Link to home
Start Free TrialLog in
Avatar of dwils15
dwils15

asked on

Content advisor turns on by itself.

Hi, I work in a university computer testing lab. I set up a model computer with content advisor enabled. I put about 5 sites in the list to see how it would work. I later updated the list to include over 50 sites and then created a ghost image. (gs 2.0.1). I sent this image out to over 200 computers and it seemed to work fine. Suddenly, after a few weeks without problem, I started getting content advisor windows popping up saying that it required my password. I checked the access list and my list had reverted back to its previous state of the 5 site I started with, on most if not all of the computers. I updated the list yet again, and made/sent a new image. A few weeks later the same thing happened.  I updated the list, and then I disabled content advisor completely, made/sent new image. A few weeks later content advisor had turned back on, and reverted back to the old list, on most of the computers, and it seems that when it happens, it happens on all the computers at the same time.
I then went into the registry, and deleted the key that enables content advisor, and a few weeks later they all had a key reinstalled in the registry. The key btw, is HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\RATINGS\KEY

I then went into the registry, deleted the entire ratings folder, and cleaned out the registry with ccleaner, i believe was the name. I restarted the computer, and verified that the ratings folder was completely gone from the registry. I checked content advisor and it was off. I created a new image, and it worked fine... for about 2 weeks, then some how the folder reappeared, the key was back in the folder, and content advisor was re-enabled, with the original 5 sites I had set up!!!! This happened on at least 30 of the 40 computers I sent the new image to, all on the same day.
I am thinking that when the computers receive an automatic update, the folder somehow reinstalls, and for some reason put the key back in the registry, which re-enables content advisor. I can not turn off automatic updates, as it is set by university domain policy.

Any ideas, of how to get rid of this problem for good. Right now I have to hand around the lab to see if it will turn itself back on, and if it does I have to go to every computer as somebody sits down to take a test, to turn it off.
Avatar of Felix Grushevsky
Felix Grushevsky
Flag of United States of America image

Turn off system restore (control panel - system - system restore tab, put checkmark on "Turn off System Restore") before making the change (disabling content advisor)
Don't forget to turn on system restore afterwards....
To add to fgrushevsky's comment. After disabling the content advisor and before disabling the System Restore, create a new restore point and purge all the previous restore point. This will ebsure that the image you create later is clean.
Avatar of dwils15
dwils15

ASKER

so to be clear...
I should disable content advisor, then create a new restore point, then disable system restore, and then leave system restore off?

thanks for the quick reply.
Ya. Sound confliting to fgrushevsky. But it is not. The goal is not to leave any restore point in the image that contain setting with enabled content advisor.

"Disable content advisor >> create new restore point >> purge all previous restore point >> create ghost image" will ensure that the image you create later is clean. Do not need to turn off System Restore. This way, you can be sure whether it was NOT the System Restore that gave you the problem if it happen again.

Suggestion by fgrushevsky also works. However, there might be older restore points in the system that have content advisor anbled. Therefore, you can be sure whether it was the System Restore that gave you the problem if it happen again.

Sorry. in the last sentence of my previous comment. It should read "Suggestion by fgrushevsky also works. However, there might be older restore points in the system that have content advisor anbled. Therefore, you can NOT be sure whether it was the System Restore that gave you the problem if it happen again."  ------ missing a NOT.
Avatar of dwils15

ASKER

sorry, i meant to say:

so to be clear...
I should disable content advisor, then create a new restore point, then disable system restore, and then turn system resore back on?

thanks for the quick reply.
Avatar of dwils15

ASKER

ahhh. thanks
Sorry again. I'm definitely NOT an expert in typing!!! Missing too many NOT !!! Please let me repost my comment:

"Disable content advisor >> create new restore point >> purge all previous restore point >> create ghost image" will ensure that the image you create later is clean. Do not need to turn off System Restore. This way, you can be sure that it was NOT the System Restore that gave you the problem if it happen again.

Suggestion by fgrushevsky also works. However, there might be older restore points in the system that have content advisor enabled. Therefore, you can NOT be sure that it was NOT the System Restore that gave you the problem if it happen again.

Good luck.
Avatar of dwils15

ASKER

Is there a way of purging the restore points besides disabling it?
I have tried disabling content advisor, then turning contetnt advisor off/deleting the key from the registry, and then turning content advisor back on. Then I created a ghost image.
3 days later content advisor is back on my machines.

I checked the system restore, and there are no points saved besides the one created when I turned system restore back on, and a manual one I created right after turning it on.
Avatar of dwils15

ASKER

Aslo, I noticed that I had set the system restore to 3%. Now that content advisor is back on, system restore has been moved to the max of 12%.
To purge old restore points except most recent one, go to Start >> All Programs >> Accessories >> System Tools >> Disk Cleanup --- at "More Option" tab, select "System Restore - Clean up".

Do not worry about the % setting, it was to set how much disk space you want to allocate for system restore usage.
Avatar of dwils15

ASKER

No luck.
I have turned system restore off completely, purged files, deleted  HKLM\software\microsoft\windows\policies\ratings and even completely uninstalled internet explorer. I ran ccleaner to clean the registry, and when I verified that CA was disabled I restarted the machine. When the computer loaded back up, Internet explorer was gone (because I uninstalled it) but the HKLM\software\microsoft\windows\policies\ratings key was back in the registry and enabled.
I leave in a few weeks for a week long vacation and my biggest concern is getting content blocker turned off for good before I leave to keep the lab running as smooth as possible while im gone.
What keeps adding the HKLM\software\microsoft\windows\policies\ratings  key back in the registry? what is it tied to?
Well. I do not have the answer to your question. However, I hope the following temporary work around may give a peace of mind during your vacation.

According to your description -- "and content advisor was re-enabled, with the original 5 sites I had set up!!!! ", when the CA is re-enabled automatically, it contain the previous site settings. So, I'm thinking if you set some CA settings that is not going to affect the running of the lab when it is enabled, then although you cannot find the root cause of this problem, you can at least have a break at the mean time.
Avatar of dwils15

ASKER

Actually, no. I have changed the list of allowed/blocked sites a dozen times. When it turns back on i get the original 5 sites. When it is alreay on and decides to change, it goes back from any changes ive made to the original 5 sites. This thing is worse than a virus. Ive finally decided to wipe out the machine. I ran fdisk and reinstalled windows. I am currently setting it back up again.

Thanks for all the responses.
You are welcome and regret that not being able to help.
May be you have already got things working alright now by creating a fresh modal station. However, I'm as curoius as you did why the hell the registry entries came back after it was changed manually. If you still have any station with the old problem os image, can you look into the section "\HKEY_USERS\", there will be subkeys for individual users including the Default user, go into some of these user subkey and look for "\software\microsoft\windows\policies\ratings"  key to see if any of it reamin the same with the original 5 sites even you have manually changed the list (which will reflect at the "\software\microsoft\windows\CurrentVersion\policies\ratings" key. Here, I wonder if the CA key's old values were kept persistent with some users, for example, the Default user.
Avatar of dwils15

ASKER

I have 2 stations that I did not change yet. I will check these keys and get back to you.
ASKER CERTIFIED SOLUTION
Avatar of dwils15
dwils15

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
The Asker asked a question but did not disclose some crucial information, but at the end used the information hold to claim it is the answer to the question. This was a total waste of time for those who participated. So, no point should go to anyone and the asker should NOT get a refund as well.
Avatar of dwils15

ASKER

No refund necessary. IEAK was something I had experimented with for about 2 days almost a year before I started having this problem. I completely forgot it was on the machine. None the less if that was the problem none of the experts could have answered correctly. Thanks for all the input from the experts.