[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 259
  • Last Modified:

Accidental Registry Hack to Server and Workstation services; can it be fixed?

All,
   While attempting to set two registry values (HLKM/SYSTEM/CurrentControlSet/Services/lanmanserver/AutoShareServer and /AutoShareWks) I accidentally posted the entire /lanmanserver key (with all values and subkeys) over a GPO.  Is there anyway to reverse that damage?  Since the GPO hit, I have had tons of problems with Microsoft Networking (file/print sharing, and Outlook MAPI).  Not sure if I hosed up SMB, or NETBIOS, or NBT. OWA works fine, but Outlook over MAPI is hit-or-miss.   I'm running a straight TCP/IP, Active Directory network; Windows Server 2K3 on the servers and a mix of Windows 2K SP4 and Windows XP Pro SP2 on the clients.  I pulled the key off an XP Pro SP2 client.  Now many (but by no means ALL) of my Win2KSP4 clients refuse to run the Server Service, returning the following error:

System error 1083 has occurred.

The executable program that this service is configured to run in does not
implement the service.


   Side note:  "reg add" -- good; placing a .reg in the startup scripts -- not so much... :(

 SO FAR:  I have run "reg delete" to delete the GUID key from the /parameters subkey -- Google tells me that the GUID is regenerated on boot-up if it's not present.  Seems to do the trick there.  I also ran a .reg file to remove the persistent shares. I have no idea why this worked for some clients, and yet not others...  Any ideas welcome.  I'm getting beaten by my higher headquarters -- it's interfering with their attempt to conduct vulnerability assessments...

Very respectfully,
Ian Tarasevitsch
0
IanTarasevitsch
Asked:
IanTarasevitsch
  • 3
  • 2
1 Solution
 
Fatal_ExceptionCommented:
If you have a backup of your System State, that includes the Registry, and you could Restore the ST and it should restore the registry..  

The System State comprises:

Active Directory - NTDS.DIT and Logs
Boot Files - Including Boot.ini
Certificate Server
Registry
SysVol - Group Policies and Logon Scripts

FE
0
 
IanTarasevitschAuthor Commented:
FE:
   I think the servers are OK -- it's just those Win2K clients that are hosed.  I don't have clean backups on them (the probem was out there about a week before we realized what happened).  I'm almost wondering how much Windows would regenerate if I pruned that entire key and it's subkeys right out of the registry...  Any thoughts on why some Win2K systems came back up, and other didn't?  Thanks!

V/R,
Ian Tarasevitsch
0
 
Fatal_ExceptionCommented:
Oh..  I thought you hosed the server!  now that would be scary, eh?  :)

So you took an XP SP2 Reg Key and pushed it out to all your clients, including the W2K Pro boxes?  I am not too sure that you will be able to recover this easily.   Do you have any 2K Pro boxes that were not affected that you could import the keys from?  If not, then you may be looking at rebuilding the OS on these boxes..  In fact, if this were me, I would not spend much time trying to troubleshoot this.  It will more than likely take a lot more time than just reloading the computers with a fresh OS...  And since you are running a Domain, and I assume that most of the user's data is on a server, then that is the road I would take here...  Not the greatest solution, but just my take on this..

FE
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
IanTarasevitschAuthor Commented:
All,
    I found the answer to my own problem, and it was deceptively simple:

Uninstall Microsoft File and Print Sharing Services (in the Network Connections | Properites tab), then reinstall.  No reboot required, no installation files required, and all the registry settings were returned to default settings.  From there, it was easy to apply the *correct* registry setting using "reg add"

V/R,
Ian
0
 
Fatal_ExceptionCommented:
Too easy!  thanks for posting!

FE
0
 
moduloCommented:
PAQed with points refunded (500)

modulo
Community Support Moderator
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now