There's always a "However"

  • Thread starter Thread starter PaulFXH
  • Start date Start date
Hi CQ
Thanks for your comments.
Here are some answers to the points you raised:
-OS before SP2 install was just plain WinXP w/o SP1 as this is what I
got after repair-install
- HDD is 80GB and also have usb HDD of 160 GB capacity
-Yes, I use an administrator's account
-Unfortunately, I have no idea what you mean by "custom permissions
lock-down, either
explicitly or as a side-effect of any "hardening" tool".
-No malware, that I'm aware of, was on my computer at the time but I
did have both AVG free and Avast functioning when I installed SP2.
-The tool I used is as described in the link shown in my previous post
and is as follows:
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=systems=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f

Any further comments or ideas would be much appreciated
Thanks
Paul
 
PaulFXH said:
Hi CQ
Thanks for your comments.
Here are some answers to the points you raised:
-OS before SP2 install was just plain WinXP w/o SP1 as this is what I
got after repair-install
- HDD is 80GB and also have usb HDD of 160 GB capacity
-Yes, I use an administrator's account
-Unfortunately, I have no idea what you mean by "custom permissions
lock-down, either
explicitly or as a side-effect of any "hardening" tool".
-No malware, that I'm aware of, was on my computer at the time but I
did have both AVG free and Avast functioning when I installed SP2.
-The tool I used is as described in the link shown in my previous post
and is as follows:
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=systems=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f

Any further comments or ideas would be much appreciated
Thanks
Paul
Click to expand...

You shouldn't have any anti-virus running when installing SP2 and you should
never have two antivrus running at the same time. Out of hundreds of times
installing SP2 the only time I ever had a problem was due to an antivrus
running. When installing Windows you do it in this order if you don't have a
SP2 slipstreamed CD.

1) Download SP2 and burn it to CD.
2) Physically disconnect computer from any network and/or Internet. This
means unplug the network cable.
3) Physically disconnect any USB devices other than a keyboard or mouse.
4) Physically disconnect any firewire devices.
5) Physically disconnect any internal memory card readers. Also disconnect
any hard drives other than the one you intend to install Windows on if they
have any formatted partitions on them. If you want to dual boot then you may
have to ignore this tip.
6) Perform clean install of Windows or factory restore of system.
7) Install SP2 from CD
8) Confirm Windows firewall is running.
9) You can now finish installing drivers, programs, connect to
Internet/network, hook up devices or whatever.

Kerry
 
Kerry
Thank you for your admonishments and advice which I will keep in mind
should I ever have to carry out a re-installation of Windows.
For the moment I would be interested to hear from you which of the
deviations from your list of rules for this operation led to the
alteration of permission levels on (what appeared to be) a sizable
number of (if not all) registry keys.
In addition, remember that my original question was, given that I
rectified my problem by opening the permission to ALL of my registry
keys, should I expect consequent problems in the near future? If so,
what's the solution other than to start over and this time adhere to
your advised list of rules.
Thanks once again,
Paul
 
PaulFXH said:
Kerry
Thank you for your admonishments and advice which I will keep in mind
should I ever have to carry out a re-installation of Windows.
For the moment I would be interested to hear from you which of the
deviations from your list of rules for this operation led to the
alteration of permission levels on (what appeared to be) a sizable
number of (if not all) registry keys.
In addition, remember that my original question was, given that I
rectified my problem by opening the permission to ALL of my registry
keys, should I expect consequent problems in the near future? If so,
what's the solution other than to start over and this time adhere to
your advised list of rules.
Thanks once again,
Paul
Click to expand...

As I said before it is likely no one knows if you will experience problems
or not because of the registry permission changes you made. The problem may
have been caused by having programs running while you were trying to install
SP2. In particular you have to uninstall most anti-virus/spyware/malware
apps before installing SP2 and then re-install them afterwards. It's a pain
but I've learned the hard way that it's the best way. Disabling them
sometimes isn't enough. Although I haven't experienced it others have had
problems installing SP2 because of prior applications installed or
modifications/tweaks to Windows. I did work on one laptop where the customer
had made so many changes trying to install SP2 that a clean install was the
quickest and cheapest way to get it working for him. In the end it turned
out to be a USB web cam that was incompatible with SP2 (similar to your USB
card problem). Once SP2 was installed on a clean Windows install it was easy
to start re-installing devices and apps to figure out the problematic one.
This may be the route you have to go to get things back to a known good
configuration.

Kerry
 
Tom said:
when it comes to straight forward questions like this, where do all the
ms-mvps go/
Click to expand...

They take their dog for a walk and stop in the local pub to discuss the
issue. After a bit, it's no longer an issue :)
 
SP2 has nothing to do with it, as I did not have the problem after SP2, only
after the three Dec updates.
 
On 9 Jan 2006 08:30:37 -0800 said:
Hi CQ
Hi!

-OS before SP2 install was just plain WinXP w/o SP1 as this is what I
got after repair-install
Click to expand...

OK. What prompted the repair install?
- HDD is 80GB and also have usb HDD of 160 GB capacity
OK...

-Yes, I use an administrator's account
Click to expand...

OK; that was the most likely issue.
-Unfortunately, I have no idea what you mean by "custom permissions
lock-down, either explicitly or as a side-effect of any "hardening" tool".
Click to expand...

There's an incredible abount of fine-grained control available in NT
(XP), applied to both registry keys and (if NTFS) files. In XP Pro,
this can be applied from domain controllers and/or via group policy;in
XP Home, this is limited to a few preset account types.

All of that is AFAIK; I don't use this sort of defence at all.

So I was thinking that your original system may have had some
non-standard permissions settings.

Perhaps these were applied directly after some "tip", e.g. "block XXX
by making these changes" or "apply this .REG to protect against...".

Or perhaps they were applied by some more general tool, like some of
those "do iit for me" wixard-y "system admin in a can" things.

Or perhaps they were applied by malware, and remained in effect after
that malware was removed. Given that a "repair" install is supposed
to be "safe" because "you won't lose your settings", the install may
not have cleared those settings, but while the settings may not have
hindered the install, they might trip up SP2. That may even have been
the intention of the malware that applied them - to break patching.
-No malware, that I'm aware of, was on my computer at the time but I
did have both AVG free and Avast functioning when I installed SP2.
Click to expand...

OK. I presume you were offline during the install, and the SP2 file
set was from a reputable source and not full of CIH etc.
-The tool I used is as described in the link shown in my previous post
and is as follows:
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=systems=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f
Click to expand...

I'm not familiar with that tool - in fact, when it comes to
permissions and so on, you may do better in a newsgroup which attracts
more of a sysadmin audience, e.g. security or "system management"
(e.g.security_admin, configuration_manage)


---------- ----- ---- --- -- - - - -
Click to expand...
Don't pay malware vendors - boycott Sony
 
Now I'm confused. I was replying to PaulFHX who posted the original problem
about installing SP2. You obviously have a different problem.

Kerry
 
only different symptoms, trust me.


Kerry Brown said:
Now I'm confused. I was replying to PaulFHX who posted the original
problem about installing SP2. You obviously have a different problem.

Kerry
Click to expand...
 
Back
Top