Solved

XP SP2: Admin cannot change homepage, Hosts file, maybe more?

Posted on 2006-07-04
17
2,358 Views
Last Modified: 2008-01-09
Hi all,

I recently got to the point of needing to re-install Windows XP on my laptop.  The base OEM install is XP Home SP1-and-a-bit, and thereafter I added SP2 (the downloaded network-install distribution) and ran Microsoft Update to get all new post-SP2 patches.  In addition to the criticals, I installed Media Player 10 and .NET Framework 2.0, and only then did I get down to personalizing my system.

One of my first actions was to change the IE homepage to http://www.google.co.uk but to my dismay, the change just wouldn't stick.  A number of attmepts, setting it in different locations, but it remained stuck on uk.msn.com (possibly my worst nightmare).  I even had a go at it in the Registry, but was prevented with an Access Denied message!  (This was as an Administrator-level user)

I found that I was able to make the change only by rebooting in Safe Mode.  It was the same story with my attempts to modify the Windows HOSTS file: only possible in Safe Mode.  Now, at this point I had installed no other software except ZoneAlarm, and I've discounted this as the issue persists with ZA disabled.  I'm behind a secure router/firewall, I didn't connect to any websites other than Windows Update and Microsoft Update (and MSN, briefly), and I overwrote the MBR when I reinstalled, so surely it can't be malware.  There was nothing suspicious in the HOSTS file - just the loopback entry - and MSN, for all its ills, isn't a phishing or malware site to my knowledge.

My only conclusion was that Windows is actually protecting itself, and quite robustly at that.  I'm a bit confused because I've run SP2 since its release (and kept up-to-date with later patches) but never faced these restrictions before.

Can anyone clear this up for me?  If this is down to new Windows security functionality, is there a web page with more information about it?  I'm keen to know what other restrictions I might run into, and whether there's any easy way to control them.

Thanks in advance.
0
Comment
Question by:Havin_it
  • 6
  • 5
  • 2
  • +3
17 Comments
 
LVL 19

Expert Comment

by:simpswr
ID: 17038632
I don't recall anything native in XP that protects the home page, but there are other antispyware tools that do. . You have not loaded any antiSpyware programs? . Windows Defender may protect against home page changes.
0
 
LVL 97

Expert Comment

by:war1
ID: 17038671
Greetings, Havin_it !

With Windows XP Home, you cannot use the Security tab unless you are in Safe Mode.  But nothing native to Windows XP else should block your access to IE home page and Windows Hosts file.

There was a bunch of security updates in June, including the IE June Cumalative Patch. One of the updates could have changed somethings.

Best wishes!
0
 
LVL 10

Author Comment

by:Havin_it
ID: 17038722
No, just the programs mentioned above.  The only software bundled with the OEM image is WinDVD 4, which I've never used, and a couple of Toshiba utilities (which were installed before without these issues).  I'm about to install AVG Free antivirus and will run a scan when I do,  but at the moment I'd consider this a clean-room install.
0
 
LVL 10

Author Comment

by:Havin_it
ID: 17038731
^^That was in answer to simpswr BTW.
0
 
LVL 19

Expert Comment

by:simpswr
ID: 17038759
Sure sounds like it should be clean . . but if it works in safe mode and not in norml, it has to be something running at startup.  You could disable half of the items in msconfig to see if it changes anything . . then half of the half left and so on . . until you ID the culprit
0
 
LVL 5

Expert Comment

by:Silly_Burrito
ID: 17038778
I'm wondering if Windows Defender was installed as one of your post SP2 patches. It protects against a home page change, and it may well be doing so here.
0
 
LVL 10

Author Comment

by:Havin_it
ID: 17038834
@Silly_Burrito:  Defender is not installed, unless it's become a helluvalot better hidden than when I tried out the first beta.  Nothing untoward in the tasklist nor icons in the Systray.
0
 
LVL 10

Author Comment

by:Havin_it
ID: 17039104
A correction:  when I attempted to edit HKCU\Software\Microsoft\Internet Explorer\Main > Start Page value, the actual error message was not Access Denied. It was:

Cannot edit Start Page: Error writing value's new contents.

Looking in the various 'Run' keys, there's nothing there that wasn't there before - just the Toshiba utilities, Intel graphics driver utility, and ZoneAlarm.

One thing I did notice in MSCONFIG, was that among those same startup entries there was one completely blank line (whose box was checked).  It referred to the Run key under HKLM, same as the others, but there is no other value there (except the empty '(default)' string).  Is this normal?  I suspect not...

Wonder if my install is just royally b0rked.  The only hiccup I encountered during the reinstall was the network went down while downloading the post-SP2 patches, but the downloaded items installed without complaint and I was able to finish the remaining updates after a reboot.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 19

Expert Comment

by:simpswr
ID: 17039188
Blank lines in msconfig startup are not unusual . . I just uncheck them when I encounter them.  

Have you check the update page to see if any did not install? . . look in Show installed updates
0
 
LVL 19

Expert Comment

by:simpswr
ID: 17039195
What brand is the pc? . . the XP install disc came with it?
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 17039226
Found this page with your error message:

http://forums.techguy.org/web-email/474543-solved-cannot-alter-default-hp-3.html

The advice at the bottom of the thread may be helpful:

These steps apply to computers with Microsoft Windows XP SP2+ only.

Open the Manage Add-ons window in Internet Explorer:
Open Internet Explorer, click Tool, and then select Manage Add-ons.
Or
Right click the Internet Explorer icon on your desktop, select Properties, click the Programs tab, and then click the Manage Add-ons button.
In the Show drop-down list, select Add-ons that have been used by Internet Explorer.
Scroll through the list of add-on programs. Suspicious add-ons may be listed as Browser Helper Objects or Toolbars in the Type column.
To disable an unwanted add-on: Click the name of the add-on in the list, select Disable, and then click OK in the message box that appears.
Click the OK button to close the Manage Add-ons window, and then close Internet Explorer or the Internet Properties window.
0
 
LVL 59

Accepted Solution

by:
LeeTutor earned 200 total points
ID: 17039258
Here's another (and take note of the difference between ZoneAlarm Free vs. Pro):

http://forums.spybot.info/showthread.php?p=31552

A quote of the passage near the bottom of the thread:

If it is Zone Alarm FREE 6.5.xxx, just shutting ZA down is insufficient. You need to stop it from loading on start up, shut it down and restart your PC to change your home page as there is no option to stop it from locking the home page when the services it loads are running (and these are not stopped just by shutting down ZAclient). This is a major bug that has been reported several times on the ZA forums.

If it is ZA Pro, there is an option in Program Control -> Main -> Program Control -> Custom -> OSFirewall and make sure "...home page" isn't set to Deny.
0
 
LVL 19

Expert Comment

by:simpswr
ID: 17039291
Looks like Lee is on to something . .
0
 
LVL 10

Author Comment

by:Havin_it
ID: 17039815
Yup, looks like we have a winner - thanks Lee.

It's the Free ZA I use, and having rebooted with it disabled I was able to change both the IE homepage and HOSTS file at will.

One one hand, it is a glaring bug - ZA even has a setting for 'lock hosts file' which is unchecked by default, but clearly not really!  On the other, I guess it's good to know that these things can't be wantonly changed without heavy intervention on my part even when I'm running as an Admin (not that I do unless necessary).

The Spybot item you quote mentions 'services' (plural) still running after zlclient is closed, but I thought the 'TrueVector Internet Monitor' was the only one added by ZA.  Is there another?  (Presumably I could simply stop these via services.msc rather than have to reboot.)
0
 
LVL 30

Assisted Solution

by:mtz1of4
mtz1of4 earned 50 total points
ID: 17040020
Probably will have to reboot because ZA also has a setting, Protect Zone Alarm Client so if it shuts down, I belive it either locks up system or restarts without notice.

But you could try, look for vsmon also.
0
 
LVL 10

Author Comment

by:Havin_it
ID: 17048988
Apologies for dragging my heels...

Thanks Lee for the solution and mtzof4 for the further info.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

If you build your web application in Visual Studio you'll get at least a few binaries, or .DLL, files in your bin folder. However, there is more compiling to be done. Normally this would happen when an ASP.NET resource within the web site is request…
We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now