Re: Going crazy over this one!

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Marc (anyone_at_anyplace.now)
Date: 03/24/04 

Date: Wed, 24 Mar 2004 15:43:59 -0400

Hi David,

I'll try the things you mention; just a quickie now: a couple of minutes ago
I ran RSOP.MSC again, and now everything -- and I do mean everything! -- is
shown as "Not Defined": Computer Setting, Startup, and Permission! Is this
expected? When I double-click on an item, everything is grayed out... :-0

Cheers,

--Marc

"David Everett [MSFT]" <deverett@online.microsoft.com> wrote in message news:exFx6NdEEHA.3804@TK2MSFTNGP09.phx.gbl...
> Hi Mark,
>
> RSOP.MSC will be blank if there is nothing being applied by policy under the
> specified location.
>
> In another post Rajneesh Mahajan posted a link to
> http://support.microsoft.com/default.aspx?scid=kb;en-us;274740. Make sure
> ACLs to these files are correct which we hop secedit did.
>
> The errors about files missing when applying a security template is normal.
>
> Here are some other things you could try:
> 1. Open HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and
> verify that logonui.exe is the only file being called.
> 2. Locate Logonui.exe on the file system and verify the Version is
> 6.0.3790.0 and from Microsoft Corporation.
> 3. If you have TS Roaming Profiles verify there are not scripts in the
> Startup folder of those profiles.
>
> The only thing about secedit I might question is the invalid structure on
> HKLM\software\Install Options. Do you have an "Install Options" key under
> HKLM\software and can you view the Permissions on this key?
>
> If you can view the Advanced security of this key see if it is inheriting
> from above. I'm not sure that this key would affect RDP logon but you could
> try the following:
> If it is Inheriting from above get a System state backup
> Uncheck this Inherit from above setting on this key and select Copy and
> Apply
> Check the Inherit from above again and click Apply.
> Click the Propagate to all child objects box and click Apply again.
> --
> David Everett
> Microsoft Corporation
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Marc" <anyone@anyplace.now> wrote in message
> news:eAJES6aEEHA.2408@TK2MSFTNGP10.phx.gbl...
> >
> > Hi David,
> >
> > >
> > > If you walk up to the console of the server and log in, not through RDP
> > > session, do you stay logged in?
> > >
> >
> > Yes, I do!
> >
> > >
> > > If you do, check TS Configuration under RDP-Tcp Properties > Environment
> and
> > > see if the check box for "Override settings from user profile and Remote
> > > Desktop Connection or Terminal Services Client" is checked.
> > >
> >
> > No, it's not checked...
> >
> > >
> > > Run RSOP.MSC and on the console of the Terminal Server and see if a the
> > > policy option "Sets a time limit for active Terminal Services sessions"
> is
> > > Enabled and set to one minute. Also, verify the policy setting
> "Terminal
> > > session when time limits are reached" is Not Configured.
> > >
> >
> > Strange, I can't seem to find either policy option -- where are they? :-0
> > I'll keep looking though...
> >
> > >
> > > You may want to reapply basic security to the server. If it is just a
> > > member server the commands to reapply default security are:
> > >
> > > 1. cd %systemroot%\security\templates
> > > 2. secedit /configure /cfg "setup security.inf" /db ss.sdb /log ss.log
> > > /verbose
> > >
> >
> > I just tried this -- twice -- and I got the following error message: "An
> extended
> > error has occurred. The task has completed with an error. See log
> C:\...\ss.log
> > for detail info." There I found the following error messages:
> >
> > ----Configure Registry Keys...
> > Configure users\.default.
> > Configure users\.default\software\microsoft\netdde.
> > Configure machine\software.
> > Warning 1336: The access control list (ACL) structure is invalid.
> > Error setting security on machine\software\Install Options.
> >
> > Configuration of Registry Keys was completed with one or more
> errors.
> >
> > I also get LOTS of errors to the effect that "the system cannot find the
> > file specified". The list is very long, but on the \system32 folder, it
> > starts with appverif.exe and goes up to w95upgnt.dll.
> >
> > Many thanks for your help, David!
> >
> > Cheers,
> >
> > --Marc
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > > David Everett
> > > Microsoft Corporation
> > >
> > > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > >
> > > "Marc" <anyone@anyplace.now> wrote in message
> > > news:u8X3FYGEEHA.1544@TK2MSFTNGP11.phx.gbl...
> > > >
> > > > Hi,
> > > >
> > > > If this is what you mean, yes, I do get precisely the same behavior if
> I
> > > try
> > > > "Remote Desktop Connection" to the server from the console itself...
> As to
> > > > the event logs, please see my reply to Vera's posting... Thanks!
> > > >
> > > > Cheers,
> > > >
> > > > --Marc
> > > >
> > > >
> > > >
> > > >
> > > > "Mike Silverman" <Noah.Body@nowhere.ca> wrote in message
> > > news:OAvZE7FEEHA.1240@TK2MSFTNGP10.phx.gbl...
> > > > > Can you log on at the console and have the same behaviour occur?
> What,
> > > > > if anything, do the event logs say?
> > > > >
> > > > > Mike.
> > > > >
> > > > > Marc wrote:
> > > > > > I kept the Symantec W32.Blaster.Worm Fix Tool 1.0.6.1
> > > > > > running on my system. After a looong scan of all my
> > > > > > hard drives, it came out with the following message:
> > > > > >
> > > > > > W32.Blaster.Worm has not been found on your computer
> > > > > >
> > > > > > Therefore, there must be another answer -- which I am
> > > > > > DESPERATELY in need of at this point!!! Will anybody
> > > > > > help, PLEASE??? Thanks so much!!!
> > > > > >
> > > > > > --Marc
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >>-----Original Message-----
> > > > > >>
> > > > > >>Hmm... Seems unlikely to me, since I have Symantec Anti-
> > > > > >>virus Corporate Edition running on this server, with
> > > > > >>automated updates, and I haven't been prompted by this
> > > > > >>program about any virus or trojans (yet)... However,
> > > > > >
> > > > > > I'll
> > > > > >
> > > > > >>give this the benefit of the doubt, and will let you
> > > > > >
> > > > > > guys
> > > > > >
> > > > > >>know what I find once I take a closer look -- thanks!
> > > > > >>
> > > > > >>Cheers,
> > > > > >>
> > > > > >>--Marc
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >>>-----Original Message-----
> > > > > >>>Sounds like Blaster Worm to me.
> > > > > >>>
> > > > > >>>Check Anti Virus sites for removal tools.
> > > > > >>>
> > > > > >>>--
> > > > > >>>
> > > > > >>>HTH
> > > > > >>>
> > > > > >>>Cheers
> > > > > >>>Lewis Knight
> > > > > >>>MCSE, MCT
> > > > > >>>Perth
> > > > > >>>OZ
> > > > > >>>
> > > > > >>>
> > > > > >>>
> > > > > >>>"Marc" <anonymous@discussions.microsoft.com> wrote in
> > > > > >>
> > > > > >>message
> > > > > >>
> > > > > >>>news:1066601c40e0a$d5ff59c0$a401280a@phx.gbl...
> > > > > >>>
> > > > > >>>>Greetings,
> > > > > >>>>
> > > > > >>>>My problem is: no one can maintain a remote session on
> > > > > >>>>this computer for more than a few seconds anymore.
> > > > > >
> > > > > > That
> > > > > >
> > > > > >>>>is, the person remotely logs on, but after a second or
> > > > > >>>>two, a window shows up saying "saving your settings",
> > > > > >>>>and the user is kicked off! What should I do???
> > > > > >
> > > > > > HELP!!!
> > > > > >
> > > > > >>>>I've been fighting this one all day, already
> > > > > >
> > > > > > uninstalled
> > > > > >
> > > > > >>>>and reinstalled terminal services and licensing, but
> > > > > >
> > > > > > to
> > > > > >
> > > > > >>>>no avail...
> > > > > >>>
> > > > > >>>
> > > > > >>>.
> > > > > >>>
> > > > > >>
> > > > > >>.
> > > > > >>
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Going crazy over this one!
    ... did you rebooted since you reapplied default security? ... Configured" and "Gray", do you mean you can open a "user right " and the ... David Everett ... >> If it is Inheriting from above get a System state backup ...
    (microsoft.public.windows.terminal_services)
  • Re: Password Expired
    ... Thank you David, just out of curiosity, which gpotool utility do you ... Also verify that those clients are actually getting ... > Please do not send e-mail directly to this alias. ...
    (microsoft.public.win2000.active_directory)
  • Re: CIAC TECH BULLETIN: 04-001 Remote Detection of the Mydoom.A Worm
    ... However, its been years since I did much with PGP, so I could be way off ... > Just when I thought I understood how to verify PGP-signed messages, I get> this result with this one: ... > (and this isn't really addressed to David Lipman--but to all those here who> can help us out in understanding how to properly verify such a post)> ... Before systems containing the MyDoom.A worm can be cleaned, ...
    (microsoft.public.scripting.virus.discussion)
  • Re: CIAC TECH BULLETIN: 04-001 Remote Detection of the Mydoom.A Worm
    ... However, its been years since I did much with PGP, so I could be way off ... > Just when I thought I understood how to verify PGP-signed messages, I get> this result with this one: ... > (and this isn't really addressed to David Lipman--but to all those here who> can help us out in understanding how to properly verify such a post)> ... Before systems containing the MyDoom.A worm can be cleaned, ...
    (microsoft.public.security.virus)
  • Re: CAPP.EXE
    ... David S wrote: ... It checks with Verisign to verify that ... expressed in this posting are mine, and do not necessarily reflect the ...
    (comp.security.firewalls)