MMC Problem Using Default Security Templates

No, security template your describing does not affect NTFS rights to files or folders, nor does it affect permissions for registry keys.  Contact the software manufacturer to see what rights users must have to what files and folders and registry keys.  Hope this helps.  MSGeek

Um, I'm confused now because when I run the Microsoft Baseline Security Analyzer, it reports a problem with the file system and suggests that I fix it by re setting the file permissions and security setup by doing the procedure that I described above, in fact, it has a link to a knowledge base article that describes how to do the procedure (sorry I don't have the link available right now). So, can you inform me what the templates are for are how they are implemeted? Is there a way to track down which registry key needs to be updated/changed/inserted so that the users can launch the software I installed under admin account? As a temporary fix, I put all the users in the admin group but I don't want to keep it this way for too long.

I stand somewhat corrected, read the following KB article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;234926
The templates do affect some permissions on registry keys, but not NTFS rights to files, folders or drives.

MBSA is a great tool by the way.  I have found it does not recognise all changes whan patches are applied.  So document your work.

The knowledge base article I am referring to can be found at Microsoft Support for WIN2K with keyword kbACL or article number 266118 entitled How to restore the default NTFS Permissions for Windows 2000. Could you have a look and tell me why when I run this procedure it doesnt do anything? Is there any tool out there which can analyze the registry and inform me which keys are corrupt, meaning do not reflect the actual installation?

Re NTFS file permissions, the procedure works as advertised, I made an error. If you would like to know how to restore the file permissions, I will post the steps required. Meanwhile, I still have a registry problem for the admin installed software that is not accessible to the users. Any help will be appreciated.

That's a great KB article, Thanks!  

If you have applied the Basicwk.inf template and are still having registry issues,  try uninstalling the software in question and then reinstall it with your security template set back to basic.  If that does not work you may want to chalk this one up as something valuable you learned (I learned something here.) and rebuild the computer.

There are rgistry cleaning utilities, but to my knowledge they do not change the rights to registry keys, which is what you want to do.

Yes, I think you are right, I have been 'fooling around' with this issue too long and it doesn't seem like I will be able to save the installation, still, I would like to know how I created the problem in the first place or whether there is an 'easy' fix, because using that template to change the security permissions on the registry keys isn't very easy or intuitive. In addition, when I look at the permissions on the keys with the mmc console, the keys seems to be in order, so I think the problem lies elsewhere. So, I will leave this question open for a few more days to see if anybody will post any additional information, then I will close it out. Thanks

Well, I found the fix, the problem was that I did not have NT AUTHORITY/INTERACTIVE nor NT AUTHORITY/SYSTEM in my administrator group, once I put them there, everything worked fine! Installation saved ! Yahoo :)

Since you found the fix, I am going to request the points and grade of C be returned to you.

I have changed the grade to an A and reduced the points to 0

ghp7000, if you find an answer yourself you can always ask Community Support to PAQ the question & refund your points.
I'm sure you know that many Experts don't like "C" grades.

Ok, thank you, but in fact, I wasn't aware of the 'C' thing. It begs the question, if C grade isnt acceptable, then why make it available?

ghp7000, thanks for following this up. This link has some discusssion on grading:
https://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp#3

Sometimes a "C" may be justified, but many Experts would rather not have the points at all. It's a matter of professional pride among those Experts that they either provide a good answer or you get a refund.

In this case, I assume you were being polite in awarding MSGeek points for trying to help. However, s/he didn't see it that way and requested you got a refund. And the quality of the information you posted deserves an "A" ;-)

Chmod
Community Support Moderator @Experts Exchange

> Sometimes a "C" may be justified, but many Experts would rather not have the points at all. It's a matter of professional pride among those Experts that they either provide a good answer or you get a refund.


In my case if I do not provide the answer, I do not want the points.  The grade is of no significance if I have not provided a valid answer.

And yes I agree here with Chmod, your feedback on this question to me and yourself deserves an A.

Thank you for the link on grading, I can see that the grade does have an impact on overall reliability from another users perspective, so that is important and I understand that, so next time I will be more careful. Sorry for any inconvienance, in fact, it was just easier to close out the question.

There are also some unofficial tips on grading - Tip 11 at http://www.cityofangels.com/Experts/Member_Tips.htm
that might be useful.

Some experts would be happy with a "C" and some points for helping. Just keep them informed of your intentions and don't hesitate to call on Community Support to arbitrate ;-)

Chmod
Community Support Moderator @Experts Exchange