Build 615 Multiple Profiles Bug and Fix

[Kevan Brown]

Apparently when the build 615 installer upgrades an
earlier build of Microsoft AntiSpyware, it is screwing
with the permissions setting on the
HKEY_LOCAL_MACHINE\SOFTWARE\Classes registry key and in
turn setting the permissions on all of the GIANT
AntiSpyware COM registry keys so that only the user who
installed the upgrade can access them. This causes the
program to generate the following error message when a
different user logs into the system: "Unexpected Error;
Quitting".

The resolution is to go explicitly grant the built-in
SYSTEM account Full Control on the
HKEY_LOCAL_MACHINE\SOFTWARE\Classes registry key. This
somehow then resets it so that it picks up the permissions
it should already be inheriting, and also resets the GIANT
AntiSpyware COM registry keys to the permissions they
should already be inheriting.

I haven't seen this problem on any machines where build
615 was installed fresh; without upgrading from a previous
build.

I found that this problem also affected another Microsoft
installer used by Microsoft Virtual Server 2005. The same
fix resolved that problem as well.

Kevan Brown

 

[Bill Riley]

-----Original Message-----
Apparently when the build 615 installer upgrades an
earlier build of Microsoft AntiSpyware, it is screwing
with the permissions setting on the
HKEY_LOCAL_MACHINE\SOFTWARE\Classes registry key and in
turn setting the permissions on all of the GIANT
AntiSpyware COM registry keys so that only the user who
installed the upgrade can access them. This causes the
program to generate the following error message when a
different user logs into the system: "Unexpected Error;
Quitting".

The resolution is to go explicitly grant the built-in
SYSTEM account Full Control on the
HKEY_LOCAL_MACHINE\SOFTWARE\Classes registry key. This
somehow then resets it so that it picks up the permissions
it should already be inheriting, and also resets the GIANT
AntiSpyware COM registry keys to the permissions they
should already be inheriting.

I haven't seen this problem on any machines where build
615 was installed fresh; without upgrading from a previous
build.

I found that this problem also affected another Microsoft
installer used by Microsoft Virtual Server 2005. The same
fix resolved that problem as well.

Kevan Brown
.
Kevan: Could you be a little more specific with the Fix

for this problem? Which Keys are you changing and what
are you changing them to? Thanks Bill

 

[Kevan Brown]

Bill,

As I said in my original post, I am explicitly granting
the built-in SYSTEM account Full Control on
HKEY_LOCAL_MACHINE\SOFTWARE\Classes. After doing this,
that key, as well as all of the Giant AntiSpyware COM keys
reset their permissions to the appropriate inherited ACL
settings.

Kevan

 

[Robin Walker [MVP]]

As I said in my original post, I am explicitly granting
the built-in SYSTEM account Full Control on
HKEY_LOCAL_MACHINE\SOFTWARE\Classes.

But that's the default permission for SYSTEM on this key, even for the many
millions who have installed MSAS. So this fix does not explain how the
permissions came to need this change. Before you made this change, what
permissions existed on this key?

The other permissions normally on this key are:

Administrators: Full,Read
Creator Owner: Full on sub-keys only.
Power Users: (Special)
Users: Read only

Are you running any third-party security utilities?

 

[Kevan Brown]

That's right, the default permissions are supposed to be
what you listed. Those are what should be inherited on
that key. However, on several machines I've seen that the
permissions on this key have been set to Everyone:Full
Control, which seems to screw-up the MSAS installer.
Oddly enough, at the same time that the DACL shows this,
the inheritence box on the Advanced tab is checked. Once
I made this simple permissions change of explicitly
granting SYSTEM Full Control, the inheritable permissions
re-appeared.

No, I am not running any 3rd party security tools.

Kevan Brown

-----Original Message-----

As I said in my original post, I am explicitly granting
the built-in SYSTEM account Full Control on
HKEY_LOCAL_MACHINE\SOFTWARE\Classes.

But that's the default permission for SYSTEM on this key, even for the many
millions who have installed MSAS. So this fix does not explain how the
permissions came to need this change. Before you made this change, what
permissions existed on this key?

The other permissions normally on this key are:

Administrators: Full,Read
Creator Owner: Full on sub-keys only.
Power Users: (Special)
Users: Read only

Are you running any third-party security utilities?

--
Robin Walker [MVP Networking]
(e-mail address removed)


.

 

[Lappen]

I only wanted to say that I tested this, I added System and gave it full
access and all the normal permissions reappeared, after that I removed
everyone restarted the computer and it works again on the other admin users
that it wouldn't before! So a bit THANK YOU Kevan!



//Lappen

That's right, the default permissions are supposed to be
what you listed. Those are what should be inherited on
that key. However, on several machines I've seen that the
permissions on this key have been set to Everyone:Full
Control, which seems to screw-up the MSAS installer.
Oddly enough, at the same time that the DACL shows this,
the inheritence box on the Advanced tab is checked. Once
I made this simple permissions change of explicitly
granting SYSTEM Full Control, the inheritable permissions
re-appeared.

No, I am not running any 3rd party security tools.

Kevan Brown

-----Original Message-----

As I said in my original post, I am explicitly granting
the built-in SYSTEM account Full Control on
HKEY_LOCAL_MACHINE\SOFTWARE\Classes.

But that's the default permission for SYSTEM on this key, even for the many
millions who have installed MSAS. So this fix does not explain how the
permissions came to need this change. Before you made this change, what
permissions existed on this key?

The other permissions normally on this key are:

Administrators: Full,Read
Creator Owner: Full on sub-keys only.
Power Users: (Special)
Users: Read only

Are you running any third-party security utilities?

--
Robin Walker [MVP Networking]
(e-mail address removed)


.