Solved

Printer (driver) install fails due to Access Denied

Posted on 2007-12-04
18
7,459 Views
Last Modified: 2010-04-21
I've been using the excellent PDFCreator for more than 2 years. Today it failed with an empty message box (just an OK button). I removed the software and attempted to install the latest version. It appears to install fine until it gets to the point of adding the printer to the OS - here it fails with an "Access Denied" error message.

I then downloaded Primo32 and that did the same - almost all the install completed and then "Access Denied" at the 'add printer to XP' stage.

Finally, I tried adding any old printer using the Add Printer Wizard. I made out that it was connected to LPT1 and added the first printer in the list. "Unable to Add Printer. Access Denied".

This is a single user machine and I am in the Administrators Group.

I'm guessing this is a permissions issue. I have carried out some bizarre command line security reset procedure (secedit?) but to no avail. I have downloaded an HP Access Denied fix, but that didn't work.

I don't have much more hair to lose, but I'm pulling it out fast while I try to avoid a whole OS reinstall!

Open in new window

0
Comment
Question by:yet_another_jash
  • 9
  • 4
  • 3
  • +1
18 Comments
 
LVL 7

Assisted Solution

by:jax79sg
jax79sg earned 100 total points
ID: 20407721
You are most likely right in the permissions issue. At this point of time i did not find any templates that can restore your machine to non hardened state. So we might want to try our luck with the following.

Go to 'Control Panel' -> 'Administrative tools' -> Local Security Policy. This will open up a window. Make sure your settings has the following.
Under local policies -> User rights assignment
- Add administrators to 'Load and unload device drivers'
- Take ownership of files or other objects
Under local policies -> Security Options
- Set disabled to 'Devices: Prevent users fro installing printer drivers'
- Set 'silently succeed' to 'Devices: Unsigned driver installation behaviour"

Hope it helps.
0
 

Author Comment

by:yet_another_jash
ID: 20407839
jax;

Thanks for your prompt response. I checked the settings you suggested and they were set as you described them. On the way in to these individual policies though I was met with a message box "The Group Policy security setting that apply to this machine could not be determined. The error returned when trying to retrieve these settings from the local security database (%windir%\security\database\secedit.sdb) was: The parameter in incorrect.

So with that, I'm not sure if the settings you refer to are even relevant in this context - because the the local policies may be overridden by domain-level policies it suggests.

This machine is networked but is not in a domain.

(There are two spelling mistakes in the message box too!)
0
 
LVL 5

Expert Comment

by:Radar07
ID: 20407872
Try logging onto the machine as the Local Administrator and installing the printer.
0
 

Author Comment

by:yet_another_jash
ID: 20407944
Radar;

Tried that and it failed in the same way!
0
 
LVL 1

Expert Comment

by:crossl
ID: 20411394
Try running a windows repair.  Then log in as local administrator
0
 

Author Comment

by:yet_another_jash
ID: 20421805
Unfortunately, the restore CD I have does not support the RAID array and complains about not being able to see the CDROM drive. I can't take the risk of breaking it through trying to fix it...So, Windows Repair is not an option for me right now....

0
 
LVL 7

Expert Comment

by:jax79sg
ID: 20424378
Try the following to reset your security policies.
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;278316
0
 

Author Comment

by:yet_another_jash
ID: 20426132
Nope, that didn't work either....
0
 
LVL 1

Expert Comment

by:crossl
ID: 20426176
Have you actually tried to create a new, additional Administrative user and see if you get the same problem?  Maybe something is wrong with your profile?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:yet_another_jash
ID: 20426294
I like that idea, but when I did just as you suggest, the process of adding a printer failed in exactly the same way.  It *has* to be something along the lines of policies/permissions though, doesn't it?

I also noticed today that when I delete something, the recycle bin is reported as being corrupt. I'm off to google that one now and hope it's related somehow.
0
 
LVL 1

Assisted Solution

by:crossl
crossl earned 100 total points
ID: 20426675
ok.  Can you use your CD rom logged on as you.  If so, run a Windows consistency check?

At Start / Run  type SFC /SCANNOW.  IT will probably ask you to insert your windows CD.
0
 

Author Comment

by:yet_another_jash
ID: 20541941
I ran a Windows consistency check - it didn't ask for my CD, neither did it throw up any problems.

I'm still stumped.

Any more suggestions?
0
 
LVL 5

Accepted Solution

by:
Radar07 earned 300 total points
ID: 20545188
You said you tried "some bizarre command line security reset procedure (secedit?)". Can you place here exactly what you tried? It may or may not have been something like what I suggest below.

The following could help if your security database has not been shutdown properly:

- open a cmd prompt
- change to the windows\security folder
- run "esentutl /r edb" (no quotes)
- run "esentutl /mh"

If this doesn't fix the problem, try a repair:

- open a cmd prompt
- run "esentutl /p %windir%\security\database\secedit.sdb" (no quotes) - to repair
- run "esentutl /d %windir%\security\database\secedit.sdb" (no quotes) - to defrag

If that still doesn't work, you coud reset securities back to defaults (http://support.microsoft.com/default.aspx?scid=kb;en-us;313222) but you lose a lot of custom information (file/folder and registry permissions, policy settings, group membership, etc).


Please report any errors shown in event viewer.

0
 

Author Comment

by:yet_another_jash
ID: 20547244
Radar,

Thanks for taking the time to post your suggestions. I have attached the output of them as a code snippet. The first two commands you gave me appeared to be without the necessary arguments ( I have piped the output of them and put it at the top of the code snippet). The next two completed without issue.

After each stage, I checked and can confirm that I still cannot add a printer - it fails with the same error message.

I then performed the security reset procedure that you directed me to in the knowledge base. That completed with errors, so I have included the log file from that operation in the code snippet too.

I really am coming round to the view that there is little I can do to avoid a damn reinstall here....

Thanks again.
- open a cmd prompt

- change to the windows\security folder

- run "esentutl /r edb" (no quotes)

- run "esentutl /mh"
 

Microsoft(R) Windows(TM) Database Utilities
 

Version 5.1
 

Copyright (C) Microsoft Corporation. All Rights Reserved.
 
 
 

Initiating RECOVERY mode...

    Logfile base name: edb

            Log files: <current directory>

         System files: <current directory>
 

Performing soft recovery...
 

Operation terminated with error -528 (JET_errMissingLogFile, Current log file missing) after 0.16 seconds.
 
 

Microsoft(R) Windows(TM) Database Utilities
 

Version 5.1
 

Copyright (C) Microsoft Corporation. All Rights Reserved.
 
 
 

Usage Error: Missing database/filename specification.
 

Operation terminated with error -1003 (JET_errInvalidParameter, Invalid API parameter) after 0.0 seconds.
 
 

If that still doesn't work, you coud reset securities back to defaults...
 

-------------------------------------------

Saturday, December 29, 2007 9:03:53 AM

----Configuration engine was initialized successfully.----
 

----Reading Configuration Template info...
 
 

----Configure User Rights...

	Configure S-1-5-21-4082297255-3916078401-944108286-1002.

		remove SeBatchLogonRight.

		remove SeDenyNetworkLogonRight.

		remove SeDenyInteractiveLogonRight.

	Configure S-1-5-21-4082297255-3916078401-944108286-1003.

		remove SeNetworkLogonRight.

		remove SeBatchLogonRight.

		remove SeServiceLogonRight.

		remove SeDenyInteractiveLogonRight.

		remove SeDenyRemoteInteractiveLogonRight.

		remove SeImpersonatePrivilege.

	Configure S-1-5-21-4082297255-3916078401-944108286-1005.

		remove SeBatchLogonRight.

	Configure S-1-5-21-4082297255-3916078401-944108286-501.

		remove SeInteractiveLogonRight.

		remove SeDenyInteractiveLogonRight.

	Configure S-1-5-20.

		remove SeServiceLogonRight.

	Configure S-1-5-19.

	Configure S-1-5-32-551.

	Configure S-1-5-32-544.

	Configure S-1-1-0.

	Configure S-1-5-32-545.

	Configure S-1-5-32-547.

	Configure S-1-5-6.

	Configure S-1-5-4.

	Configure S-1-5-21-861567501-1078081533-725345543-501.

		add SeInteractiveLogonRight.

		add SeDenyNetworkLogonRight.

		add SeDenyInteractiveLogonRight.

	Configure S-1-5-32-555.
 

	User Rights configuration was completed successfully.
 
 

----Configure Group Membership...

	Configure Users.
 

	Group Membership configuration was completed successfully.
 
 

----Configure Registry Keys...

	Configure users\.default.

	Configure users\.default\software\microsoft\netdde.

	Configure machine\software.

	Configure machine\software\classes.

	Configure machine\software\classes\.hlp.

	Configure machine\software\classes\helpfile.

	Configure machine\software\microsoft\ads\providers\ldap\extensions.

	Configure machine\software\microsoft\ads\providers\nds.

	Configure machine\software\microsoft\ads\providers\nwcompat.

	Configure machine\software\microsoft\ads\providers\winnt.

	Configure machine\software\microsoft\bidinterface.

	Configure machine\software\microsoft\command processor.

	Configure machine\software\microsoft\cryptography.

	Configure machine\software\microsoft\cryptography\calais.

	Configure machine\software\microsoft\devicemanager.

	Configure machine\software\microsoft\driver signing.

	Configure machine\software\microsoft\enterprisecertificates.

	Configure machine\software\microsoft\netdde.

	Configure machine\software\microsoft\non-driver signing.

	Configure machine\software\microsoft\ole.

	Configure machine\software\microsoft\rpc.

	Configure machine\software\microsoft\secure.

	Configure machine\software\microsoft\systemcertificates.

	Configure machine\software\microsoft\upnp device host.

	Configure machine\software\microsoft\windows\currentversion\explorer\user shell folders.

	Configure machine\software\microsoft\windows\currentversion\reliability.

	Configure machine\software\microsoft\windows\currentversion\runonce.

	Configure machine\software\microsoft\windows\currentversion\runonceex.

	Configure machine\software\microsoft\windows\currentversion\telephony.

	Configure machine\software\microsoft\windows nt\currentversion\accessibility.

	Configure machine\software\microsoft\windows nt\currentversion\aedebug.

	Configure machine\software\microsoft\windows nt\currentversion\asr\commands.

	Configure machine\software\microsoft\windows nt\currentversion\classes.

	Configure machine\software\microsoft\windows nt\currentversion\drivers32.

	Configure machine\software\microsoft\windows nt\currentversion\efs.

	Configure machine\software\microsoft\windows nt\currentversion\font drivers.

	Configure machine\software\microsoft\windows nt\currentversion\fontmapper.

	Configure machine\software\microsoft\windows nt\currentversion\image file execution options.

	Configure machine\software\microsoft\windows nt\currentversion\inifilemapping.

	Configure machine\software\microsoft\windows nt\currentversion\perflib.

	Configure machine\software\microsoft\windows nt\currentversion\profilelist.

	Configure machine\software\microsoft\windows nt\currentversion\secedit.

	Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole.

	Configure machine\software\microsoft\windows nt\currentversion\svchost.

	Configure machine\software\microsoft\windows nt\currentversion\terminal server\install\software\microsoft\windows\currentversion\run.

	Configure machine\software\microsoft\windows nt\currentversion\terminal server\install\software\microsoft\windows\currentversion\runonce.

	Configure machine\software\microsoft\windows nt\currentversion\time zones.

	Configure machine\software\microsoft\windows nt\currentversion\windows.

	Configure machine\software\microsoft\windows nt\currentversion\winlogon.

	Configure machine\software\policies.

	Configure machine\system.

	Configure machine\system\currentcontrolset\control\class.

	Configure machine\system\currentcontrolset\control\keyboard layout.

	Configure machine\system\currentcontrolset\control\keyboard layouts.

	Configure machine\system\currentcontrolset\control\lsa\data.

	Configure machine\system\currentcontrolset\control\lsa\gbg.

	Configure machine\system\currentcontrolset\control\lsa\jd.

	Configure machine\system\currentcontrolset\control\lsa\skew1.

	Configure machine\system\currentcontrolset\control\securepipeservers\winreg.

	Configure machine\system\currentcontrolset\control\session manager\executive.

	Configure machine\system\currentcontrolset\control\timezoneinformation.

	Configure machine\system\currentcontrolset\control\wmi\security.

	Configure machine\system\currentcontrolset\services\appmgmt\security.

	Configure machine\system\currentcontrolset\services\clipsrv\security.

	Configure machine\system\currentcontrolset\services\cryptsvc\security.

	Configure machine\system\currentcontrolset\services\dnscache.

	Configure machine\system\currentcontrolset\services\ersvc\security.

	Configure machine\system\currentcontrolset\services\eventlog\security.

	Configure machine\system\currentcontrolset\services\irenum\security.

	Configure machine\system\currentcontrolset\services\netbt.

	Configure machine\system\currentcontrolset\services\netdde\security.

	Configure machine\system\currentcontrolset\services\netddedsdm\security.

	Configure machine\system\currentcontrolset\services\remoteaccess.

	Configure machine\system\currentcontrolset\services\rpcss\security.

	Configure machine\system\currentcontrolset\services\samss\security.

Warning 2: The system cannot find the file specified.

 	Error enumerating info for machine\system\currentcontrolset\services\scarddrv.

	Configure machine\system\currentcontrolset\services\scardsvr\security.

	Configure machine\system\currentcontrolset\services\stisvc\security.

	Configure machine\system\currentcontrolset\services\sysmonlog\log queries.

	Configure machine\system\currentcontrolset\services\tapisrv\security.

	Configure machine\system\currentcontrolset\services\tcpip.

	Configure machine\system\currentcontrolset\services\tcpip\linkage.

	Configure machine\system\currentcontrolset\services\w32time\security.

	Configure machine\system\currentcontrolset\services\wmi\security.
 

	Configuration of Registry Keys was completed successfully.
 
 

----Configure File Security...

	Configure c:\.
 

	File Security configuration was completed with one or more errors.
 
 

----Configure General Service Settings...

	Configure w32time.

	Configure upnphost.

	Configure TrkWks.

	Configure SSDPSRV.

	Configure Spooler.

	Configure SENS.

	Configure seclogon.

	Configure secdrv.

Warning 2: The system cannot find the file specified.

 	Error configuring secdrv.
 

	General Service configuration was completed with one or more errors.
 
 

----Configure available attachment engines...
 

	Configuration of attachment engines was completed successfully.
 
 

----Configure Security Policy...

	Configure password information.

	LSA anonymous lookup names setting : existing SD = D:(D;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS).

	Configure LSA anonymous lookup setting.

	Guest account is disabled.
 

	System Access configuration was completed successfully.

	Configure log settings.
 

	Audit/Log configuration was completed successfully.

	Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.

	Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.

	Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatecdroms.

	Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatedasd.

	Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatefloppies.

	Configure machine\software\microsoft\windows nt\currentversion\winlogon\cachedlogonscount.

	Configure machine\software\microsoft\windows nt\currentversion\winlogon\forceunlocklogon.

	Configure machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.

	Configure machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.

	Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.

	Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.

	Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.

	Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.

	Configure machine\software\microsoft\windows\currentversion\policies\system\undockwithoutlogon.

	Configure machine\system\currentcontrolset\control\lsa\auditbaseobjects.

	Configure machine\system\currentcontrolset\control\lsa\crashonauditfail.

	Configure machine\system\currentcontrolset\control\lsa\disabledomaincreds.

	Configure machine\system\currentcontrolset\control\lsa\everyoneincludesanonymous.

	Configure machine\system\currentcontrolset\control\lsa\fipsalgorithmpolicy.

	Configure machine\system\currentcontrolset\control\lsa\forceguest.

	Configure machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.

	Configure machine\system\currentcontrolset\control\lsa\limitblankpassworduse.

	Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.

	Configure machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminclientsec.

	Configure machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminserversec.

	Configure machine\system\currentcontrolset\control\lsa\nodefaultadminowner.

	Configure machine\system\currentcontrolset\control\lsa\nolmhash.

	Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.

	Configure machine\system\currentcontrolset\control\lsa\restrictanonymoussam.

	Configure machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.

	Configure machine\system\currentcontrolset\control\session manager\kernel\obcaseinsensitive.

	Configure machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.

	Configure machine\system\currentcontrolset\control\session manager\protectionmode.

	Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.

	Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.

	Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.

	Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.

	Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.

	Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.

	Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.

	Configure machine\system\currentcontrolset\services\ldap\ldapclientintegrity.

	Configure machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange.

	Configure machine\system\currentcontrolset\services\netlogon\parameters\maximumpasswordage.

	Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.

	Configure machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey.

	Configure machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel.

	Configure machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel.
 

	Configuration of Registry Values was completed successfully.
 
 

----Configure available attachment engines...
 

	Configuration of attachment engines was completed successfully.
 
 

----Un-initialize configuration engine...

Open in new window

0
 
LVL 5

Expert Comment

by:Radar07
ID: 20596349
I have no more suggestions. The errors in your detailed submission are not great but are sufficient to encourage me toward a reinstall. The cause of this situation remains a mystery to me but I'm not sure it's worth the hours to avoid the reinstall.
0
 

Author Comment

by:yet_another_jash
ID: 20598260
Radar,

Thanks for your patience and suggestions. OK, so let me round this off with a last related query. Is there no easy way of reinstalling (with all apps too) than starting from scratch? I've done it enough times to know it's nauseous and time consuming, but often wondered if there is anyway of making it easier...just wondered. All my data is backed up and so safe...

Thanks
0
 
LVL 5

Expert Comment

by:Radar07
ID: 20603462
I use an imaging product when I first install a machine. This captures the operating system and all drivers in a working (and pristine) condition. I then add applications and capture another image. I tend to blat the machine with this second image regularly (say, monthly). This keeps things fresh. If anything drastic happens I use the original image and then reload programs manually. Of course, this means automatic updates need to be reloaded after each reimage so it pays to update the image every so often. A reimage takes about 20 minutes. I know this doesn't really address your current predicament but may help develop new strategies for the future.

As for now, it probably isn't worth setting up an unattended install but it is possible to script all the answers to the install wizard, have the correct drivers load, and then install applications automatically. See http://support.microsoft.com/kb/314459 (for the short version) or http://technet2.microsoft.com/windowsserver/en/library/0930ddbf-3636-4b77-81ff-c1a073f38cbb1033.mspx?mfr=true (for the full detailed discussion). There are plenty of other helpful sites available (see Google).

In short, I think the quickest option for you at this stage is a manual (and tiem consuming) install. Sorry.
0
 

Author Closing Comment

by:yet_another_jash
ID: 31412727
Thanks for your help guys. While I wasn't able to sort this out, you did give me more than one thing to try and in doing so have added to my education! I appreciate your input.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

cPanel is a Unix based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides functionality for administrators, rese…
When I recently replaced my image transfer kit on my office HP color laserjet 5550dn printer, I had a slight problem.  The left bracket that holds the transfer kit got stuck in the upright locked position instead of being at a 45 degree angle facing…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now