?
Solved

MMC  Problem Using Default Security Templates

Posted on 2003-03-05
16
Medium Priority
?
374 Views
Last Modified: 2010-04-13
I am trying to restore file permissions and registry settings to their default settings on Win2000 Pro SP3 machine, using MMC and default security template basicwk.inf. When I apply the template and then analyze, the log still reports the same problems I had before I applied the inf.file. Am I doing something wrong?

Since the machine is shared among different users, I have been installing all software under admin account. Recently, admin inewly nstalled software could not be launched by the users, they are getting registry errors and creator/owner errors. If I can apply the basic inf file as described above and then reset the security, will this fix the problem?
0
Comment
Question by:ghp7000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 3
16 Comments
 
LVL 9

Expert Comment

by:MSGeek
ID: 8075088
No, security template your describing does not affect NTFS rights to files or folders, nor does it affect permissions for registry keys.  Contact the software manufacturer to see what rights users must have to what files and folders and registry keys.  Hope this helps.  MSGeek
0
 
LVL 13

Author Comment

by:ghp7000
ID: 8080536
Um, I'm confused now because when I run the Microsoft Baseline Security Analyzer, it reports a problem with the file system and suggests that I fix it by re setting the file permissions and security setup by doing the procedure that I described above, in fact, it has a link to a knowledge base article that describes how to do the procedure (sorry I don't have the link available right now). So, can you inform me what the templates are for are how they are implemeted? Is there a way to track down which registry key needs to be updated/changed/inserted so that the users can launch the software I installed under admin account? As a temporary fix, I put all the users in the admin group but I don't want to keep it this way for too long.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8081375
I stand somewhat corrected, read the following KB article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;234926
The templates do affect some permissions on registry keys, but not NTFS rights to files, folders or drives.

MBSA is a great tool by the way.  I have found it does not recognise all changes whan patches are applied.  So document your work.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 13

Author Comment

by:ghp7000
ID: 8085778
The knowledge base article I am referring to can be found at Microsoft Support for WIN2K with keyword kbACL or article number 266118 entitled How to restore the default NTFS Permissions for Windows 2000. Could you have a look and tell me why when I run this procedure it doesnt do anything? Is there any tool out there which can analyze the registry and inform me which keys are corrupt, meaning do not reflect the actual installation?
0
 
LVL 13

Author Comment

by:ghp7000
ID: 8088414
Re NTFS file permissions, the procedure works as advertised, I made an error. If you would like to know how to restore the file permissions, I will post the steps required. Meanwhile, I still have a registry problem for the admin installed software that is not accessible to the users. Any help will be appreciated.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8088904
That's a great KB article, Thanks!  

If you have applied the Basicwk.inf template and are still having registry issues,  try uninstalling the software in question and then reinstall it with your security template set back to basic.  If that does not work you may want to chalk this one up as something valuable you learned (I learned something here.) and rebuild the computer.

There are rgistry cleaning utilities, but to my knowledge they do not change the rights to registry keys, which is what you want to do.


0
 
LVL 13

Author Comment

by:ghp7000
ID: 8095032
Yes, I think you are right, I have been 'fooling around' with this issue too long and it doesn't seem like I will be able to save the installation, still, I would like to know how I created the problem in the first place or whether there is an 'easy' fix, because using that template to change the security permissions on the registry keys isn't very easy or intuitive. In addition, when I look at the permissions on the keys with the mmc console, the keys seems to be in order, so I think the problem lies elsewhere. So, I will leave this question open for a few more days to see if anybody will post any additional information, then I will close it out. Thanks
0
 
LVL 9

Accepted Solution

by:
MSGeek earned 0 total points
ID: 8095050
Please remember not all software was written with the profile structure and registry structure of Win2k or XP in mind.   Sure it will run on those platforms if the user is the admin and in some cases a power user, but not always will it run as a user.

See: http://www.experts-exchange.com/Miscellaneous/Lounge/Q_20536903.html
0
 
LVL 13

Author Comment

by:ghp7000
ID: 8097052
Well, I found the fix, the problem was that I did not have NT AUTHORITY/INTERACTIVE nor NT AUTHORITY/SYSTEM in my administrator group, once I put them there, everything worked fine! Installation saved ! Yahoo :)
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8098296
Since you found the fix, I am going to request the points and grade of C be returned to you.
0
 

Expert Comment

by:Chmod
ID: 8098351
I have changed the grade to an A and reduced the points to 0

ghp7000, if you find an answer yourself you can always ask Community Support to PAQ the question & refund your points.
I'm sure you know that many Experts don't like "C" grades.
0
 
LVL 13

Author Comment

by:ghp7000
ID: 8099793
Ok, thank you, but in fact, I wasn't aware of the 'C' thing. It begs the question, if C grade isnt acceptable, then why make it available?
0
 

Expert Comment

by:Chmod
ID: 8100205
ghp7000, thanks for following this up. This link has some discusssion on grading:
http://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp#3

Sometimes a "C" may be justified, but many Experts would rather not have the points at all. It's a matter of professional pride among those Experts that they either provide a good answer or you get a refund.

In this case, I assume you were being polite in awarding MSGeek points for trying to help. However, s/he didn't see it that way and requested you got a refund. And the quality of the information you posted deserves an "A" ;-)

Chmod
Community Support Moderator @Experts Exchange
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8102934
> Sometimes a "C" may be justified, but many Experts would rather not have the points at all. It's a matter of professional pride among those Experts that they either provide a good answer or you get a refund.


In my case if I do not provide the answer, I do not want the points.  The grade is of no significance if I have not provided a valid answer.

And yes I agree here with Chmod, your feedback on this question to me and yourself deserves an A.
0
 
LVL 13

Author Comment

by:ghp7000
ID: 8103380
Thank you for the link on grading, I can see that the grade does have an impact on overall reliability from another users perspective, so that is important and I understand that, so next time I will be more careful. Sorry for any inconvienance, in fact, it was just easier to close out the question.
0
 

Expert Comment

by:Chmod
ID: 8109692
There are also some unofficial tips on grading - Tip 11 at http://www.cityofangels.com/Experts/Member_Tips.htm
that might be useful.

Some experts would be happy with a "C" and some points for helping. Just keep them informed of your intentions and don't hesitate to call on Community Support to arbitrate ;-)

Chmod
Community Support Moderator @Experts Exchange
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses
Course of the Month14 days, 16 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question