Sign in with
Sign up | Sign in
Your question

Local Service, winreg, remote registry

Last response: in Windows XP
Share
Anonymous
August 27, 2004 8:51:02 PM

Archived from groups: microsoft.public.windowsxp.work_remotely,microsoft.public.windows.server.migration (More info?)

Regarding the problem of having to add Local Service to have read permissions
on
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg

in what specific situations does the problem occur? Is the problem only
caused by upgrades from Win2K to WinXP? Specifically which upgrades will
lead to this problem?

With solutions, are there any Microsoft updates, hotfixes, service packs?
Or must administrators add the permissions manually?

Can Microsoft release a Knowledgebase Article on this issue, listing all the
cases that the problem can occur, and the corresponding solution to each case?

Thank you.
Anonymous
August 30, 2004 5:27:47 PM

Archived from groups: microsoft.public.windowsxp.work_remotely,microsoft.public.windows.server.migration (More info?)

Hi Joseph,

This issue specifically affects upgrades from Windows 2000 SP4 and later to
Windows XP and Windows XP SP1. Windows 2000 SP4 machines upgraded with
Windows XP SP2 slipstreamed will not have this issue. Windows XP machines
still at SP1 can have the following hotfix applied to correct the
permissions:

832082 Smart card stops functioning or you cannot access the local registry
http://support.microsoft.com/?id=832082

NOTE: Any machines upgraded from Windows 2000 SP4 to Windows XP and which
have been already been upgraded to SP2 will need the permissions added via
GPO or with a security template. I have attached a winreg.inf file which
applies only the Winreg security settings. This setting is from the SP2
"Default Security Settings applied on Professional Upgrade" security
template called Dwup.inf. Just copy winreg.txt to the root of C:, rename it
as winreg.inf, and run this command from the command line:

"%systemroot%\system32\secedit.exe /configure /cfg c:\winreg.inf /areas
REGKEYS /db %systemroot%\security\Database\winreg.sdb"

--
David Everett
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.

"Joseph Chow" <JosephChow@discussions.microsoft.com> wrote in message
news:D 60E24B0-7F6A-445D-B027-EBF8C5D2EC18@microsoft.com...
> Regarding the problem of having to add Local Service to have read
permissions
> on
>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
>
> in what specific situations does the problem occur? Is the problem only
> caused by upgrades from Win2K to WinXP? Specifically which upgrades will
> lead to this problem?
>
> With solutions, are there any Microsoft updates, hotfixes, service packs?
> Or must administrators add the permissions manually?
>
> Can Microsoft release a Knowledgebase Article on this issue, listing all
the
> cases that the problem can occur, and the corresponding solution to each
case?
>
> Thank you.


begin 666 winreg.txt
M6U!R;V9I;&4@1&5S8W)I<'1I;VY=#0HE4T-%1%=5<%!R;V9I;&5$97-C<FEP
M=&EO;B4-"@T*6W9E<G-I;VY=#0IS:6=N871U<F4](B1#2$E#04=/)"(-"G)E
M=FES:6]N/3$-"D1R:79E<E9E<CTP-R\P,2\R,# Q+#4N,2XR-C P+C(Q.# -
M"@T*6U)E9VES=')Y($ME>7-=#0HB34%#2$E.15Q365-414U<0W5R<F5N=$-O
M;G1R;VQ3971<0V]N=')O;%Q396-U<F50:7!E4V5R=F5R<UQW:6YR96<B+#(L
M(D0Z4"A!.T-).T=!.SL[0D$I*$$[.T=2.SL[0D\I*$$[0TD[1U([.SM,4RDB
M#0H-"EM3=')I;F=S70T*4V-E26YF061M:6YI<W1R871O<B ](")!9&UI;FES
M=')A=&]R(@T*4V-E26YF061M:6YS(#T@(D%D;6EN:7-T<F%T;W)S(@T*4V-E
M26YF06-O=6YT3W @/2 B06-C;W5N="!/<&5R871O<G,B#0I38V5);F9!=71H
M57-E<G,@/2 B075T:&5N=&EC871E9"!5<V5R<R(-"E-C94EN9DEN=&5R86-T
M:79E(#T@(DE.5$5204-4259%(@T*4V-E26YF0F%C:W5P3W @/2 B0F%C:W5P
M($]P97)A=&]R<R(-"E-C94EN9D1O;6%I;D%D;6EN<R ](")$;VUA:6X@061M
M:6YS(@T*4V-E26YF1&]M86EN1W5E<W1S(#T@(D1O;6%I;B!'=65S=',B#0I3
M8V5);F9$;VUA:6Y5<V5R<R ](")$;VUA:6X@57-E<G,B#0I38V5);F9%=F5R
M>6]N92 ](")%=F5R>6]N92(-"E-C94EN9D=U97-T<R ](")'=65S=',B#0I3
M8V5);F9'=65S=" ](")'=65S="(-"E-C94EN9E!O=V5R57-E<G,@/2 B4&]W
M97(@57-E<G,B#0I38V5);F90<FEN=$]P(#T@(E!R:6YT($]P97)A=&]R<R(-
M"E-C94EN9E)E<&QI8V%T;W(@/2 B4F5P;&EC871O<B(-"E-C94EN9E5S97)S
M(#T@(E5S97)S(@T*4V-E26YF3&]C86Q397)V:6-E(#T@(DQO8V%L(%-E<G9I
M8V4B#0I38V5);F9.971W;W)K4V5R=FEC92 ](").971W;W)K(%-E<G9I8V4B
M#0I38V5);F9296UO=&5$97-K=&]P57-E<G,@/2 B4F5M;W1E($1E<VMT;W @
M57-E<G,B#0I38V5);F90<F]G<F%M1FEL97,@/2 B)5!R;V=R86U&:6QE<R4B
M#0I38V5);F9#;VUM;VY0<F]G<F%M1FEL97,@/2 B)4-O;6UO;E!R;V=R86U&
M:6QE<R4B#0I38V5$5U5P4')O9FEL941E<V-R:7!T:6]N(#T@(E-E8W5R:71Y
M(&%P<&QI960@=&\@=7!G<F%D960@=V]R:W-T871I;VYS(@T*4T-%26YF4WES
M9&ER,2 ](")E9&ET+F-O;2(-"E-#14EN9E-Y<V1I<C(@/2 B961I="YH;' B
<#0I30T5);F9(96QP,2 ](")S:6=N:6XN:&QP(@``
`
end
Anonymous
September 2, 2004 12:23:10 AM

Archived from groups: microsoft.public.windowsxp.work_remotely,microsoft.public.windows.server.migration (More info?)

Hi David,

Thank you for the precise reply. I had to examine slipstreaming to fully
understand what's going on. It's a little unfortunate that SP2 does not
automatically fix this issue.

Joseph :) 
Anonymous
June 24, 2005 4:22:04 AM

Archived from groups: microsoft.public.windowsxp.work_remotely,microsoft.public.windows.server.migration (More info?)

Where can I find the file "winreg.txt " that you referred to?
How can I get the hotfix kb832082 If I did not download and install SP2
(it's too big~)?


"David Everett [MSFT]" wrote:

> Hi Joseph,
>
> This issue specifically affects upgrades from Windows 2000 SP4 and later to
> Windows XP and Windows XP SP1. Windows 2000 SP4 machines upgraded with
> Windows XP SP2 slipstreamed will not have this issue. Windows XP machines
> still at SP1 can have the following hotfix applied to correct the
> permissions:
>
> 832082 Smart card stops functioning or you cannot access the local registry
> http://support.microsoft.com/?id=832082
>
> NOTE: Any machines upgraded from Windows 2000 SP4 to Windows XP and which
> have been already been upgraded to SP2 will need the permissions added via
> GPO or with a security template. I have attached a winreg.inf file which
> applies only the Winreg security settings. This setting is from the SP2
> "Default Security Settings applied on Professional Upgrade" security
> template called Dwup.inf. Just copy winreg.txt to the root of C:, rename it
> as winreg.inf, and run this command from the command line:
>
> "%systemroot%\system32\secedit.exe /configure /cfg c:\winreg.inf /areas
> REGKEYS /db %systemroot%\security\Database\winreg.sdb"
>
> --
> David Everett
> Microsoft Corporation
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Joseph Chow" <JosephChow@discussions.microsoft.com> wrote in message
> news:D 60E24B0-7F6A-445D-B027-EBF8C5D2EC18@microsoft.com...
> > Regarding the problem of having to add Local Service to have read
> permissions
> > on
> >
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
> >
> > in what specific situations does the problem occur? Is the problem only
> > caused by upgrades from Win2K to WinXP? Specifically which upgrades will
> > lead to this problem?
> >
> > With solutions, are there any Microsoft updates, hotfixes, service packs?
> > Or must administrators add the permissions manually?
> >
> > Can Microsoft release a Knowledgebase Article on this issue, listing all
> the
> > cases that the problem can occur, and the corresponding solution to each
> case?
> >
> > Thank you
!