G
Guest
I have been fighting a battle with a computer lab that needed to have
Administrator rights with all USB (thumb, flash, pen, keychain, insert you
term here) drives that were installed. I tried all information that I could
find on the Internet with no success. I finally found the culprit in an
obscure post (thanks PiqueABoo from edugeek.net), corrupt crypto services. I
just thought I'd pass on the info with all of the steps that I tried. My
solution may not work for you, but it will stop you from having to look
anywhere else for the other solutions that may work for you.
Resolution:
Microsoft KB 822798 Method 3 http://support.microsoft.com/kb/822798
Method 3: Rename the Catroot2 folder
Rename the Catroot2 folder (Windows XP and Windows Server 2003 only), and
then try to install the program again.
Note Skip this method if the operating system is Windows 2000.
To rename the Catroot2 folder, follow these steps:
1. Click Start, click Run, type cmd, and then click OK.
2. At the command prompt, type the following commands, and then press ENTER
after each line:
net stop cryptsvc
ren %systemroot%\System32\Catroot2
oldcatroot2
net start cryptsvc
exit
3. Remove all tmp*.cat files from the following folder:
%systemroot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
Other Candidates (which all did not work, or I would not implement):
1. Give all users admin rights to the machine then create a GPO to take
away access to sensitive/ problem areas (Hell no!)
2. Give users rights to (a) format/ eject media and/or (b) rights to
install/ remove drivers (I highly do not recommend "b" for security reasons):
In a GPO change
a. Computer Configuration...Windows Settings...Security Settings...Local
Policies/Security Options...Devices: Allowed to format and eject removable
media to Administrators and Interactive Users
b. Computer Configuration...Windows Settings...Security Settings...Local
Policies/ User Rights Assignment...Load and unload device drivers to give
rights to group
3. Install third party software:
a. USBDLM - USB Drive Letter Manager www.uwe-sieber.de/usbdlm_e.html
(great software to set USB drives to have the same drive letter every time a
drive is plugged in, just doesn't fix this particular problem)
b. A great Autoit script named allow_USB_jump_drives (how
appropriate_which needs admin rights to install btw)
http://www.novell.com/coolsolutions/tools/16306.html (Thanks Jeremy Mlazovsky)
4. Change permissions on files associated with USB devices
Give users full rights to
a. USBSTOR.ini / .pny / .sys
b. volume.ini
c. flpydisk.ini
5. Log on as admin and install every USB drive that you can get your hands
on so that the drivers would be automatically loaded for users (yeah, right!)
Please add any other suggestions that you may have so that others may be
able to more easily find this info.
P.S. Although I love reading about the differences between client side vs.
serv
er side installs for drivers as much as the next guy; unless you're going to
give a clear concise answer as to how to fix the problem, please don't
lecture.
Administrator rights with all USB (thumb, flash, pen, keychain, insert you
term here) drives that were installed. I tried all information that I could
find on the Internet with no success. I finally found the culprit in an
obscure post (thanks PiqueABoo from edugeek.net), corrupt crypto services. I
just thought I'd pass on the info with all of the steps that I tried. My
solution may not work for you, but it will stop you from having to look
anywhere else for the other solutions that may work for you.
Resolution:
Microsoft KB 822798 Method 3 http://support.microsoft.com/kb/822798
Method 3: Rename the Catroot2 folder
Rename the Catroot2 folder (Windows XP and Windows Server 2003 only), and
then try to install the program again.
Note Skip this method if the operating system is Windows 2000.
To rename the Catroot2 folder, follow these steps:
1. Click Start, click Run, type cmd, and then click OK.
2. At the command prompt, type the following commands, and then press ENTER
after each line:
net stop cryptsvc
ren %systemroot%\System32\Catroot2
oldcatroot2
net start cryptsvc
exit
3. Remove all tmp*.cat files from the following folder:
%systemroot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
Other Candidates (which all did not work, or I would not implement):
1. Give all users admin rights to the machine then create a GPO to take
away access to sensitive/ problem areas (Hell no!)
2. Give users rights to (a) format/ eject media and/or (b) rights to
install/ remove drivers (I highly do not recommend "b" for security reasons):
In a GPO change
a. Computer Configuration...Windows Settings...Security Settings...Local
Policies/Security Options...Devices: Allowed to format and eject removable
media to Administrators and Interactive Users
b. Computer Configuration...Windows Settings...Security Settings...Local
Policies/ User Rights Assignment...Load and unload device drivers to give
rights to group
3. Install third party software:
a. USBDLM - USB Drive Letter Manager www.uwe-sieber.de/usbdlm_e.html
(great software to set USB drives to have the same drive letter every time a
drive is plugged in, just doesn't fix this particular problem)
b. A great Autoit script named allow_USB_jump_drives (how
appropriate_which needs admin rights to install btw)
http://www.novell.com/coolsolutions/tools/16306.html (Thanks Jeremy Mlazovsky)
4. Change permissions on files associated with USB devices
Give users full rights to
a. USBSTOR.ini / .pny / .sys
b. volume.ini
c. flpydisk.ini
5. Log on as admin and install every USB drive that you can get your hands
on so that the drivers would be automatically loaded for users (yeah, right!)
Please add any other suggestions that you may have so that others may be
able to more easily find this info.
P.S. Although I love reading about the differences between client side vs.
serv
er side installs for drivers as much as the next guy; unless you're going to
give a clear concise answer as to how to fix the problem, please don't
lecture.