Monday, July 27, 2009

Relief From Irritation After Brazilian Wax

I, the UAC and the bad.

Vista Sux

After time and time without having control over my PC (Windows Vista), I finally managed to restore the permissions of the registry keys and file system.

The point is that at work gave me a machine with Windows Vista pre-installed, obviously, the first thing I did was disable UAC and other things unbearable.

I was working perfectly for a while, until he reached the situation where you have to install or update software updates ... What the hell? raised a lot of permissions problems on some registry keys, that when you uninstall any software unimportant. Investigating

researchers came to the conclusion that the errors were due to lost data Windows credentials of some registry keys, and when I say "lost" I mean literally. If you opened the registry editor and you try to position the key in question got a nice error message telling you that you could not access to that key, What the hell? I am the owner and managers belong to the group ... I understand nothing.

used in such cases psexec to access these keys, as "psexec-s-i regedt32" I my surprise when the properties contained neither owner nor any permission, thereby solving the problem agreed to "Properties-> Advanced" and marked the check "Include inheritable permissions from the parent of this object."

That was a temporary solution, the real problem was to arise the need to install critical security updates or patches for IE, or service packs or anything else, all updated losintentos were impossible, the problem is permissions. Then descucrĂ­

SubInACL

SubInACL is a command-line tool That Enables Administrators to Obtain security information about files, registry keys, and services, and transfer this information from user to user, from global or local group to group, and from domain to domain. For example, if a user has Moved from one domain (Domain) to Another (domainB), the administrator CAN replace Domain \\ User with domainB \\ User in the security information for the user's files. This Gives the user access to the Same files from the new domain.


Vale, a situation, the problem is in the registry, so I re-assign permissions to all the root keys and subkeys to have total control over the entire record

cd / d "% programfiles% \\ Windows Resource Kits \\ Tools "subinacl

/ subkeyreg HKEY_CLASSES_ROOT / grant = administrators = f / grant = system = f / grant = tuusuario = f / setowner = Administrators
subinacl /keyreg HKEY_CLASSES_ROOT /grant=Administradores=f /grant=system=f /grant=tuusuario=f /setowner=Administradores
subinacl /subkeyreg HKEY_CURRENT_USER /grant=Administradores=f /grant=system=f /grant=restricted=r /grant=tuusuario=f /grant=restricted=r /setowner=Administradores
subinacl /keyreg HKEY_CURRENT_USER /grant=Administradores=f /grant=system=f /grant=restricted=r /grant=tuusuario=f /grant=restricted=r /setowner=Administradores
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=Administradores=f /grant=system=f /grant=tuusuario=f /grant=everyone=r /setowner=Administradores
subinacl /keyreg HKEY_LOCAL_MACHINE /grant=Administradores=f / Grant = system = f / grant = tuusuario = f / grant = everyone = r / setowner = Administrators
subinacl / subkeyreg HKEY_USERS / grant = administrators = f / grant = system = f / grant = restricted = r / grant = tuusuario = f / grant = restricted = r / setowner = Administrators
subinacl / keyreg HKEY_USERS / grant = administrators = f / grant = system = f / grant = restricted = r / grant = tuusuario = f / grant = restricted = r / setowner = Administrators


( Ojito: Replace "tuusuario" with the name of the user you logged in, or you work usually)

reboot try to install Windows Vista SP2 and see what happens, result: NO, detail error "ACCESS DENIED" with a fucking generic error code and without more detail, guess riddles. I thought the registry permissions and should not be the problem, so probably the same thing happen to the file system, any file or directory had lost the information of the user credentials and permissions, so I tried again with SubInACL

subinacl / subdirectories% windir% \\ *.* / grant = administrators = f / grant = system = f

(if you will also be done on the entire disc with subinacl / subdirectories% SystemDrive% / grant = Administrators = f / grant = system = f )



reset and try again ... Olé! SP2 installation completed successfully, and from that moment I install the other updates and so far I have not had any problems like these.

The point is that an average user would have resorted to formatting and reinstalling to solve the problem, but what about security descriptors and log files? Lost "without explanation if you have UAC enabled? is pathetic.

to see what happens with W7.

0 comments:

Post a Comment