile Service (ProfSvc) to load registry hives that are associated with other user accounts". I think the Local Service and Network Service used to do exactly this to borrow access they should not have had, possibly from SYSTEM, which is why it used to work for me before the update but afterward didn't and actually never should have, given some of my file permission settings. The good news is that the update does not need to be uninstalled to solve it.

 

The first clue is in a thread about this update going wrong for Vista/W7 users, but the basic outline is the same for XP and/or WEPOS 2009 as well even though nobody mentions it... see the third post by Susan Bradley on  http://answers.micro...c52f3854?page=3

 

To dencorso and glnz, could you both check what account is the owner of the folders:

C:\Documents and Settings\Default User

C:\Documents and Settings\Local Service

C:\Documents and Settings\Network Service

C:\Documents and Settings\ (your account name)

Mine are all owned by the "Administators" group, I'm thinking that glnz may have this too but perhaps dencorso does not?

 

Also could you both open a cmd prompt and type

cd c:\Documents and Settings

cacls "Default User" > perms.txt

cacls LocalService >> perms.txt

cacls NetworkService >> perms.txt

cacls (your account name) >> perms.txt

then paste the contents of perms.txt here?

 

In my case these showed that neither Local Service nor Network Service had any access to their own profiles since they were not the owner. The way I see it, the ideal solution would be to change the owner from Administrators group to Local Service and Network Service but the UI does not give me any way to do that... it can TAKE ownership but not give it away, and having it owned by either me or Administrator would not solve the problem.

 

The other interesting post is on page 4 of that thread, in the Susan Bradley reply near the bottom, with the screen shots. But instead of focussing on "anyUser" as she does, check out NT AUTHORITY\Local Service and NT AUTHORITY\Network Service - giving them Full Control solved it for me. Also I had to do this for the entire folder (I also propagated to all children while I was at it), not just the files ntuser.dat and usrclass.dat - doing just those 2 files replaced the 6 errors with a pair of 1500's but didn't completely solve it. And yes, the mystery profiles for Temp and TEMP.NT AUTHORITY went away on their own after a reboot once I fixed all the permisssions, I did not need to manually delete the temporary profiles.

 

If you have XP Pro you could follow the screenshots but for Home you would have to either reboot to safemode (so the normally missing security tab can appear on the property sheet), or use the command line to enter

cd c:\Documents and Settings

cacls LocalService /t /e /g "NT AUTHORITY\LOCAL SERVICE":F

cacls NetworkService /t /e /g "NT AUTHORITY\NETWORK SERVICE":F

then either way, reboot. This worked for me.



#454
glnz

glnz

    Junior

  • Member
  • Pip
  • 66 posts
  • Joined 25-January 11
  • OS:XP Pro x86
  • Country: Country Flag

w2k4eva:  First, a word of appreciation for your hard work!  I don't understand yet what you've found, but you've clearly spent some time on it and found some smart clues.  Many thanks.

 

If I'm hitting the right buttons*, I confirm that

C:\Documents and Settings\Default User

C:\Documents and Settings\Local Service

C:\Documents and Settings\Network Service

C:\Documents and Settings\ (your account name)

are all "owned" by Administrators (DELLOPTIPLEX755\Administrators).   [FYI - DELLOPTIPLEX755 is the name of my XP Pro SP3 computer.]

 

[* On each of the above folders, I did right-click -- Properties -- Security -- Advanced -- Owner.  Correct?  And you are correct that there is no option shown to change "Owner" to LocalService or NetworkService.]

 

I turned your suggested cmd request into a .bat file, and here are the results:

 

C:\Documents and Settings\Default User NT AUTHORITY\SYSTEM:(OI)(CI)F
                                       BUILTIN\Administrators:(OI)(CI)F
                                       BUILTIN\Users:R
                                       BUILTIN\Users:(OI)(CI)(IO)(special access:)                                                                 GENERIC_READ
                                                                 GENERIC_EXECUTE
 
                                       BUILTIN\Power Users:R
                                       BUILTIN\Power Users:(OI)(CI)(IO)(special access:)                                                                       GENERIC_READ
                                                                       GENERIC_EXECUTE
 
                                       Everyone:R
                                       Everyone:(OI)(CI)(IO)(special access:)                                                            GENERIC_READ
                                                            GENERIC_EXECUTE
 

C:\Documents and Settings\LocalService NT AUTHORITY\LOCAL SERVICE:F
                                       NT AUTHORITY\SYSTEM:F
                                       BUILTIN\Administrators:F
                                       NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)F
                                       NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
                                       BUILTIN\Administrators:(OI)(CI)(IO)F

C:\Documents and Settings\NetworkService NT AUTHORITY\NETWORK SERVICE:F
                                         NT AUTHORITY\SYSTEM:F
                                         BUILTIN\Administrators:F
                                         NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(IO)F
                                         NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
                                         BUILTIN\Administrators:(OI)(CI)(IO)F

C:\Documents and Settings\glnz DELLOPTIPLEX755\glnz:F
                                      NT AUTHORITY\SYSTEM:F
                                      BUILTIN\Administrators:F
                                      DELLOPTIPLEX755\glnz:(OI)(CI)(IO)F
                                      NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
                                      BUILTIN\Administrators:(OI)(CI)(IO)F
 

I'm not going to try your fix yet.  Would like to see first your response to the above and how others are faring.  I'm the most noob person posting here (I hope), and it's best for me to watch the experts (such as yourself) first.  Ever see Disney's "The Sorcerer's Apprentice"?


glnz      old Dell Optiplex 755DT XP Pro SP3 and new Optiplex 7010MT dual-booting Win7 Pro 64-bit and Win 8.1 Pro 64-bit (maybe soon Win 10?)





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users