J
John Ward
I am at a loss. I am running XP Pro SP1 with all of the latest patches. I
am also running NAV Pro 2003 and Kerio Personal Firewall. I am logged in
as myself who has administrator rights.
I cannot run the copy of cmd.exe located in the C:\Windows\System32 folder.
When I do Start/Run/cmd.exe, I get an error message (see links to screen
snapshots below). When I use explorer an traverse to the
C:\Windows\System32 folder and attempt to launch cmd.exe I get the same
message. I cannot run a batch file or a .cmd file.
I have ran a complete system scan and also ran a web based virus scan from
another vendor. I have also ran two spyware checkers. Nothing unusual was
reported.
I found a copy of cmd.exe in the C:\Windows\System32\DllCache folder and I
can run that copy fine from that folder. I performed a binary file
comparison in addition to copying cmd.exe in DllCache folder to the System32
directory.
When I run the cmd.exe copy in the DllCache folder, then move up to the
System32 folder and attempt to launch another copy of the command processor,
I get the error message "Access Denied" (you can see this screen snapshot as
well as the one above at the URL http://www.b4ward.com/help
I have checked the registry values in
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explore
r an made sure DisallowRun was set to 0 if it existed
I am just connected to a Workgroup, so I turned off Simple sharing and
checked the Security tab on the c:\windows\system32\cmd.exe file and found
settings similar to what is shown here by the cacls.exe program:
Just to see what the difference was, I also ran cacls on the copy of
cmd.exe in the Dllcache directory. This is the results.
So far, no matted what I have tried has not worked. To me, it seams like a
security problem. Is my UserID's authority table hosed?
Can I just deleted cmd.exe? If I do this, I would imagine I would need to
correct the comspec environment variable and set a new path.
Has anyone heard of this? Does anyone have any ideas what I should try
next?
It is possible some process is opening up cmd.exe in exclusive mode so I
cannot run another copy?
Thanks in advance,
John
am also running NAV Pro 2003 and Kerio Personal Firewall. I am logged in
as myself who has administrator rights.
I cannot run the copy of cmd.exe located in the C:\Windows\System32 folder.
When I do Start/Run/cmd.exe, I get an error message (see links to screen
snapshots below). When I use explorer an traverse to the
C:\Windows\System32 folder and attempt to launch cmd.exe I get the same
message. I cannot run a batch file or a .cmd file.
I have ran a complete system scan and also ran a web based virus scan from
another vendor. I have also ran two spyware checkers. Nothing unusual was
reported.
I found a copy of cmd.exe in the C:\Windows\System32\DllCache folder and I
can run that copy fine from that folder. I performed a binary file
comparison in addition to copying cmd.exe in DllCache folder to the System32
directory.
When I run the cmd.exe copy in the DllCache folder, then move up to the
System32 folder and attempt to launch another copy of the command processor,
I get the error message "Access Denied" (you can see this screen snapshot as
well as the one above at the URL http://www.b4ward.com/help
I have checked the registry values in
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explore
r an made sure DisallowRun was set to 0 if it existed
I am just connected to a Workgroup, so I turned off Simple sharing and
checked the Security tab on the c:\windows\system32\cmd.exe file and found
settings similar to what is shown here by the cacls.exe program:
C:\WINDOWS\system32\cmd.exe
BUILTIN\Administrators:F
BUILTIN\Power Users:R
NT AUTHORITY\SYSTEM:F
BUILTIN\Users:R
Just to see what the difference was, I also ran cacls on the copy of
cmd.exe in the Dllcache directory. This is the results.
C:\WINDOWS\system32\dllcache\cmd.exe
BUILTIN\Administrators:F
NT AUTHORITY\SYSTEM:F
So far, no matted what I have tried has not worked. To me, it seams like a
security problem. Is my UserID's authority table hosed?
Can I just deleted cmd.exe? If I do this, I would imagine I would need to
correct the comspec environment variable and set a new path.
Has anyone heard of this? Does anyone have any ideas what I should try
next?
It is possible some process is opening up cmd.exe in exclusive mode so I
cannot run another copy?
Thanks in advance,
John