Accidental Registry Hack to Server and Workstation services; can it be fixed?
Posted on 2005-05-07
While attempting to set two registry values (HLKM/SYSTEM/CurrentControlSet/Services/lanmanserver/AutoShareServer and /AutoShareWks) I accidentally posted the entire /lanmanserver key (with all values and subkeys) over a GPO. Is there anyway to reverse that damage? Since the GPO hit, I have had tons of problems with Microsoft Networking (file/print sharing, and Outlook MAPI). Not sure if I hosed up SMB, or NETBIOS, or NBT. OWA works fine, but Outlook over MAPI is hit-or-miss. I'm running a straight TCP/IP, Active Directory network; Windows Server 2K3 on the servers and a mix of Windows 2K SP4 and Windows XP Pro SP2 on the clients. I pulled the key off an XP Pro SP2 client. Now many (but by no means ALL) of my Win2KSP4 clients refuse to run the Server Service, returning the following error:
System error 1083 has occurred.
The executable program that this service is configured to run in does not
implement the service.
Side note: "reg add" -- good; placing a .reg in the startup scripts -- not so much... :(
SO FAR: I have run "reg delete" to delete the GUID key from the /parameters subkey -- Google tells me that the GUID is regenerated on boot-up if it's not present. Seems to do the trick there. I also ran a .reg file to remove the persistent shares. I have no idea why this worked for some clients, and yet not others... Any ideas welcome. I'm getting beaten by my higher headquarters -- it's interfering with their attempt to conduct vulnerability assessments...