cloning /reseal process changes the user priviliege

M

mike-ca

i ran into a very strange problem, i am most certain it is a microsoft
bug, just wondering if anyone has encountered the similiar problem

BEFORE CLONING:
1. set "cmiResealPhase" to 0, completes FBA process
2. creates two users "user-1" and "user-2", assign them to "Users"
group
3. login as "user-1", modifies "HKEY_Current_User" reg keys
4. run "fbreseal.exe -keepdomain -keepnet -keepuser -keepmounted",
then reboots

AFTER CLONING:
1. login as "user-1", this user cannot modify the "HKEY_Current_User"
reg keys (Error "Cannot create key: Error writing to the registry)
2. login as "user-2", this user can modify the "HKEY_Current_User" reg
key

both user can modify the files in its own "document and setting"
folders, since both belong to "Users" group, they should be able to
modify their own "HKEY_Current_User" reg keys as well.


before run "fbreseal.exe" i created both users, but ONLY logged in as
"user-1", didn't log in as "user-2", that's the only difference.


thanks
 
K

KM

mike,

Quick questions to clarify the issue:
- do you use NTFS on your target device's OS partition?
- when you say you "both user can modify the files in its own "document and setting" folders", does this mean user1 have full
control over the ntdata.dat file created under his profile folder? Try to delete or modify that file being logged under the user1
after cloning. If you can do that, there is enough permissions for that file.
 
M

mike-ca

KM,

i used NTFS. there is no such file as "ntdata.data" in "document and
settings", in fact, there is no such file in my system at all.

i have found another problem with cloning, i can only run the cloned
image for 2 days before license expires and no longer able to log into
the system. my another image(without cloning) has been running for
more than 2 weeks without encounter the activation problem.

thanks
 
K

KM

Mike,

Sorry, my bad. I meant "\Documents and Settings\<user profile>\ntuser.dat" file.

There have been some issues reported about fbreseal (SP2) on the way how it deals with security permissions on NTFS.
 
M

mike-ca

KM,

not such file on my XPE machine, on my regular xp pro machine, this
file is only present under "documents and settings\All Users"

thanks
 
M

mike-ca

Oh KM,

one more things, is the security permissions on registry is NTFS
related as well?

thanks
 
K

KM

mike,

How come? Are you exploring now the post-FBA or pre-FBA image?
I was certainly referring to post-FBA image since the account profiles are created during FBA. Moreover, you should play with the
file after you logged in the user1 account since it is the time when the ntuser.dat would be created.

Also, please make sure you turn ON the Explorer's option "Show hidden files and folders" because user profile registry hives are
hidden files.
 
M

mike-ca

KM,

i find out why i didn't see that file. why i log in as "user-1" and
changed explorer setting to "show hidden files and folders", this
setting has been reset back to "do not show hidden files and folders"

but why i log in as "user-2", i was able to change that setting and see
"ntuser.data" file.

recap:
PRE CLONING:
1. created users "user-1" and "user-2"
2. logged in as "user-1", but didn't log in as "user-2"

POST CLONING:
1, "user-1" is not able to modify it's own registry
key(HKLM_current_user), not able to set explorer setting to "show
hidden files and folders" or "hide protected OS files".

2. "user-2" is able to do anything such as delete its own keys.....

this is very strange.....

thanks

as why i didn't see those files under my regular XP Pro, i used the
explorer's search option, it didn't find those files, but they actually
are there.
 
K

KM

mike,

So.. now when you are able to see the files, for the user1 please check it out what NTFS permission are set on the user's ntuser.dat
file BEFORE the cloning and AFTER the cloning.
If nothing suspicious is there, you please feel free to report this but to Microsoft.

Also, I assume both users belong to the same group - Power Users?
Also, is there any chance someone did another script or etc. on your image that might be changing something in user permissions or
etc.? (just remembering the other thread with you that was finished recently)
 
K

KM

Nope.

Unless you explicitly set NTFS permission on the registry hive files. But this is highly unrecommend since you may get your system
locked by such.
 
M

mike-ca

KM,

nothing suspecious as far as NTFS permission settings. also, no script
has changed my user permission.

both users belong to "Users" group not "Power Users" group.

only difference is before running "fbreseal.exe", i logged in as
"user-1", but didn't log in as "user-2". this is very strange indeed.


i will now just create those two users then run "fbreseal" without
logging in either user.

thanks!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

fbreseal corrupts user permissions 1
FBRESEAL changes Start Menu/Taskbar options 3
Changed security settings error 0
Manual reseal and hiding the "FBReseal" window on 1st boot? 4
Image changes after cloning 2
Sigh... fbreseal nukes policy and registry changes, does random s 3
Procedure: Customizing Default User settings 4
how to overwrite the registry value in administrator/user account 8

Top