Security Policy screwed up????What to do???

  • Thread starter Thread starter BillMadison
  • Start date Start date
B

BillMadison

Hi All,

I was reading up on the windows security guide for XP
(http://www.microsoft.com/downloads/details.aspx?
FamilyID=2d3e25bc-f434-4cc6-a5a7-
09a8a229f118&DisplayLang=en ) and came across some
additional settings for the sceregvl.inf file. (page
92/additional registry settings)

After I adjusted my inf file and reregistered it I came
upon a major problem. When I opened the MMC editor and
went to the security options snap in I didn't see any
listings anymore. The whole list had just vanished.
Since I know I didn't do anything wrong I would most
definitely like to know why it didnt work and why it
doesnt show any settings anymore.
Since I already used this before on my 2000 box and never
encountered any problems like this I am blaming buggy XP
for this.

Even unregistering the dll and reregistering it with the
old inf file I backed up doesnt bring back the list and
still shows up empty. (WHAT THE F... is up with that, the
logic defies me)

GRRRRRRRRRRRRRRRRRRRRRRRRrrr, what the @#%$# is going on
here. Seems like MS should have stayed with the good old
2000 code.
I've been working with windows for over 15 years now and
consider myself not to be a newbie anymore so I know that
I did everything by the book.

Exporting and importing the registry doesn't work since
crappy XP keeps nagging about keys in use so I don't
really know what part of the registry he did in fact re-
import so that also didn't help much.

Anyone out there who knows how I can make these settings
reappear and why this has happened?

Sincerely,
Bill
 
Bill,

My first impression is that when you did the copy and paste from the PDF into the INF file, you had one or more line breaks, in the wrong place, since when pasting into Notepad, it appears there, exactly as it does in the PDF file.

The instructions say to make sure there are no page breaks, but it doesn't warn about line wraps, and virtually every line in the sections to be copied is wrapped. So, unless you went through and "un-wrapped" each and every line, this is likely your problem.
 
Hi Doug,

Well, I told you I was no newbie,...when I copied the
text I made sure that each line had no pagebreaks and
used del to make sure that each line of text that needed
to be on one line was so.
I did that in notepad, afterwards I copied and pasted the
correct text in the inf file. (no word wrap enabled so I
could check)
So that still leaves me wondering and even so if in the
faintest remote possibility that that was the case then
why doesnt the old inf file bring back my settings?

Aaaah, the mysteries of windows I suppose.

Sincerely,
Bill

-----Original Message-----
Bill,

My first impression is that when you did the copy and
Click to expand...
paste from the PDF into the INF file, you had one or more
line breaks, in the wrong place, since when pasting into
Notepad, it appears there, exactly as it does in the PDF
file.
The instructions say to make sure there are no page
Click to expand...
breaks, but it doesn't warn about line wraps, and
virtually every line in the sections to be copied is
wrapped. So, unless you went through and "un-wrapped"
each and every line, this is likely your problem.
 
I don't have an answer for you, at this point, Bill. I have downloaded the documentation, and I'll set up a Pro install under Virtual PC and see if I can duplicate your findings. It'll be tomorrow before I can get to it though.
 
Doug,

That would be great, I have again tested it and used the
old inf file I had from one of my earlier ghosts and used
this on my current XP and again all settings are a noshow
so there must be something else going wrong since the inf
file cannot be corrupt.

Maybe the scecli.dll has been corrupted or something or
maybe NTFS rights come into play,...

How do I know what your test results will be from virtual
PC? Will you post it on this board or do you need my
email?

Sincerely,
B

-----Original Message-----
I don't have an answer for you, at this point, Bill. I
Click to expand...
have downloaded the documentation, and I'll set up a Pro
install under Virtual PC and see if I can duplicate your
findings. It'll be tomorrow before I can get to it
though.
 
Bill,

I was unable to reproduce your situation. I did run across a couple of things that I thought might cause it, but didn't in my testing.

1) When you copy the text from the PDF, you not only have to contend with the line breaks, you also have to contend with the individual page numbers from the PDF file. 101 winds up at the end of:

MACHINE\System\CurrentControlSet\Services\AFD\Parameters\MaximumDynamicBacklog,4,%MaximumDynamicBacklog%,3,10000|%MaximumDynamicBacklog0%,15000|%MaximumDynamicBacklog1%,20000|%MaximumDynamicBacklog2%,40000|%MaximumDynamicBacklog3%,80000|%MaximumDynamicBacklog4%,160000|%MaximumDynamicBacklog5%

And 101 and 102 wind up as individual lines in the Strings section.

However, I tried it both ways, with and without, and re-registering the SCECLI.DLL each time. The only thing that did happen was the description entries in the right pane of GPEDIT had some errors.

2) The other thought was the SCEREGVL.PNF file, being present. This is like a pre-compiled INF file, and at times, the presence of a matching PNF file can over-ride the changes in the INF file. So, I left it in place, re-registered the DLL, deleted it, re-registered the DLL, with no change.

--
Doug Knox, MS-MVP Windows XP/ Windows Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

I'll post my findings here, Bill.
 
Bill,

You say that you have this working except for one setting. Its hard to tell with the way this wraps, but you have two Registry entries listed here.

MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResponseRetransmissions,4,%TcpMaxConnectResponseRetransmissions%,3,0|%TcpMaxConnectResponseRetransmissions0%,1|%TcpMaxConnectResponseRetransmissions1%,2|%TcpMaxConnectResponseRetransmissions2%,3|%TcpMaxConnectResponseRetransmissions3%

And

MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions,4,%TcpMaxDataRetransmissions%,1

Someone sent me this same information from your post via ICQ, and the first thing I noticed was that the two seemed to be one continuous entry. And here, you're saying that its one entry, when it is in fact two.
 
Hi Doug,

Thanks for looking into it. As for your advice on the page numbers, I didn't copy them as one whole
section so I didn't have any page numbers inbetween the registry keys.
I have now been able to add all registry settings in the document without getting the same error but
for one setting it does however still happen which is :

REG key
----------
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResponseRetransmissions,4,%TcpMaxConnectResponseRetransmissions%,3,0|%TcpMaxConnectResponseRetransmissions0%,1|%TcpMaxConnectResponseRetransmissions1%,2|%TcpMaxConnectResponseRetransmissions2%,3|%TcpMaxConnectResponseRetransmissions3%MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions,4,%TcpMaxDataRetransmissions%,1

Matching Strings
--------------------
TcpMaxConnectResponseRetransmissions = "MSS: (TcpMaxConnectResponseRetransmissions) SYN-ACK
retransmissions when a connection request is not acknowledged"

TcpMaxConnectResponseRetransmissions0 = "No retransmission, half-open connections dropped after 3
seconds"

TcpMaxConnectResponseRetransmissions1 = "3 seconds, half-open connections dropped after 9 seconds"

TcpMaxConnectResponseRetransmissions2 = "3 & 6 seconds, half-open connections dropped after 21
seconds"

TcpMaxConnectResponseRetransmissions3 = "3, 6, & 9 seconds, half-open connections dropped after 45
seconds"

Each time I add this one and register the inf file I am unable to see the settings in the security
options page in the MMC editor until I manually deleted the registry key under SecEdit.
This will be pretty hard for you to recreate if not near impossible on your box since I think this
is just one of those things that could have a thousand reasons I suppose.
I will just forget about this one registry setting for now and will install a virtual PC like you
and test it on that see if I can get it to work or find out why it goes wrong. Anyways thnx for the
interest and trouble you put into this.

Kind Regards.
 
Doug is good! :o) At least for your thread, he only had to download a pdf.
I have seen him go to the extreme of installing the Portuguese version of
Windows XP to help someone.



Darnit Doug,

I can't for the love of God figure out how I missed that one :-(
Thats it, after putting that second registry setting back correctly it worked and the setting is now
activated and the security page is showing the settings.
I must have overlooked this since the key
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResp
onseRetransmissions....
was actually there in the registry so I never tried to look further in the inf file.
That darn line just had to be that long and thats why I overlooked it.
But anyways,...thats problem SOLVED :-) thnx

Kind Regards.

ponseRetransmissions,4,%TcpMaxConnectResponseRetransmissions%,3,0|%TcpMaxCon
nectResponseRetransmissions0%,1|%TcpMaxConnectResponseRetransmissions1%,2|%T
cpMaxConnectResponseRetransmissions2%,3|%TcpMaxConnectResponseRetransmission
s3%
smissions,4,%TcpMaxDataRetransmissions%,1
Click to expand...
first thing I noticed was that the two seemed to be one continuous entry.
And here, you're saying that its one entry, when it is in fact two.
Click to expand...
 
<blush>

--
Doug Knox, MS-MVP Windows XP/ Windows Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

Kelly said:
Doug is good! :o) At least for your thread, he only had to download a pdf.
I have seen him go to the extreme of installing the Portuguese version of
Windows XP to help someone.
--
All the Best,
Kelly

MS-MVP Win98/XP
[AE-Windows® XP]

Troubleshooting Windows XP
http://www.kellys-korner-xp.com

Utilities for Windows XP
http://www.kellys-korner-xp.com/xp_u.htm#xp_util
Click to expand...
 
Darnit Doug,

I can't for the love of God figure out how I missed that one :-(
Thats it, after putting that second registry setting back correctly it worked and the setting is now
activated and the security page is showing the settings.
I must have overlooked this since the key
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResponseRetransmissions....
was actually there in the registry so I never tried to look further in the inf file.
That darn line just had to be that long and thats why I overlooked it.
But anyways,...thats problem SOLVED :-) thnx

Kind Regards.
 
"I have seen him go to the extreme of installing the Portuguese version of
Windows XP to help someone."

As BA Baracus would say..."that crazy foo" :-)
He's a dedicated chap alright, I think he just loves what he does by helping people out with their
problems. I like a good puzzle just like the next one and I also tweak and look up as much as I can
about the system I'm using be it 2000, XP, 98,...but when I'm stumped I turn to places where people
like Doug might provide me with an answer. Good place this and always quick responses. Three tumbs
up!

Kind Regards.
 
Back
Top