yet_another_jash
asked on
Printer (driver) install fails due to Access Denied
I've been using the excellent PDFCreator for more than 2 years. Today it failed with an empty message box (just an OK button). I removed the software and attempted to install the latest version. It appears to install fine until it gets to the point of adding the printer to the OS - here it fails with an "Access Denied" error message.
I then downloaded Primo32 and that did the same - almost all the install completed and then "Access Denied" at the 'add printer to XP' stage.
Finally, I tried adding any old printer using the Add Printer Wizard. I made out that it was connected to LPT1 and added the first printer in the list. "Unable to Add Printer. Access Denied".
This is a single user machine and I am in the Administrators Group.
I'm guessing this is a permissions issue. I have carried out some bizarre command line security reset procedure (secedit?) but to no avail. I have downloaded an HP Access Denied fix, but that didn't work.
I don't have much more hair to lose, but I'm pulling it out fast while I try to avoid a whole OS reinstall!
I then downloaded Primo32 and that did the same - almost all the install completed and then "Access Denied" at the 'add printer to XP' stage.
Finally, I tried adding any old printer using the Add Printer Wizard. I made out that it was connected to LPT1 and added the first printer in the list. "Unable to Add Printer. Access Denied".
This is a single user machine and I am in the Administrators Group.
I'm guessing this is a permissions issue. I have carried out some bizarre command line security reset procedure (secedit?) but to no avail. I have downloaded an HP Access Denied fix, but that didn't work.
I don't have much more hair to lose, but I'm pulling it out fast while I try to avoid a whole OS reinstall!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try logging onto the machine as the Local Administrator and installing the printer.
ASKER
Radar;
Tried that and it failed in the same way!
Tried that and it failed in the same way!
Try running a windows repair. Then log in as local administrator
ASKER
Unfortunately, the restore CD I have does not support the RAID array and complains about not being able to see the CDROM drive. I can't take the risk of breaking it through trying to fix it...So, Windows Repair is not an option for me right now....
Try the following to reset your security policies.
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;278316
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;278316
ASKER
Nope, that didn't work either....
Have you actually tried to create a new, additional Administrative user and see if you get the same problem? Maybe something is wrong with your profile?
ASKER
I like that idea, but when I did just as you suggest, the process of adding a printer failed in exactly the same way. It *has* to be something along the lines of policies/permissions though, doesn't it?
I also noticed today that when I delete something, the recycle bin is reported as being corrupt. I'm off to google that one now and hope it's related somehow.
I also noticed today that when I delete something, the recycle bin is reported as being corrupt. I'm off to google that one now and hope it's related somehow.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I ran a Windows consistency check - it didn't ask for my CD, neither did it throw up any problems.
I'm still stumped.
Any more suggestions?
I'm still stumped.
Any more suggestions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Radar,
Thanks for taking the time to post your suggestions. I have attached the output of them as a code snippet. The first two commands you gave me appeared to be without the necessary arguments ( I have piped the output of them and put it at the top of the code snippet). The next two completed without issue.
After each stage, I checked and can confirm that I still cannot add a printer - it fails with the same error message.
I then performed the security reset procedure that you directed me to in the knowledge base. That completed with errors, so I have included the log file from that operation in the code snippet too.
I really am coming round to the view that there is little I can do to avoid a damn reinstall here....
Thanks again.
Thanks for taking the time to post your suggestions. I have attached the output of them as a code snippet. The first two commands you gave me appeared to be without the necessary arguments ( I have piped the output of them and put it at the top of the code snippet). The next two completed without issue.
After each stage, I checked and can confirm that I still cannot add a printer - it fails with the same error message.
I then performed the security reset procedure that you directed me to in the knowledge base. That completed with errors, so I have included the log file from that operation in the code snippet too.
I really am coming round to the view that there is little I can do to avoid a damn reinstall here....
Thanks again.
- open a cmd prompt
- change to the windows\security folder
- run "esentutl /r edb" (no quotes)
- run "esentutl /mh"
Microsoft(R) Windows(TM) Database Utilities
Version 5.1
Copyright (C) Microsoft Corporation. All Rights Reserved.
Initiating RECOVERY mode...
Logfile base name: edb
Log files: <current directory>
System files: <current directory>
Performing soft recovery...
Operation terminated with error -528 (JET_errMissingLogFile, Current log file missing) after 0.16 seconds.
Microsoft(R) Windows(TM) Database Utilities
Version 5.1
Copyright (C) Microsoft Corporation. All Rights Reserved.
Usage Error: Missing database/filename specification.
Operation terminated with error -1003 (JET_errInvalidParameter, Invalid API parameter) after 0.0 seconds.
If that still doesn't work, you coud reset securities back to defaults...
-------------------------------------------
Saturday, December 29, 2007 9:03:53 AM
----Configuration engine was initialized successfully.----
----Reading Configuration Template info...
----Configure User Rights...
Configure S-1-5-21-4082297255-3916078401-944108286-1002.
remove SeBatchLogonRight.
remove SeDenyNetworkLogonRight.
remove SeDenyInteractiveLogonRight.
Configure S-1-5-21-4082297255-3916078401-944108286-1003.
remove SeNetworkLogonRight.
remove SeBatchLogonRight.
remove SeServiceLogonRight.
remove SeDenyInteractiveLogonRight.
remove SeDenyRemoteInteractiveLogonRight.
remove SeImpersonatePrivilege.
Configure S-1-5-21-4082297255-3916078401-944108286-1005.
remove SeBatchLogonRight.
Configure S-1-5-21-4082297255-3916078401-944108286-501.
remove SeInteractiveLogonRight.
remove SeDenyInteractiveLogonRight.
Configure S-1-5-20.
remove SeServiceLogonRight.
Configure S-1-5-19.
Configure S-1-5-32-551.
Configure S-1-5-32-544.
Configure S-1-1-0.
Configure S-1-5-32-545.
Configure S-1-5-32-547.
Configure S-1-5-6.
Configure S-1-5-4.
Configure S-1-5-21-861567501-1078081533-725345543-501.
add SeInteractiveLogonRight.
add SeDenyNetworkLogonRight.
add SeDenyInteractiveLogonRight.
Configure S-1-5-32-555.
User Rights configuration was completed successfully.
----Configure Group Membership...
Configure Users.
Group Membership configuration was completed successfully.
----Configure Registry Keys...
Configure users\.default.
Configure users\.default\software\microsoft\netdde.
Configure machine\software.
Configure machine\software\classes.
Configure machine\software\classes\.hlp.
Configure machine\software\classes\helpfile.
Configure machine\software\microsoft\ads\providers\ldap\extensions.
Configure machine\software\microsoft\ads\providers\nds.
Configure machine\software\microsoft\ads\providers\nwcompat.
Configure machine\software\microsoft\ads\providers\winnt.
Configure machine\software\microsoft\bidinterface.
Configure machine\software\microsoft\command processor.
Configure machine\software\microsoft\cryptography.
Configure machine\software\microsoft\cryptography\calais.
Configure machine\software\microsoft\devicemanager.
Configure machine\software\microsoft\driver signing.
Configure machine\software\microsoft\enterprisecertificates.
Configure machine\software\microsoft\netdde.
Configure machine\software\microsoft\non-driver signing.
Configure machine\software\microsoft\ole.
Configure machine\software\microsoft\rpc.
Configure machine\software\microsoft\secure.
Configure machine\software\microsoft\systemcertificates.
Configure machine\software\microsoft\upnp device host.
Configure machine\software\microsoft\windows\currentversion\explorer\user shell folders.
Configure machine\software\microsoft\windows\currentversion\reliability.
Configure machine\software\microsoft\windows\currentversion\runonce.
Configure machine\software\microsoft\windows\currentversion\runonceex.
Configure machine\software\microsoft\windows\currentversion\telephony.
Configure machine\software\microsoft\windows nt\currentversion\accessibility.
Configure machine\software\microsoft\windows nt\currentversion\aedebug.
Configure machine\software\microsoft\windows nt\currentversion\asr\commands.
Configure machine\software\microsoft\windows nt\currentversion\classes.
Configure machine\software\microsoft\windows nt\currentversion\drivers32.
Configure machine\software\microsoft\windows nt\currentversion\efs.
Configure machine\software\microsoft\windows nt\currentversion\font drivers.
Configure machine\software\microsoft\windows nt\currentversion\fontmapper.
Configure machine\software\microsoft\windows nt\currentversion\image file execution options.
Configure machine\software\microsoft\windows nt\currentversion\inifilemapping.
Configure machine\software\microsoft\windows nt\currentversion\perflib.
Configure machine\software\microsoft\windows nt\currentversion\profilelist.
Configure machine\software\microsoft\windows nt\currentversion\secedit.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole.
Configure machine\software\microsoft\windows nt\currentversion\svchost.
Configure machine\software\microsoft\windows nt\currentversion\terminal server\install\software\microsoft\windows\currentversion\run.
Configure machine\software\microsoft\windows nt\currentversion\terminal server\install\software\microsoft\windows\currentversion\runonce.
Configure machine\software\microsoft\windows nt\currentversion\time zones.
Configure machine\software\microsoft\windows nt\currentversion\windows.
Configure machine\software\microsoft\windows nt\currentversion\winlogon.
Configure machine\software\policies.
Configure machine\system.
Configure machine\system\currentcontrolset\control\class.
Configure machine\system\currentcontrolset\control\keyboard layout.
Configure machine\system\currentcontrolset\control\keyboard layouts.
Configure machine\system\currentcontrolset\control\lsa\data.
Configure machine\system\currentcontrolset\control\lsa\gbg.
Configure machine\system\currentcontrolset\control\lsa\jd.
Configure machine\system\currentcontrolset\control\lsa\skew1.
Configure machine\system\currentcontrolset\control\securepipeservers\winreg.
Configure machine\system\currentcontrolset\control\session manager\executive.
Configure machine\system\currentcontrolset\control\timezoneinformation.
Configure machine\system\currentcontrolset\control\wmi\security.
Configure machine\system\currentcontrolset\services\appmgmt\security.
Configure machine\system\currentcontrolset\services\clipsrv\security.
Configure machine\system\currentcontrolset\services\cryptsvc\security.
Configure machine\system\currentcontrolset\services\dnscache.
Configure machine\system\currentcontrolset\services\ersvc\security.
Configure machine\system\currentcontrolset\services\eventlog\security.
Configure machine\system\currentcontrolset\services\irenum\security.
Configure machine\system\currentcontrolset\services\netbt.
Configure machine\system\currentcontrolset\services\netdde\security.
Configure machine\system\currentcontrolset\services\netddedsdm\security.
Configure machine\system\currentcontrolset\services\remoteaccess.
Configure machine\system\currentcontrolset\services\rpcss\security.
Configure machine\system\currentcontrolset\services\samss\security.
Warning 2: The system cannot find the file specified.
Error enumerating info for machine\system\currentcontrolset\services\scarddrv.
Configure machine\system\currentcontrolset\services\scardsvr\security.
Configure machine\system\currentcontrolset\services\stisvc\security.
Configure machine\system\currentcontrolset\services\sysmonlog\log queries.
Configure machine\system\currentcontrolset\services\tapisrv\security.
Configure machine\system\currentcontrolset\services\tcpip.
Configure machine\system\currentcontrolset\services\tcpip\linkage.
Configure machine\system\currentcontrolset\services\w32time\security.
Configure machine\system\currentcontrolset\services\wmi\security.
Configuration of Registry Keys was completed successfully.
----Configure File Security...
Configure c:\.
File Security configuration was completed with one or more errors.
----Configure General Service Settings...
Configure w32time.
Configure upnphost.
Configure TrkWks.
Configure SSDPSRV.
Configure Spooler.
Configure SENS.
Configure seclogon.
Configure secdrv.
Warning 2: The system cannot find the file specified.
Error configuring secdrv.
General Service configuration was completed with one or more errors.
----Configure available attachment engines...
Configuration of attachment engines was completed successfully.
----Configure Security Policy...
Configure password information.
LSA anonymous lookup names setting : existing SD = D:(D;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS).
Configure LSA anonymous lookup setting.
Guest account is disabled.
System Access configuration was completed successfully.
Configure log settings.
Audit/Log configuration was completed successfully.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatecdroms.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatedasd.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatefloppies.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\cachedlogonscount.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\forceunlocklogon.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
Configure machine\software\microsoft\windows\currentversion\policies\system\undockwithoutlogon.
Configure machine\system\currentcontrolset\control\lsa\auditbaseobjects.
Configure machine\system\currentcontrolset\control\lsa\crashonauditfail.
Configure machine\system\currentcontrolset\control\lsa\disabledomaincreds.
Configure machine\system\currentcontrolset\control\lsa\everyoneincludesanonymous.
Configure machine\system\currentcontrolset\control\lsa\fipsalgorithmpolicy.
Configure machine\system\currentcontrolset\control\lsa\forceguest.
Configure machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
Configure machine\system\currentcontrolset\control\lsa\limitblankpassworduse.
Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
Configure machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminclientsec.
Configure machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminserversec.
Configure machine\system\currentcontrolset\control\lsa\nodefaultadminowner.
Configure machine\system\currentcontrolset\control\lsa\nolmhash.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymoussam.
Configure machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
Configure machine\system\currentcontrolset\control\session manager\kernel\obcaseinsensitive.
Configure machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
Configure machine\system\currentcontrolset\control\session manager\protectionmode.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\ldap\ldapclientintegrity.
Configure machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange.
Configure machine\system\currentcontrolset\services\netlogon\parameters\maximumpasswordage.
Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
Configure machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey.
Configure machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel.
Configure machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel.
Configuration of Registry Values was completed successfully.
----Configure available attachment engines...
Configuration of attachment engines was completed successfully.
----Un-initialize configuration engine...
I have no more suggestions. The errors in your detailed submission are not great but are sufficient to encourage me toward a reinstall. The cause of this situation remains a mystery to me but I'm not sure it's worth the hours to avoid the reinstall.
ASKER
Radar,
Thanks for your patience and suggestions. OK, so let me round this off with a last related query. Is there no easy way of reinstalling (with all apps too) than starting from scratch? I've done it enough times to know it's nauseous and time consuming, but often wondered if there is anyway of making it easier...just wondered. All my data is backed up and so safe...
Thanks
Thanks for your patience and suggestions. OK, so let me round this off with a last related query. Is there no easy way of reinstalling (with all apps too) than starting from scratch? I've done it enough times to know it's nauseous and time consuming, but often wondered if there is anyway of making it easier...just wondered. All my data is backed up and so safe...
Thanks
I use an imaging product when I first install a machine. This captures the operating system and all drivers in a working (and pristine) condition. I then add applications and capture another image. I tend to blat the machine with this second image regularly (say, monthly). This keeps things fresh. If anything drastic happens I use the original image and then reload programs manually. Of course, this means automatic updates need to be reloaded after each reimage so it pays to update the image every so often. A reimage takes about 20 minutes. I know this doesn't really address your current predicament but may help develop new strategies for the future.
As for now, it probably isn't worth setting up an unattended install but it is possible to script all the answers to the install wizard, have the correct drivers load, and then install applications automatically. See http://support.microsoft.com/kb/314459 (for the short version) or http://technet2.microsoft.com/windowsserver/en/library/0930ddbf-3636-4b77-81ff-c1a073f38cbb1033.mspx?mfr=true (for the full detailed discussion). There are plenty of other helpful sites available (see Google).
In short, I think the quickest option for you at this stage is a manual (and tiem consuming) install. Sorry.
As for now, it probably isn't worth setting up an unattended install but it is possible to script all the answers to the install wizard, have the correct drivers load, and then install applications automatically. See http://support.microsoft.com/kb/314459 (for the short version) or http://technet2.microsoft.com/windowsserver/en/library/0930ddbf-3636-4b77-81ff-c1a073f38cbb1033.mspx?mfr=true (for the full detailed discussion). There are plenty of other helpful sites available (see Google).
In short, I think the quickest option for you at this stage is a manual (and tiem consuming) install. Sorry.
ASKER
Thanks for your help guys. While I wasn't able to sort this out, you did give me more than one thing to try and in doing so have added to my education! I appreciate your input.
ASKER
Thanks for your prompt response. I checked the settings you suggested and they were set as you described them. On the way in to these individual policies though I was met with a message box "The Group Policy security setting that apply to this machine could not be determined. The error returned when trying to retrieve these settings from the local security database (%windir%\security\databas
So with that, I'm not sure if the settings you refer to are even relevant in this context - because the the local policies may be overridden by domain-level policies it suggests.
This machine is networked but is not in a domain.
(There are two spelling mistakes in the message box too!)