Favorites list missing some items - ?

[Steve]

A friend of mine is having problems with his Favorites list). The
drop-down list in IE6 is missing many of the folders that show up in
\docs & settings\username\favorites. The option box for "Enable
personalized favorites menu" is not checked. Any ideas? Thanks!

 

[Guest]

Steve - I've had the same problem happen to me. Have you gotten a response that helped? I can't import the whole favorites folder (it won't let me). My favorites are sitting there on the desktop (when I check with Windows Explorer), but I can't get ie to "see" them. Let me know.
Maggie

 

[Alan Edwards]

You are not meant to be able to import the folder, only an exported
file but try checking the Registry to see if the reference has been
altered.

You can change the value of Favorites in the Registry in these
two keys: (ignore the second if the value is not there)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
Folders

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders

....Alan

 

[Guest]

Alan - thanks for the information. Yes - the registry is not pointing to the correct folder. I selected it in regedit and used "modify" to change it. It will not stick. I'm not too experienced at changing the registry. Should I be saving it somehow? (I closed it out and went back into it and the changes were there - I went into IE and my favorites are not there, I restarted the machine and my changes were gone). Any help is appreciated. Thanks.
Maggie

 

[Alan Edwards]

Hi Maggie.
No, you don't need to save it. Changes to the Registry are done when
you modify.
At this stage, I have no idea why the change is not sticking.

What is the name of the incorrect folder?
What is the correct folder?
When you say the changes are gone, do you mean the Registry entries
are reverting to the incorrect folder at restart?

See if you can find any other reference to the incorrect folder in the
Registry. The two Favorites values are the only ones I have come
across, though if there was a similar entry in
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
Folders, it would probably be used.

....Alan

 

[Guest]

Alan - the folder that the registry is pointing to is c:windows/favorites versus my xp login (c:documents and settings/andy&maggie/favorites. The only other entry under the shell file that isn't specific to my user is the "fonts". I guess I can just copy my favorites to the windows/favorites directory, but that won't help me when I add things in the future. Any other suggestions? Thanks.
Maggie

 

[Guest]

Alan - sorry - one more bit of information. I changed the regedit in both the user shell folder and the shell folder. If I change one, and they change the other and go back and check it - it bounces back to c:\windows\favorites again. Kinda of annoying. (This happened to me once before where my favorites got messed up). I created a new login for myself and copied my favorites over to it - not sure why it is happening again). Thanks in advance for your help.
Maggie

 

[Ramesh [MVP]]

Maggie,

You can prevent the registry change for sure (by assigning read-only Permissions to that User Shell Folders path, for your login). But, it would be great if you let us know what application is changing that path wrongly. If using XP Professional, set the auditing for those registry keys:

Phase I: Enable Audit Policy

1. Click Start, Run and type Secpol.msc
2. In the left pane, under Local Policies, click Audit Policy.
3. In the right pane, double-click Audit Object Access, and then select the Success and Failure boxes.

Phase II: Set the keys to be Audited:

1. Now, use Regedit to audit individual keys.
2. Open Registry Editor and click the key you want to audit. (First start with "User Shell Folders" key)
3. On the Edit menu, click Permission; then click Advanced.
4. On the Auditing tab, click Add.
5. Type your username there and add it to the audit list
6. In the Auditing Entry For Name dialog box, in the Access list, select both the Successful and Failed check boxes next to the activities for which you want to audit successful and failed attempts.

Phase III: Inspect the Event Logs for any information on the changed keys/values:

1. Click Start, Run and type Eventvwr.msc
2. In Event Viewer's left pane, click Security.
3. In the right-pane, double-click any entry to see more details.
4. Post the contents of that dialog here

--
Ramesh - Microsoft MVP
Windows XP Shell/User
http://www.mvps.org/sramesh2k

AumHa VSOP: http://www.aumha.org

Alan - sorry - one more bit of information. I changed the regedit in both the user shell folder and the shell folder. If I change one, and they change the other and go back and check it - it bounces back to c:\windows\favorites again. Kinda of annoying. (This happened to me once before where my favorites got messed up). I created a new login for myself and copied my favorites over to it - not sure why it is happening again). Thanks in advance for your help.
Maggie

 

[Alan Edwards]

Hi Maggie.
Look at Ramesh's suggestion but please ensure your syntax is perfect
if you make an alteration (as it is not in your post)
Can you paste the entry here that you are making for a second opinion?
I don't use XP so my standard in Win98 is "C:\Windows\Favorites" but
your "C:\Documents and Settings\logon_name\Favorites" looks standard
if your syntax is corrected.

....Alan

--
Alan Edwards, MS MVP W95/98 Systems
http://dts-l.org/index.html


In microsoft.public.windows.inetexplorer.ie6.browser, "magsred"

 

[Alan Edwards]

Maggie,

I am still concerned that your syntax may not be correct, though I
don't have an XP install to check if invalid syntax does what you
describe.
Make sure IE6 is not running when you change the entry.

....Alan

 

[Ramesh [MVP]]

Syntax - Also a very valid point!

Using FolderRedirector utility to redirect special folders in Windows XP:
http://www.mvps.org/sramesh2k/folderredirector.htm

Download this util and click Favorites in the left side. Click "Restore Default" button.

--
Ramesh - Microsoft MVP
Windows XP Shell/User
http://www.mvps.org/sramesh2k

AumHa VSOP: http://www.aumha.org

Alan - sorry - one more bit of information. I changed the regedit in both the user shell folder and the shell folder. If I change one, and they change the other and go back and check it - it bounces back to c:\windows\favorites again. Kinda of annoying. (This happened to me once before where my favorites got messed up). I created a new login for myself and copied my favorites over to it - not sure why it is happening again). Thanks in advance for your help.
Maggie

 

[Robert Aldwinckle]

it would be great if you let us know what application is changing that path wrongly

Ramesh,

Do we know when these changes are occurring?
If she shuts down with it set the way it should be,
checks immediately after a boot and it isn't set
she'd have to use your auditing idea (or try some fault
isolation with some clean-boot troubleshooting)

<title>KB316434 - How to perform advanced clean-boot troubleshooting in Windows XP</title>


Otherwise (if it occurs sometime after a boot)
she could use RegMon which might be easier
to set up and check. She only needs to monitor one value
so the filter could be very specifically for that.

Sounds like it's a frequent thing which means that diagnostics
would only need to be in place for a short time.


FWIW

Robert Aldwinckle
---


Maggie,

You can prevent the registry change for sure (by assigning read-only Permissions to that User Shell Folders path, for your login).
But, it would be great if you let us know what application is changing that path wrongly. If using XP Professional, set the auditing
for those registry keys:

Phase I: Enable Audit Policy

1. Click Start, Run and type Secpol.msc
2. In the left pane, under Local Policies, click Audit Policy.
3. In the right pane, double-click Audit Object Access, and then select the Success and Failure boxes.

Phase II: Set the keys to be Audited:

1. Now, use Regedit to audit individual keys.
2. Open Registry Editor and click the key you want to audit. (First start with "User Shell Folders" key)
3. On the Edit menu, click Permission; then click Advanced.
4. On the Auditing tab, click Add.
5. Type your username there and add it to the audit list
6. In the Auditing Entry For Name dialog box, in the Access list, select both the Successful and Failed check boxes next to the
activities for which you want to audit successful and failed attempts.

Phase III: Inspect the Event Logs for any information on the changed keys/values:

1. Click Start, Run and type Eventvwr.msc
2. In Event Viewer's left pane, click Security.
3. In the right-pane, double-click any entry to see more details.
4. Post the contents of that dialog here

--
Ramesh - Microsoft MVP
Windows XP Shell/User
http://www.mvps.org/sramesh2k

AumHa VSOP: http://www.aumha.org

Alan - sorry - one more bit of information. I changed the regedit in both the user shell folder and the shell folder. If I change
one, and they change the other and go back and check it - it bounces back to c:\windows\favorites again. Kinda of annoying. (This
happened to me once before where my favorites got messed up). I created a new login for myself and copied my favorites over to it -
not sure why it is happening again). Thanks in advance for your help.
Maggie

 

[Guest]

Ramesh and Alan -
okay - I have to admit I'm getting a little confused here. Here's what I've done and a little more information. I'm running windows xp pro. I have logins for all my kids, myself & my husband, and I left the administrator as a separate login which I control. I had to go into the adminsrator to do most of the things that Ramesh has asked. I have four files in the eventviewer and they are all "failed" so obviously when I think I'm changing the registry I must not be. I need to change the registry in the Andy & Maggie login for shell folder and user shell folder. When I look at them in the Administrator login they are good. I downloaded Ramesh little Folderredirector program and also tried to run in my non-administrative account. It's interesting what happens. When I run the program I can look at cookies, desktop, etc. and they look fine - I could probably even hit the restore default button. When I look at the favorites I get the following error "run-time error '9'; subscript out of range". If I press okay, the redirector closes down. When I run the program as the administrator, the information under favorites is okay.

I looked at the information in the event viewer, but I cannot copy it. Let me know what specific information you want me to get from it.
Maggie

 

[Ramesh [MVP]]

Hi Robert,

True. Using R'Mon might not help if the problem is caused by a startup application or during shutdown. Auditing works in anycase (startup, shutdown, or during normal operation of windows), so I preferred that one (given that we have no clue when this is occuring). The Image Name might give a clue.

--
Ramesh - Microsoft MVP
Windows XP Shell/User
http://www.mvps.org/sramesh2k

AumHa VSOP: http://www.aumha.org

it would be great if you let us know what application is changing that path wrongly

Ramesh,

Do we know when these changes are occurring?
If she shuts down with it set the way it should be,
checks immediately after a boot and it isn't set
she'd have to use your auditing idea (or try some fault
isolation with some clean-boot troubleshooting)

<title>KB316434 - How to perform advanced clean-boot troubleshooting in Windows XP</title>


Otherwise (if it occurs sometime after a boot)
she could use RegMon which might be easier
to set up and check. She only needs to monitor one value
so the filter could be very specifically for that.

Sounds like it's a frequent thing which means that diagnostics
would only need to be in place for a short time.


FWIW

Robert Aldwinckle
---


Maggie,

You can prevent the registry change for sure (by assigning read-only Permissions to that User Shell Folders path, for your login).
But, it would be great if you let us know what application is changing that path wrongly. If using XP Professional, set the auditing
for those registry keys:

Phase I: Enable Audit Policy

1. Click Start, Run and type Secpol.msc
2. In the left pane, under Local Policies, click Audit Policy.
3. In the right pane, double-click Audit Object Access, and then select the Success and Failure boxes.

Phase II: Set the keys to be Audited:

1. Now, use Regedit to audit individual keys.
2. Open Registry Editor and click the key you want to audit. (First start with "User Shell Folders" key)
3. On the Edit menu, click Permission; then click Advanced.
4. On the Auditing tab, click Add.
5. Type your username there and add it to the audit list
6. In the Auditing Entry For Name dialog box, in the Access list, select both the Successful and Failed check boxes next to the
activities for which you want to audit successful and failed attempts.

Phase III: Inspect the Event Logs for any information on the changed keys/values:

1. Click Start, Run and type Eventvwr.msc
2. In Event Viewer's left pane, click Security.
3. In the right-pane, double-click any entry to see more details.
4. Post the contents of that dialog here

--
Ramesh - Microsoft MVP
Windows XP Shell/User
http://www.mvps.org/sramesh2k

AumHa VSOP: http://www.aumha.org

Alan - sorry - one more bit of information. I changed the regedit in both the user shell folder and the shell folder. If I change
one, and they change the other and go back and check it - it bounces back to c:\windows\favorites again. Kinda of annoying. (This
happened to me once before where my favorites got messed up). I created a new login for myself and copied my favorites over to it -
not sure why it is happening again). Thanks in advance for your help.
Maggie

 

[Ramesh [MVP]]

Hi Maggie,

It's probably due to permission issues.

In the Event Viewer, click the 3rd button (with paper icon) and it copies the entire thing to clipboard. Post the contents here.

--
Ramesh - Microsoft MVP
Windows XP Shell/User
http://www.mvps.org/sramesh2k

AumHa VSOP: http://www.aumha.org

Ramesh and Alan -
okay - I have to admit I'm getting a little confused here. Here's what I've done and a little more information. I'm running windows xp pro. I have logins for all my kids, myself & my husband, and I left the administrator as a separate login which I control. I had to go into the adminsrator to do most of the things that Ramesh has asked. I have four files in the eventviewer and they are all "failed" so obviously when I think I'm changing the registry I must not be. I need to change the registry in the Andy & Maggie login for shell folder and user shell folder. When I look at them in the Administrator login they are good. I downloaded Ramesh little Folderredirector program and also tried to run in my non-administrative account. It's interesting what happens. When I run the program I can look at cookies, desktop, etc. and they look fine - I could probably even hit the restore default button. When I look at the favorites I get the following error "run-time error '9'; subscript out of range". If I press okay, the redirector closes down. When I run the program as the administrator, the information under favorites is okay.

I looked at the information in the event viewer, but I cannot copy it. Let me know what specific information you want me to get from it.
Maggie

 

[Guest]

Here you go. I copied two of the several. Maggie


Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 7/7/2004
Time: 3:02:06 PM
User: COMPUTER1\Sean
Computer: COMPUTER1
Description:
Object Open:
Object Server: SC Manager
Object Type: SC_MANAGER OBJECT
Object Name: ServicesActive
Handle ID: -
Operation ID: {0,2141422}
Process ID: 764
Image File Name: C:\WINDOWS\system32\services.exe
Primary User Name: COMPUTER1$
Primary Domain: MSHOME
Primary Logon ID: (0x0,0x3E7)
Client User Name: Sean
Client Domain: COMPUTER1
Client Logon ID: (0x0,0x1F35E8)
Accesses: DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
Connect to service controller
Create a new service
Enumerate services
Lock service database for exclusive access
Query service database lock state
Set last-known-good state of service database

Privileges: -
Restricted Sid Count: 0


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 7/7/2004
Time: 3:02:01 PM
User: COMPUTER1\Sean
Computer: COMPUTER1
Description:
Object Open:
Object Server: SC Manager
Object Type: SC_MANAGER OBJECT
Object Name: ServicesActive
Handle ID: -
Operation ID: {0,2106649}
Process ID: 764
Image File Name: C:\WINDOWS\system32\services.exe
Primary User Name: COMPUTER1$
Primary Domain: MSHOME
Primary Logon ID: (0x0,0x3E7)
Client User Name: Sean
Client Domain: COMPUTER1
Client Logon ID: (0x0,0x1F35E8)
Accesses: DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
Connect to service controller
Create a new service
Enumerate services
Lock service database for exclusive access
Query service database lock state
Set last-known-good state of service database

Privileges: -
Restricted Sid Count: 0


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

[Ramesh [MVP]]

None of them are related to User Shell Folders. See if you have entries reading "User Shell Folders" as the Object Name

Example:
-------------
Object Name: \REGISTRY\USER\S-1-5-21-746137067-651377827-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Handle ID: 1680
Operation ID: {0,901221}
Process ID: 1136
Image File Name: D:\Program Files\Internet Explorer\iexplore.exe
Primary User Name: Ramesh
Primary Domain: SUPERCOMPUTER
-------------------------------------------

Also, post the contents of the User Shell Folders registry key.

--
Ramesh - Microsoft MVP
Windows XP Shell/User
http://www.mvps.org/sramesh2k

AumHa VSOP: http://www.aumha.org

Here you go. I copied two of the several. Maggie


Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 7/7/2004
Time: 3:02:06 PM
User: COMPUTER1\Sean
Computer: COMPUTER1
Description:
Object Open:
Object Server: SC Manager
Object Type: SC_MANAGER OBJECT
Object Name: ServicesActive
Handle ID: -
Operation ID: {0,2141422}
Process ID: 764
Image File Name: C:\WINDOWS\system32\services.exe
Primary User Name: COMPUTER1$
Primary Domain: MSHOME
Primary Logon ID: (0x0,0x3E7)
Client User Name: Sean
Client Domain: COMPUTER1
Client Logon ID: (0x0,0x1F35E8)
Accesses: DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
Connect to service controller
Create a new service
Enumerate services
Lock service database for exclusive access
Query service database lock state
Set last-known-good state of service database

Privileges: -
Restricted Sid Count: 0


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 7/7/2004
Time: 3:02:01 PM
User: COMPUTER1\Sean
Computer: COMPUTER1
Description:
Object Open:
Object Server: SC Manager
Object Type: SC_MANAGER OBJECT
Object Name: ServicesActive
Handle ID: -
Operation ID: {0,2106649}
Process ID: 764
Image File Name: C:\WINDOWS\system32\services.exe
Primary User Name: COMPUTER1$
Primary Domain: MSHOME
Primary Logon ID: (0x0,0x3E7)
Client User Name: Sean
Client Domain: COMPUTER1
Client Logon ID: (0x0,0x1F35E8)
Accesses: DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
Connect to service controller
Create a new service
Enumerate services
Lock service database for exclusive access
Query service database lock state
Set last-known-good state of service database

Privileges: -
Restricted Sid Count: 0


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

[Guest]

Ramesh - none of them were related to the user shell folders. Very odd. Anyway - I changed my account to administrator type and used your program to reset to the defaults and it worked. I then changed myself back to limited in case I get messed up again. Thanks for all your help.

 

[Ramesh [MVP]]

No problem. It might be a syntax error as Alan pointed out (and considering the "subscript out of range" error in that particular routine)

--
Ramesh - Microsoft MVP
Windows XP Shell/User
http://www.mvps.org/sramesh2k

AumHa VSOP: http://www.aumha.org

Ramesh - none of them were related to the user shell folders. Very odd. Anyway - I changed my account to administrator type and used your program to reset to the defaults and it worked. I then changed myself back to limited in case I get messed up again. Thanks for all your help.