Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Printer (driver) install fails due to Access Denied

Posted on 2007-12-04
18
Medium Priority
?
8,330 Views
Last Modified: 2010-04-21
I've been using the excellent PDFCreator for more than 2 years. Today it failed with an empty message box (just an OK button). I removed the software and attempted to install the latest version. It appears to install fine until it gets to the point of adding the printer to the OS - here it fails with an "Access Denied" error message.

I then downloaded Primo32 and that did the same - almost all the install completed and then "Access Denied" at the 'add printer to XP' stage.

Finally, I tried adding any old printer using the Add Printer Wizard. I made out that it was connected to LPT1 and added the first printer in the list. "Unable to Add Printer. Access Denied".

This is a single user machine and I am in the Administrators Group.

I'm guessing this is a permissions issue. I have carried out some bizarre command line security reset procedure (secedit?) but to no avail. I have downloaded an HP Access Denied fix, but that didn't work.

I don't have much more hair to lose, but I'm pulling it out fast while I try to avoid a whole OS reinstall!

Open in new window

0
Comment
Question by:yet_another_jash
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 4
  • 3
  • +1
18 Comments
 
LVL 7

Assisted Solution

by:jax79sg
jax79sg earned 300 total points
ID: 20407721
You are most likely right in the permissions issue. At this point of time i did not find any templates that can restore your machine to non hardened state. So we might want to try our luck with the following.

Go to 'Control Panel' -> 'Administrative tools' -> Local Security Policy. This will open up a window. Make sure your settings has the following.
Under local policies -> User rights assignment
- Add administrators to 'Load and unload device drivers'
- Take ownership of files or other objects
Under local policies -> Security Options
- Set disabled to 'Devices: Prevent users fro installing printer drivers'
- Set 'silently succeed' to 'Devices: Unsigned driver installation behaviour"

Hope it helps.
0
 

Author Comment

by:yet_another_jash
ID: 20407839
jax;

Thanks for your prompt response. I checked the settings you suggested and they were set as you described them. On the way in to these individual policies though I was met with a message box "The Group Policy security setting that apply to this machine could not be determined. The error returned when trying to retrieve these settings from the local security database (%windir%\security\database\secedit.sdb) was: The parameter in incorrect.

So with that, I'm not sure if the settings you refer to are even relevant in this context - because the the local policies may be overridden by domain-level policies it suggests.

This machine is networked but is not in a domain.

(There are two spelling mistakes in the message box too!)
0
 
LVL 5

Expert Comment

by:Radar07
ID: 20407872
Try logging onto the machine as the Local Administrator and installing the printer.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:yet_another_jash
ID: 20407944
Radar;

Tried that and it failed in the same way!
0
 
LVL 1

Expert Comment

by:crossl
ID: 20411394
Try running a windows repair.  Then log in as local administrator
0
 

Author Comment

by:yet_another_jash
ID: 20421805
Unfortunately, the restore CD I have does not support the RAID array and complains about not being able to see the CDROM drive. I can't take the risk of breaking it through trying to fix it...So, Windows Repair is not an option for me right now....

0
 
LVL 7

Expert Comment

by:jax79sg
ID: 20424378
Try the following to reset your security policies.
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;278316
0
 

Author Comment

by:yet_another_jash
ID: 20426132
Nope, that didn't work either....
0
 
LVL 1

Expert Comment

by:crossl
ID: 20426176
Have you actually tried to create a new, additional Administrative user and see if you get the same problem?  Maybe something is wrong with your profile?
0
 

Author Comment

by:yet_another_jash
ID: 20426294
I like that idea, but when I did just as you suggest, the process of adding a printer failed in exactly the same way.  It *has* to be something along the lines of policies/permissions though, doesn't it?

I also noticed today that when I delete something, the recycle bin is reported as being corrupt. I'm off to google that one now and hope it's related somehow.
0
 
LVL 1

Assisted Solution

by:crossl
crossl earned 300 total points
ID: 20426675
ok.  Can you use your CD rom logged on as you.  If so, run a Windows consistency check?

At Start / Run  type SFC /SCANNOW.  IT will probably ask you to insert your windows CD.
0
 

Author Comment

by:yet_another_jash
ID: 20541941
I ran a Windows consistency check - it didn't ask for my CD, neither did it throw up any problems.

I'm still stumped.

Any more suggestions?
0
 
LVL 5

Accepted Solution

by:
Radar07 earned 900 total points
ID: 20545188
You said you tried "some bizarre command line security reset procedure (secedit?)". Can you place here exactly what you tried? It may or may not have been something like what I suggest below.

The following could help if your security database has not been shutdown properly:

- open a cmd prompt
- change to the windows\security folder
- run "esentutl /r edb" (no quotes)
- run "esentutl /mh"

If this doesn't fix the problem, try a repair:

- open a cmd prompt
- run "esentutl /p %windir%\security\database\secedit.sdb" (no quotes) - to repair
- run "esentutl /d %windir%\security\database\secedit.sdb" (no quotes) - to defrag

If that still doesn't work, you coud reset securities back to defaults (http://support.microsoft.com/default.aspx?scid=kb;en-us;313222) but you lose a lot of custom information (file/folder and registry permissions, policy settings, group membership, etc).


Please report any errors shown in event viewer.

0
 

Author Comment

by:yet_another_jash
ID: 20547244
Radar,

Thanks for taking the time to post your suggestions. I have attached the output of them as a code snippet. The first two commands you gave me appeared to be without the necessary arguments ( I have piped the output of them and put it at the top of the code snippet). The next two completed without issue.

After each stage, I checked and can confirm that I still cannot add a printer - it fails with the same error message.

I then performed the security reset procedure that you directed me to in the knowledge base. That completed with errors, so I have included the log file from that operation in the code snippet too.

I really am coming round to the view that there is little I can do to avoid a damn reinstall here....

Thanks again.
- open a cmd prompt
- change to the windows\security folder
- run "esentutl /r edb" (no quotes)
- run "esentutl /mh"
 
Microsoft(R) Windows(TM) Database Utilities
 
Version 5.1
 
Copyright (C) Microsoft Corporation. All Rights Reserved.
 
 
 
Initiating RECOVERY mode...
    Logfile base name: edb
            Log files: <current directory>
         System files: <current directory>
 
Performing soft recovery...
 
Operation terminated with error -528 (JET_errMissingLogFile, Current log file missing) after 0.16 seconds.
 
 
Microsoft(R) Windows(TM) Database Utilities
 
Version 5.1
 
Copyright (C) Microsoft Corporation. All Rights Reserved.
 
 
 
Usage Error: Missing database/filename specification.
 
Operation terminated with error -1003 (JET_errInvalidParameter, Invalid API parameter) after 0.0 seconds.
 
 
If that still doesn't work, you coud reset securities back to defaults...
 
-------------------------------------------
Saturday, December 29, 2007 9:03:53 AM
----Configuration engine was initialized successfully.----
 
----Reading Configuration Template info...
 
 
----Configure User Rights...
	Configure S-1-5-21-4082297255-3916078401-944108286-1002.
		remove SeBatchLogonRight.
		remove SeDenyNetworkLogonRight.
		remove SeDenyInteractiveLogonRight.
	Configure S-1-5-21-4082297255-3916078401-944108286-1003.
		remove SeNetworkLogonRight.
		remove SeBatchLogonRight.
		remove SeServiceLogonRight.
		remove SeDenyInteractiveLogonRight.
		remove SeDenyRemoteInteractiveLogonRight.
		remove SeImpersonatePrivilege.
	Configure S-1-5-21-4082297255-3916078401-944108286-1005.
		remove SeBatchLogonRight.
	Configure S-1-5-21-4082297255-3916078401-944108286-501.
		remove SeInteractiveLogonRight.
		remove SeDenyInteractiveLogonRight.
	Configure S-1-5-20.
		remove SeServiceLogonRight.
	Configure S-1-5-19.
	Configure S-1-5-32-551.
	Configure S-1-5-32-544.
	Configure S-1-1-0.
	Configure S-1-5-32-545.
	Configure S-1-5-32-547.
	Configure S-1-5-6.
	Configure S-1-5-4.
	Configure S-1-5-21-861567501-1078081533-725345543-501.
		add SeInteractiveLogonRight.
		add SeDenyNetworkLogonRight.
		add SeDenyInteractiveLogonRight.
	Configure S-1-5-32-555.
 
	User Rights configuration was completed successfully.
 
 
----Configure Group Membership...
	Configure Users.
 
	Group Membership configuration was completed successfully.
 
 
----Configure Registry Keys...
	Configure users\.default.
	Configure users\.default\software\microsoft\netdde.
	Configure machine\software.
	Configure machine\software\classes.
	Configure machine\software\classes\.hlp.
	Configure machine\software\classes\helpfile.
	Configure machine\software\microsoft\ads\providers\ldap\extensions.
	Configure machine\software\microsoft\ads\providers\nds.
	Configure machine\software\microsoft\ads\providers\nwcompat.
	Configure machine\software\microsoft\ads\providers\winnt.
	Configure machine\software\microsoft\bidinterface.
	Configure machine\software\microsoft\command processor.
	Configure machine\software\microsoft\cryptography.
	Configure machine\software\microsoft\cryptography\calais.
	Configure machine\software\microsoft\devicemanager.
	Configure machine\software\microsoft\driver signing.
	Configure machine\software\microsoft\enterprisecertificates.
	Configure machine\software\microsoft\netdde.
	Configure machine\software\microsoft\non-driver signing.
	Configure machine\software\microsoft\ole.
	Configure machine\software\microsoft\rpc.
	Configure machine\software\microsoft\secure.
	Configure machine\software\microsoft\systemcertificates.
	Configure machine\software\microsoft\upnp device host.
	Configure machine\software\microsoft\windows\currentversion\explorer\user shell folders.
	Configure machine\software\microsoft\windows\currentversion\reliability.
	Configure machine\software\microsoft\windows\currentversion\runonce.
	Configure machine\software\microsoft\windows\currentversion\runonceex.
	Configure machine\software\microsoft\windows\currentversion\telephony.
	Configure machine\software\microsoft\windows nt\currentversion\accessibility.
	Configure machine\software\microsoft\windows nt\currentversion\aedebug.
	Configure machine\software\microsoft\windows nt\currentversion\asr\commands.
	Configure machine\software\microsoft\windows nt\currentversion\classes.
	Configure machine\software\microsoft\windows nt\currentversion\drivers32.
	Configure machine\software\microsoft\windows nt\currentversion\efs.
	Configure machine\software\microsoft\windows nt\currentversion\font drivers.
	Configure machine\software\microsoft\windows nt\currentversion\fontmapper.
	Configure machine\software\microsoft\windows nt\currentversion\image file execution options.
	Configure machine\software\microsoft\windows nt\currentversion\inifilemapping.
	Configure machine\software\microsoft\windows nt\currentversion\perflib.
	Configure machine\software\microsoft\windows nt\currentversion\profilelist.
	Configure machine\software\microsoft\windows nt\currentversion\secedit.
	Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole.
	Configure machine\software\microsoft\windows nt\currentversion\svchost.
	Configure machine\software\microsoft\windows nt\currentversion\terminal server\install\software\microsoft\windows\currentversion\run.
	Configure machine\software\microsoft\windows nt\currentversion\terminal server\install\software\microsoft\windows\currentversion\runonce.
	Configure machine\software\microsoft\windows nt\currentversion\time zones.
	Configure machine\software\microsoft\windows nt\currentversion\windows.
	Configure machine\software\microsoft\windows nt\currentversion\winlogon.
	Configure machine\software\policies.
	Configure machine\system.
	Configure machine\system\currentcontrolset\control\class.
	Configure machine\system\currentcontrolset\control\keyboard layout.
	Configure machine\system\currentcontrolset\control\keyboard layouts.
	Configure machine\system\currentcontrolset\control\lsa\data.
	Configure machine\system\currentcontrolset\control\lsa\gbg.
	Configure machine\system\currentcontrolset\control\lsa\jd.
	Configure machine\system\currentcontrolset\control\lsa\skew1.
	Configure machine\system\currentcontrolset\control\securepipeservers\winreg.
	Configure machine\system\currentcontrolset\control\session manager\executive.
	Configure machine\system\currentcontrolset\control\timezoneinformation.
	Configure machine\system\currentcontrolset\control\wmi\security.
	Configure machine\system\currentcontrolset\services\appmgmt\security.
	Configure machine\system\currentcontrolset\services\clipsrv\security.
	Configure machine\system\currentcontrolset\services\cryptsvc\security.
	Configure machine\system\currentcontrolset\services\dnscache.
	Configure machine\system\currentcontrolset\services\ersvc\security.
	Configure machine\system\currentcontrolset\services\eventlog\security.
	Configure machine\system\currentcontrolset\services\irenum\security.
	Configure machine\system\currentcontrolset\services\netbt.
	Configure machine\system\currentcontrolset\services\netdde\security.
	Configure machine\system\currentcontrolset\services\netddedsdm\security.
	Configure machine\system\currentcontrolset\services\remoteaccess.
	Configure machine\system\currentcontrolset\services\rpcss\security.
	Configure machine\system\currentcontrolset\services\samss\security.
Warning 2: The system cannot find the file specified.
 	Error enumerating info for machine\system\currentcontrolset\services\scarddrv.
	Configure machine\system\currentcontrolset\services\scardsvr\security.
	Configure machine\system\currentcontrolset\services\stisvc\security.
	Configure machine\system\currentcontrolset\services\sysmonlog\log queries.
	Configure machine\system\currentcontrolset\services\tapisrv\security.
	Configure machine\system\currentcontrolset\services\tcpip.
	Configure machine\system\currentcontrolset\services\tcpip\linkage.
	Configure machine\system\currentcontrolset\services\w32time\security.
	Configure machine\system\currentcontrolset\services\wmi\security.
 
	Configuration of Registry Keys was completed successfully.
 
 
----Configure File Security...
	Configure c:\.
 
	File Security configuration was completed with one or more errors.
 
 
----Configure General Service Settings...
	Configure w32time.
	Configure upnphost.
	Configure TrkWks.
	Configure SSDPSRV.
	Configure Spooler.
	Configure SENS.
	Configure seclogon.
	Configure secdrv.
Warning 2: The system cannot find the file specified.
 	Error configuring secdrv.
 
	General Service configuration was completed with one or more errors.
 
 
----Configure available attachment engines...
 
	Configuration of attachment engines was completed successfully.
 
 
----Configure Security Policy...
	Configure password information.
	LSA anonymous lookup names setting : existing SD = D:(D;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS).
	Configure LSA anonymous lookup setting.
	Guest account is disabled.
 
	System Access configuration was completed successfully.
	Configure log settings.
 
	Audit/Log configuration was completed successfully.
	Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
	Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
	Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatecdroms.
	Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatedasd.
	Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatefloppies.
	Configure machine\software\microsoft\windows nt\currentversion\winlogon\cachedlogonscount.
	Configure machine\software\microsoft\windows nt\currentversion\winlogon\forceunlocklogon.
	Configure machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
	Configure machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
	Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
	Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
	Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
	Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
	Configure machine\software\microsoft\windows\currentversion\policies\system\undockwithoutlogon.
	Configure machine\system\currentcontrolset\control\lsa\auditbaseobjects.
	Configure machine\system\currentcontrolset\control\lsa\crashonauditfail.
	Configure machine\system\currentcontrolset\control\lsa\disabledomaincreds.
	Configure machine\system\currentcontrolset\control\lsa\everyoneincludesanonymous.
	Configure machine\system\currentcontrolset\control\lsa\fipsalgorithmpolicy.
	Configure machine\system\currentcontrolset\control\lsa\forceguest.
	Configure machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
	Configure machine\system\currentcontrolset\control\lsa\limitblankpassworduse.
	Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
	Configure machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminclientsec.
	Configure machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminserversec.
	Configure machine\system\currentcontrolset\control\lsa\nodefaultadminowner.
	Configure machine\system\currentcontrolset\control\lsa\nolmhash.
	Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.
	Configure machine\system\currentcontrolset\control\lsa\restrictanonymoussam.
	Configure machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
	Configure machine\system\currentcontrolset\control\session manager\kernel\obcaseinsensitive.
	Configure machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
	Configure machine\system\currentcontrolset\control\session manager\protectionmode.
	Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
	Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
	Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
	Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
	Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
	Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
	Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
	Configure machine\system\currentcontrolset\services\ldap\ldapclientintegrity.
	Configure machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange.
	Configure machine\system\currentcontrolset\services\netlogon\parameters\maximumpasswordage.
	Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
	Configure machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey.
	Configure machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel.
	Configure machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel.
 
	Configuration of Registry Values was completed successfully.
 
 
----Configure available attachment engines...
 
	Configuration of attachment engines was completed successfully.
 
 
----Un-initialize configuration engine...

Open in new window

0
 
LVL 5

Expert Comment

by:Radar07
ID: 20596349
I have no more suggestions. The errors in your detailed submission are not great but are sufficient to encourage me toward a reinstall. The cause of this situation remains a mystery to me but I'm not sure it's worth the hours to avoid the reinstall.
0
 

Author Comment

by:yet_another_jash
ID: 20598260
Radar,

Thanks for your patience and suggestions. OK, so let me round this off with a last related query. Is there no easy way of reinstalling (with all apps too) than starting from scratch? I've done it enough times to know it's nauseous and time consuming, but often wondered if there is anyway of making it easier...just wondered. All my data is backed up and so safe...

Thanks
0
 
LVL 5

Expert Comment

by:Radar07
ID: 20603462
I use an imaging product when I first install a machine. This captures the operating system and all drivers in a working (and pristine) condition. I then add applications and capture another image. I tend to blat the machine with this second image regularly (say, monthly). This keeps things fresh. If anything drastic happens I use the original image and then reload programs manually. Of course, this means automatic updates need to be reloaded after each reimage so it pays to update the image every so often. A reimage takes about 20 minutes. I know this doesn't really address your current predicament but may help develop new strategies for the future.

As for now, it probably isn't worth setting up an unattended install but it is possible to script all the answers to the install wizard, have the correct drivers load, and then install applications automatically. See http://support.microsoft.com/kb/314459 (for the short version) or http://technet2.microsoft.com/windowsserver/en/library/0930ddbf-3636-4b77-81ff-c1a073f38cbb1033.mspx?mfr=true (for the full detailed discussion). There are plenty of other helpful sites available (see Google).

In short, I think the quickest option for you at this stage is a manual (and tiem consuming) install. Sorry.
0
 

Author Closing Comment

by:yet_another_jash
ID: 31412727
Thanks for your help guys. While I wasn't able to sort this out, you did give me more than one thing to try and in doing so have added to my education! I appreciate your input.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question