Resetting rights to system files
SUMMARY
When an administrator attempts to secure the Microsoft Windows NT system by changing the default Windows NT file system (NTFS) file and directory permissions set up on the and/or the default system directories and subdirectories, some functions, such as users' ability to log on to the network, may be impaired. In extreme cases, the system may display a blue screen error message on startup.
WORKAROUND
Reinstall Windows NT into a separate directory. This will allow you to restore your operating system files %systemroot% from a backup tape that contains the correct default permissions to allow the operating system to boot and function normally. After Windows NT is restored and restarted, you can delete the parallel copy of Windows NT.
-OR-
Use the NT v4.0 Resource Kit utility called FIXACLS.EXE.
FIXACLS.EXE can be found in the NT v4.0 Resource Kit Supplement Two.
When system permissions have been lost, FIXACLS can restore default permissions to the system files. For example, the Windows NT convert command only converts your file system to NTFS. It does not set the default permissions after the conversion. FIXACLS fills this gap.
To use FIXACLS, your user account needs "Backup files and folders" privileges on the computer where the files and folders are stored, and you must be logged on as a member of the Administrators group for the domain or computer where your user account is defined. Otherwise, "Access denied" error messages may occur.
FIXACLS sets the permissions to the values defined in %SYSTEMROOT%\INF\PERMS.INF. Therefore, access to this file is also required to run FIXACLS
11/06/2001
How to Install the Windows Recovery Console (Q216417) To install the Windows Recovery Console after Windows is already installed on your computer:
Click Start, click Run, and then type CD-ROM drive letter:\i386\winnt32.exe /cmdcons in the Open box, where CD-ROM drive letter is the drive letter assigned to your CD-ROM drive.
Click Start, click Run, and then type CD-ROM drive letter:\i386\winnt32.exe /cmdcons in the Open box, where CD-ROM drive letter is the drive letter assigned to your CD-ROM drive.
Using REGEDIT to add, remove, and edit registry entries
REGEDIT.EXE [ /L:system ¦ /R:user ] [ /S ] importfile.REG
Export to a (.REG) file:
REGEDIT.EXE [ /L:system ¦ /R:user ] /E exportfile "registry_key"
Compress the registry (Windows 98 only):
REGEDIT.EXE [ /L:system ¦ /R:user ] /C
Parameters:
importfile.REG .REG file to be imported (or "merged")
exportfile File name the information should be written to
"registry_key" Registry key to be exported
e.g. "HKEY_CLASSES\ROOT\*\shell"
/S Silent, i.e. hide confirmation box when importing files
/E Export registry file
/L:system Specify the location of the system.dat to use
/R:user Specify the location of the user.dat to use
/C Compress [filename] (Windows 98 only)
REGEDIT is usually known as a GUI tool to search or edit the Windows registry.
I would not have mentioned it here, however, if it couldn't be used in unattended mode as well.
This page focuses on reading and editing the registry in unattended mode only.
(Microsoft's NT Workstation Resource Kit and NT Server Resource Kit come with REG.EXE, a utility that makes reading (or editing) NT's registry easier
It can read a single key and value directly, without the need for a temporary file.)
Adding and editing (importing) registry entries
Adding items to the registry requires a *.REG file:
REGEDIT /S addsome.REG
The /S switch is optional, it skips the message dialogs before and after the import of the *.REG file.
Removing registry entries
To remove an entire "tree" from the registry using REGEDIT and a .REG file, just add a minus sign before the tree name:
REGEDIT4
[-HKEY_CURRENT_USER\DummyTree]
will remove the entire tree "DummyTree".
To remove an individual item from the registry, place the minus sign after the equal sign:
REGEDIT4
[HKEY_CURRENT_USER\DummyTree]
"ValueToBeRemoved"=-
will remove the individual value "ValueToBeRemoved" from "DummyTree".
More info can be found at Regedit.com's Registry FAQ. How to remove an individual registry key or value using *.INF files and RUNDLL is explained here by Bill James.
Reading (exporting) from the registry
REGEDIT's /E switch can be used to export a registry key:
REGEDIT /E d:\path\filename.REG "HKEY_XXXX\Whatever Key"
This will write the registry key "HKEY_XXXX\Whatever Key" and its subkeys to a file named d:\path\filename.REG
NOTES
TIP: Export a registry key to get an example of the exact required format.
"REGEDIT4" must be at the top followed by a blank line.
A blank line must be at the end of the file.
Multiple keys must be separated by a blank line (not the values, just new keys)
REGEDIT.EXE [ /L:system ¦ /R:user ] [ /S ] importfile.REG
Export to a (.REG) file:
REGEDIT.EXE [ /L:system ¦ /R:user ] /E exportfile "registry_key"
Compress the registry (Windows 98 only):
REGEDIT.EXE [ /L:system ¦ /R:user ] /C
Parameters:
importfile.REG .REG file to be imported (or "merged")
exportfile File name the information should be written to
"registry_key" Registry key to be exported
e.g. "HKEY_CLASSES\ROOT\*\shell"
/S Silent, i.e. hide confirmation box when importing files
/E Export registry file
/L:system Specify the location of the system.dat to use
/R:user Specify the location of the user.dat to use
/C Compress [filename] (Windows 98 only)
REGEDIT is usually known as a GUI tool to search or edit the Windows registry.
I would not have mentioned it here, however, if it couldn't be used in unattended mode as well.
This page focuses on reading and editing the registry in unattended mode only.
(Microsoft's NT Workstation Resource Kit and NT Server Resource Kit come with REG.EXE, a utility that makes reading (or editing) NT's registry easier
It can read a single key and value directly, without the need for a temporary file.)
Adding and editing (importing) registry entries
Adding items to the registry requires a *.REG file:
REGEDIT /S addsome.REG
The /S switch is optional, it skips the message dialogs before and after the import of the *.REG file.
Removing registry entries
To remove an entire "tree" from the registry using REGEDIT and a .REG file, just add a minus sign before the tree name:
REGEDIT4
[-HKEY_CURRENT_USER\DummyTree]
will remove the entire tree "DummyTree".
To remove an individual item from the registry, place the minus sign after the equal sign:
REGEDIT4
[HKEY_CURRENT_USER\DummyTree]
"ValueToBeRemoved"=-
will remove the individual value "ValueToBeRemoved" from "DummyTree".
More info can be found at Regedit.com's Registry FAQ. How to remove an individual registry key or value using *.INF files and RUNDLL is explained here by Bill James.
Reading (exporting) from the registry
REGEDIT's /E switch can be used to export a registry key:
REGEDIT /E d:\path\filename.REG "HKEY_XXXX\Whatever Key"
This will write the registry key "HKEY_XXXX\Whatever Key" and its subkeys to a file named d:\path\filename.REG
NOTES
TIP: Export a registry key to get an example of the exact required format.
"REGEDIT4" must be at the top followed by a blank line.
A blank line must be at the end of the file.
Multiple keys must be separated by a blank line (not the values, just new keys)
Subscribe to:
Posts (Atom)