Re: cloning /reseal process clonges the user priviliege

mike,

So.. now when you are able to see the files, for the user1 please check it out what NTFS permission are set on the user's ntuser.dat
file BEFORE the cloning and AFTER the cloning.
If nothing suspicious is there, you please feel free to report this but to Microsoft.

Also, I assume both users belong to the same group - Power Users?
Also, is there any chance someone did another script or etc. on your image that might be changing something in user permissions or
etc.? (just remembering the other thread with you that was finished recently)

--
=========
Regards,
KM

KM,

i find out why i didn't see that file. why i log in as "user-1" and
changed explorer setting to "show hidden files and folders", this
setting has been reset back to "do not show hidden files and folders"

but why i log in as "user-2", i was able to change that setting and see
"ntuser.data" file.

recap:
PRE CLONING:
1. created users "user-1" and "user-2"
2. logged in as "user-1", but didn't log in as "user-2"

POST CLONING:
1, "user-1" is not able to modify it's own registry
key(HKLM_current_user), not able to set explorer setting to "show
hidden files and folders" or "hide protected OS files".

2. "user-2" is able to do anything such as delete its own keys.....

this is very strange.....

thanks

as why i didn't see those files under my regular XP Pro, i used the
explorer's search option, it didn't find those files, but they actually
are there.


KM wrote:
mike,

How come? Are you exploring now the post-FBA or pre-FBA image?
I was certainly referring to post-FBA image since the account profiles are created during FBA. Moreover, you should play with the
file after you logged in the user1 account since it is the time when the ntuser.dat would be created.

Also, please make sure you turn ON the Explorer's option "Show hidden files and folders" because user profile registry hives are
hidden files.

--
=========
Regards,
KM


"mike-ca" <bosanovav1@xxxxxxxxx> wrote in message news:1161375960.896115.106800@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
KM,

not such file on my XPE machine, on my regular xp pro machine, this
file is only present under "documents and settings\All Users"

thanks


KM wrote:
Mike,

Sorry, my bad. I meant "\Documents and Settings\<user profile>\ntuser.dat" file.

There have been some issues reported about fbreseal (SP2) on the way how it deals with security permissions on NTFS.

--
=========
Regards,
KM


"mike-ca" <bosanovav1@xxxxxxxxx> wrote in message news:1161373469.213749.49590@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
KM,

i used NTFS. there is no such file as "ntdata.data" in "document and
settings", in fact, there is no such file in my system at all.

i have found another problem with cloning, i can only run the cloned
image for 2 days before license expires and no longer able to log into
the system. my another image(without cloning) has been running for
more than 2 weeks without encounter the activation problem.

thanks

KM wrote:
mike,

Quick questions to clarify the issue:
- do you use NTFS on your target device's OS partition?
- when you say you "both user can modify the files in its own "document and setting" folders", does this mean user1 have
full
control over the ntdata.dat file created under his profile folder? Try to delete or modify that file being logged under the
user1
after cloning. If you can do that, there is enough permissions for that file.

--
=========
Regards,
KM

i ran into a very strange problem, i am most certain it is a microsoft
bug, just wondering if anyone has encountered the similiar problem

BEFORE CLONING:
1. set "cmiResealPhase" to 0, completes FBA process
2. creates two users "user-1" and "user-2", assign them to "Users"
group
3. login as "user-1", modifies "HKEY_Current_User" reg keys
4. run "fbreseal.exe -keepdomain -keepnet -keepuser -keepmounted",
then reboots

AFTER CLONING:
1. login as "user-1", this user cannot modify the "HKEY_Current_User"
reg keys (Error "Cannot create key: Error writing to the registry)
2. login as "user-2", this user can modify the "HKEY_Current_User" reg
key

both user can modify the files in its own "document and setting"
folders, since both belong to "Users" group, they should be able to
modify their own "HKEY_Current_User" reg keys as well.


before run "fbreseal.exe" i created both users, but ONLY logged in as
"user-1", didn't log in as "user-2", that's the only difference.


thanks






.