Local Security Policy automatically resets

B

Bob S

I having difficulties getting an XP Pro machine on my LAN to share it's printer. I've traced the problem down to having
an undefined Local Policies | User Rights Assignment | Access this computer from the network. When I add any user or
group account to the policy the system will erase the account within five minutes. I can use the printer remotely for
the few minutes before the value is removed.

Why is the system removing the value?

This machine used to be part of a domain and I removed it from the domain. It is now just part of a workgroup. I also
modified some values in the LSP but I don't see what would have caused the problem. I also installed MS Antispyware
beta, which I have since removed.

Any ideas would be greatly appreciated.
 
D

David H. Lipman

From: "Bob S" <[email protected]>

| I having difficulties getting an XP Pro machine on my LAN to share it's printer. I've
| traced the problem down to having an undefined Local Policies | User Rights Assignment |
| Access this computer from the network. When I add any user or group account to the policy
| the system will erase the account within five minutes. I can use the printer remotely for
| the few minutes before the value is removed.
|
| Why is the system removing the value?
|
| This machine used to be part of a domain and I removed it from the domain. It is now just
| part of a workgroup. I also modified some values in the LSP but I don't see what would
| have caused the problem. I also installed MS Antispyware beta, which I have since
| removed.
|
| Any ideas would be greatly appreciated.


What share a printer via a WinXP PC ?

It is far better to use a HP JetDirect Print Server and have the computers print to its IP
address.

This alleviates having loading File and Print Shares on the workstation and using someones
PC as a print server.
 
B

Bob S

Dave,

It is what I have. This is a home network and I want to share the printer.

The problem is that I can't make changes to LSP that stick.

Bob
 
D

David H. Lipman

From: "Bob S" <[email protected]>

| Dave,
|
| It is what I have. This is a home network and I want to share the printer.
|
| The problem is that I can't make changes to LSP that stick.
|
| Bob
|

OK. The way you posted the query, I came to the faux conclusion this was a
business/enterprise situation and not a SOHO LAN.

I have to assume that its being part of a Domain had something to do with it and I wonder if
there are some HLM\ Local or Group policies in the Registry that are blocking its use.

Look through the below for printer restrictions...

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects
 
B

Bob S

Dave,

It isn't that I can't print. The problem is that I can't get network policies to stick in Local Policy Editor. It
looks like the policy is getting stepped on by a group policy, but it isn't part of a group. I've found the Local
computer policy and I can't get it to stick either.

I can change other values such as audit policies and they don't revert back. You can see where the privlege is revoke
in the Security log by computer$ (system). I've watched files get accessed using filemon from sysinternals and I've
tracked it down to lsass.exe removing the privilege.

Why is the system stepping my security policies? Is there some sort of "security lock" similar to Windows System File
lock. Am I running in some sort of corrupted or temporary security context?
Bob
 
D

David H. Lipman

From: "Bob S" <[email protected]>

| Dave,
|
| It isn't that I can't print. The problem is that I can't get network policies to stick in
| Local Policy Editor. It looks like the policy is getting stepped on by a group policy,
| but it isn't part of a group. I've found the Local computer policy and I can't get it to
| stick either.
|
| I can change other values such as audit policies and they don't revert back. You can see
| where the privlege is revoke in the Security log by computer$ (system). I've watched
| files get accessed using filemon from sysinternals and I've tracked it down to lsass.exe
| removing the privilege.
|
| Why is the system stepping my security policies? Is there some sort of "security lock"
| similar to Windows System File lock. Am I running in some sort of corrupted or temporary
| security context? Bob


I don't know. The ONLY thing I can think of is to sysprep the PC so all SIDs are stripped.

I know it isn't the best answer :-(
 
S

Steven L Umbach

A recent poster had the same problem and it was malware that kept resetting
his user right for access this computer from the network. Make sure you
check your computer for malware. Try to enable auditing of policy change in
Local Security Policy and then look in the security log for events that
indicate that a user right was changed but it sounds malware related and it
is triggered to reapply some settings on a regular basis. --- Steve

http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Local Security Policy resets 5
can't modify local security settings 2
Local Policy Update Using Remote Registry Edit 6
Error Message when opening Local Security Policy 1
Local Security Policy - SECPOL.MSC 2
Debug Programs local security setting - problem 3
Can't Modify Local Security Setting - Windows XP SP 2 7
Unable to change security settings in workgroup computer 1

Top