Help! I changed the Logon properties for Remote procedure Call (RPC) service & can't change back.

W

W

Hi
Sorry for the dramatic subject... I hope it’s a fairly simple thing...


Basically I changed the Logon properties for the RPC service on our PDC from
the original Network Service account to use the Local System account.

I did this to see if it would fix an error I was having with another service
not starting citing a dependency group failed to start & the only thing in the
dependency group is the RPC. So... I thought if I changed the Logon
credentials and it worked I'd have a better clue as to what was wrong... (That
probably sounds very irrational but it made sense at the time). I did have
every intention of changing it back... but... Once I'd rebooted the server I
found that the option to change the Logon type back to a Network Service
account was greyed out... DOH!!! What a shmuck I am... I should have realised
what a dumb thing it was to mess with the RPC anyway I know. I feel like a
n00b. Maybe I am...

Anyway, can someone help me change this back?

I've actually not encountered any errors at all but something tells me the
increased privileges that a Local System account would have are probably a bad
thing. Incidentally the test did not fix the service starting error.

I'm guessing that as the logged on administrator I'm not aloud to change LSA
stuff? Is there a way around this?

Thanks for any help, much appreciated!

W
 
P

Pegasus \(MVP\)

"W" <W@W.org> wrote in message news:part1of1.1.8ok2k3rUm9okSg@ue.ph...
> Hi
> Sorry for the dramatic subject... I hope it's a fairly simple thing...
>
>
> Basically I changed the Logon properties for the RPC service on our PDC
> from
> the original Network Service account to use the Local System account.
>
> I did this to see if it would fix an error I was having with another
> service
> not starting citing a dependency group failed to start & the only thing in
> the
> dependency group is the RPC. So... I thought if I changed the Logon
> credentials and it worked I'd have a better clue as to what was wrong...
> (That
> probably sounds very irrational but it made sense at the time). I did have
> every intention of changing it back... but... Once I'd rebooted the
> server I
> found that the option to change the Logon type back to a Network Service
> account was greyed out... DOH!!! What a shmuck I am... I should have
> realised
> what a dumb thing it was to mess with the RPC anyway I know. I feel like
> a
> n00b. Maybe I am...
>
> Anyway, can someone help me change this back?
>
> I've actually not encountered any errors at all but something tells me the
> increased privileges that a Local System account would have are probably a
> bad
> thing. Incidentally the test did not fix the service starting error.
>
> I'm guessing that as the logged on administrator I'm not aloud to change
> LSA
> stuff? Is there a way around this?
>
> Thanks for any help, much appreciated!
>
> W

If all else fails then you could restore the old registry files from your
backup medium. Make sure to save the current registry files first!
 
M

Mathieu CHATEAU

Hello,

1/change it manually from regedit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs
ObjectName
put back NT AUTHORITY\NetworkService

you may start in Active Directory Mode to try changing it back.
For the Network Service account password, just leave it blank

In case it helps, here is the default registry setting for rpcss:



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="Serves as the endpoint mapper and COM Service Control
Manager. If this service is stopped or disabled, programs using COM or
Remote Procedure Call (RPC) services will not function properly."
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"Group"="COM Infrastructure"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,72,00,70,00,63,00,73,00,73,00,00,00
"ObjectName"="NT AUTHORITY\\NetworkService"
"Start"=dword:00000002
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,02,00,00,00,60,ea,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
00,18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001




--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


"W" <W@W.org> wrote in message news:part1of1.1.8ok2k3rUm9okSg@ue.ph...
> Hi
> Sorry for the dramatic subject... I hope it's a fairly simple thing...
>
>
> Basically I changed the Logon properties for the RPC service on our PDC
> from
> the original Network Service account to use the Local System account.
>
> I did this to see if it would fix an error I was having with another
> service
> not starting citing a dependency group failed to start & the only thing in
> the
> dependency group is the RPC. So... I thought if I changed the Logon
> credentials and it worked I'd have a better clue as to what was wrong...
> (That
> probably sounds very irrational but it made sense at the time). I did have
> every intention of changing it back... but... Once I'd rebooted the
> server I
> found that the option to change the Logon type back to a Network Service
> account was greyed out... DOH!!! What a shmuck I am... I should have
> realised
> what a dumb thing it was to mess with the RPC anyway I know. I feel like
> a
> n00b. Maybe I am...
>
> Anyway, can someone help me change this back?
>
> I've actually not encountered any errors at all but something tells me the
> increased privileges that a Local System account would have are probably a
> bad
> thing. Incidentally the test did not fix the service starting error.
>
> I'm guessing that as the logged on administrator I'm not aloud to change
> LSA
> stuff? Is there a way around this?
>
> Thanks for any help, much appreciated!
>
> W
 
W

W

Thanks for the reply!
I've made the reg changes & the srvices MMC shows the correct info now.
I have to wait till close of business to reboot but I've got a good feeling.

Thanks very much for the help.
I'll post again after I reboot & let you know if it worked.

W


"Mathieu CHATEAU" <gollum123@free.fr> wrote:
>Hello,
>
>1/change it manually from regedit
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs
>ObjectName
>put back NT AUTHORITY\NetworkService
>
>you may start in Active Directory Mode to try changing it back.
>For the Network Service account password, just leave it blank
>
>In case it helps, here is the default registry setting for rpcss:
>
>
>
>Windows Registry Editor Version 5.00
>
>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
>"Description"="Serves as the endpoint mapper and COM Service Control
>Manager. If this service is stopped or disabled, programs using COM or
>Remote Procedure Call (RPC) services will not function properly."
>"DisplayName"="Remote Procedure Call (RPC)"
>"ErrorControl"=dword:00000001
>"Group"="COM Infrastructure"
>"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
> 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
> 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
> 6b,00,20,00,72,00,70,00,63,00,73,00,73,00,00,00
>"ObjectName"="NT AUTHORITY\\NetworkService"
>"Start"=dword:00000002
>"Type"=dword:00000020
>"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
> 00,02,00,00,00,60,ea,00,00
>
>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
>"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
> 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
> 72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
>
>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
>"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
> 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
> 00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
> 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
> 20,02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
> 00,18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,\
> 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
>
>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
>"0"="Root\\LEGACY_RPCSS\\0000"
>"Count"=dword:00000001
>"NextInstance"=dword:00000001
>
>
>
>
>--
>Cordialement,
>Mathieu CHATEAU
>http://lordoftheping.blogspot.com
>
>
>"W" <W@W.org> wrote in message news:part1of1.1.8ok2k3rUm9okSg@ue.ph...
>> Hi
>> Sorry for the dramatic subject... I hope it's a fairly simple thing...
>>
>>
>> Basically I changed the Logon properties for the RPC service on our PDC
>> from
>> the original Network Service account to use the Local System account.
>>
>> I did this to see if it would fix an error I was having with another
>> service
>> not starting citing a dependency group failed to start & the only thing in
>> the
>> dependency group is the RPC. So... I thought if I changed the Logon
>> credentials and it worked I'd have a better clue as to what was wrong...
>> (That
>> probably sounds very irrational but it made sense at the time). I did have
>> every intention of changing it back... but... Once I'd rebooted the
>> server I
>> found that the option to change the Logon type back to a Network Service
>> account was greyed out... DOH!!! What a shmuck I am... I should have
>> realised
>> what a dumb thing it was to mess with the RPC anyway I know. I feel like
>> a
>> n00b. Maybe I am...
>>
>> Anyway, can someone help me change this back?
>>
>> I've actually not encountered any errors at all but something tells me the
>> increased privileges that a Local System account would have are probably a
>> bad
>> thing. Incidentally the test did not fix the service starting error.
>>
>> I'm guessing that as the logged on administrator I'm not aloud to change
>> LSA
>> stuff? Is there a way around this?
>>
>> Thanks for any help, much appreciated!
>>
>> W
 
W

W

All sorted.
100% fine after reboot.

Thanks again for reply

W <W@W.org> wrote:
>Thanks for the reply!
>I've made the reg changes & the srvices MMC shows the correct info now.
>I have to wait till close of business to reboot but I've got a good feeling.
>
>Thanks very much for the help.
>I'll post again after I reboot & let you know if it worked.
>
>W
>
>
>"Mathieu CHATEAU" <gollum123@free.fr> wrote:
>>Hello,
>>
>>1/change it manually from regedit
>>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs
>>ObjectName
>>put back NT AUTHORITY\NetworkService
>>
>>you may start in Active Directory Mode to try changing it back.
>>For the Network Service account password, just leave it blank
>>
>>In case it helps, here is the default registry setting for rpcss:
>>
>>
>>
>>Windows Registry Editor Version 5.00
>>
>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
>>"Description"="Serves as the endpoint mapper and COM Service Control
>>Manager. If this service is stopped or disabled, programs using COM or
>>Remote Procedure Call (RPC) services will not function properly."
>>"DisplayName"="Remote Procedure Call (RPC)"
>>"ErrorControl"=dword:00000001
>>"Group"="COM Infrastructure"
>>"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
>> 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
>> 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
>> 6b,00,20,00,72,00,70,00,63,00,73,00,73,00,00,00
>>"ObjectName"="NT AUTHORITY\\NetworkService"
>>"Start"=dword:00000002
>>"Type"=dword:00000020
>>"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
>> 00,02,00,00,00,60,ea,00,00
>>
>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
>>"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
>> 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
>> 72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
>>
>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
>>"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
>> 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
>> 00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
>> 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
>> 20,02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
>> 00,18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,\
>> 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
>>
>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
>>"0"="Root\\LEGACY_RPCSS\\0000"
>>"Count"=dword:00000001
>>"NextInstance"=dword:00000001
>>
>>
>>
>>
>>--
>>Cordialement,
>>Mathieu CHATEAU
>>http://lordoftheping.blogspot.com
>>
>>
>>"W" <W@W.org> wrote in message news:part1of1.1.8ok2k3rUm9okSg@ue.ph...
>>> Hi
>>> Sorry for the dramatic subject... I hope it's a fairly simple thing...
>>>
>>>
>>> Basically I changed the Logon properties for the RPC service on our PDC
>>> from
>>> the original Network Service account to use the Local System account.
>>>
>>> I did this to see if it would fix an error I was having with another
>>> service
>>> not starting citing a dependency group failed to start & the only thing in
>>> the
>>> dependency group is the RPC. So... I thought if I changed the Logon
>>> credentials and it worked I'd have a better clue as to what was wrong...
>>> (That
>>> probably sounds very irrational but it made sense at the time). I did have
>>> every intention of changing it back... but... Once I'd rebooted the
>>> server I
>>> found that the option to change the Logon type back to a Network Service
>>> account was greyed out... DOH!!! What a shmuck I am... I should have
>>> realised
>>> what a dumb thing it was to mess with the RPC anyway I know. I feel like
>>> a
>>> n00b. Maybe I am...
>>>
>>> Anyway, can someone help me change this back?
>>>
>>> I've actually not encountered any errors at all but something tells me the
>>> increased privileges that a Local System account would have are probably a
>>> bad
>>> thing. Incidentally the test did not fix the service starting error.
>>>
>>> I'm guessing that as the logged on administrator I'm not aloud to change
>>> LSA
>>> stuff? Is there a way around this?
>>>
>>> Thanks for any help, much appreciated!
>>>
>>> W
 
M

Mathieu CHATEAU

Great :)

--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


"W" <W@W.org> wrote in message news:part1of1.1.c9GwHDOwXiwNPw@ue.ph...
> All sorted.
> 100% fine after reboot.
>
> Thanks again for reply
>
> W <W@W.org> wrote:
>>Thanks for the reply!
>>I've made the reg changes & the srvices MMC shows the correct info now.
>>I have to wait till close of business to reboot but I've got a good
>>feeling.
>>
>>Thanks very much for the help.
>>I'll post again after I reboot & let you know if it worked.
>>
>>W
>>
>>
>>"Mathieu CHATEAU" <gollum123@free.fr> wrote:
>>>Hello,
>>>
>>>1/change it manually from regedit
>>>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs
>>>ObjectName
>>>put back NT AUTHORITY\NetworkService
>>>
>>>you may start in Active Directory Mode to try changing it back.
>>>For the Network Service account password, just leave it blank
>>>
>>>In case it helps, here is the default registry setting for rpcss:
>>>
>>>
>>>
>>>Windows Registry Editor Version 5.00
>>>
>>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
>>>"Description"="Serves as the endpoint mapper and COM Service Control
>>>Manager. If this service is stopped or disabled, programs using COM or
>>>Remote Procedure Call (RPC) services will not function properly."
>>>"DisplayName"="Remote Procedure Call (RPC)"
>>>"ErrorControl"=dword:00000001
>>>"Group"="COM Infrastructure"
>>>"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
>>>
>>> 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
>>>
>>> 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
>>> 6b,00,20,00,72,00,70,00,63,00,73,00,73,00,00,00
>>>"ObjectName"="NT AUTHORITY\\NetworkService"
>>>"Start"=dword:00000002
>>>"Type"=dword:00000020
>>>"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
>>> 00,02,00,00,00,60,ea,00,00
>>>
>>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
>>>"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
>>>
>>> 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
>>> 72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
>>>
>>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
>>>"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
>>>
>>> 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
>>>
>>> 00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
>>>
>>> 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
>>>
>>> 20,02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
>>>
>>> 00,18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,\
>>> 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
>>>
>>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
>>>"0"="Root\\LEGACY_RPCSS\\0000"
>>>"Count"=dword:00000001
>>>"NextInstance"=dword:00000001
>>>
>>>
>>>
>>>
>>>--
>>>Cordialement,
>>>Mathieu CHATEAU
>>>http://lordoftheping.blogspot.com
>>>
>>>
>>>"W" <W@W.org> wrote in message news:part1of1.1.8ok2k3rUm9okSg@ue.ph...
>>>> Hi
>>>> Sorry for the dramatic subject... I hope it's a fairly simple thing...
>>>>
>>>>
>>>> Basically I changed the Logon properties for the RPC service on our PDC
>>>> from
>>>> the original Network Service account to use the Local System account.
>>>>
>>>> I did this to see if it would fix an error I was having with another
>>>> service
>>>> not starting citing a dependency group failed to start & the only thing
>>>> in
>>>> the
>>>> dependency group is the RPC. So... I thought if I changed the Logon
>>>> credentials and it worked I'd have a better clue as to what was
>>>> wrong...
>>>> (That
>>>> probably sounds very irrational but it made sense at the time). I did
>>>> have
>>>> every intention of changing it back... but... Once I'd rebooted the
>>>> server I
>>>> found that the option to change the Logon type back to a Network
>>>> Service
>>>> account was greyed out... DOH!!! What a shmuck I am... I should have
>>>> realised
>>>> what a dumb thing it was to mess with the RPC anyway I know. I feel
>>>> like
>>>> a
>>>> n00b. Maybe I am...
>>>>
>>>> Anyway, can someone help me change this back?
>>>>
>>>> I've actually not encountered any errors at all but something tells me
>>>> the
>>>> increased privileges that a Local System account would have are
>>>> probably a
>>>> bad
>>>> thing. Incidentally the test did not fix the service starting error.
>>>>
>>>> I'm guessing that as the logged on administrator I'm not aloud to
>>>> change
>>>> LSA
>>>> stuff? Is there a way around this?
>>>>
>>>> Thanks for any help, much appreciated!
>>>>
>>>> W
>
 
M

Mathieu CHATEAU

I do not blame you, but i hope you learned something about trying
unsecure/managed/known changes directly on production server.

You should install Microsoft Virtual PC 2007 + trial windows in VM to test
stuff before

just my 2 cents, do not become angry )

--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


"W" <W@W.org> wrote in message news:part1of1.1.c9GwHDOwXiwNPw@ue.ph...
> All sorted.
> 100% fine after reboot.
>
> Thanks again for reply
>
> W <W@W.org> wrote:
>>Thanks for the reply!
>>I've made the reg changes & the srvices MMC shows the correct info now.
>>I have to wait till close of business to reboot but I've got a good
>>feeling.
>>
>>Thanks very much for the help.
>>I'll post again after I reboot & let you know if it worked.
>>
>>W
>>
>>
>>"Mathieu CHATEAU" <gollum123@free.fr> wrote:
>>>Hello,
>>>
>>>1/change it manually from regedit
>>>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs
>>>ObjectName
>>>put back NT AUTHORITY\NetworkService
>>>
>>>you may start in Active Directory Mode to try changing it back.
>>>For the Network Service account password, just leave it blank
>>>
>>>In case it helps, here is the default registry setting for rpcss:
>>>
>>>
>>>
>>>Windows Registry Editor Version 5.00
>>>
>>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
>>>"Description"="Serves as the endpoint mapper and COM Service Control
>>>Manager. If this service is stopped or disabled, programs using COM or
>>>Remote Procedure Call (RPC) services will not function properly."
>>>"DisplayName"="Remote Procedure Call (RPC)"
>>>"ErrorControl"=dword:00000001
>>>"Group"="COM Infrastructure"
>>>"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
>>>
>>> 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
>>>
>>> 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
>>> 6b,00,20,00,72,00,70,00,63,00,73,00,73,00,00,00
>>>"ObjectName"="NT AUTHORITY\\NetworkService"
>>>"Start"=dword:00000002
>>>"Type"=dword:00000020
>>>"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
>>> 00,02,00,00,00,60,ea,00,00
>>>
>>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
>>>"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
>>>
>>> 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
>>> 72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
>>>
>>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
>>>"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
>>>
>>> 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
>>>
>>> 00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
>>>
>>> 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
>>>
>>> 20,02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
>>>
>>> 00,18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,\
>>> 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
>>>
>>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
>>>"0"="Root\\LEGACY_RPCSS\\0000"
>>>"Count"=dword:00000001
>>>"NextInstance"=dword:00000001
>>>
>>>
>>>
>>>
>>>--
>>>Cordialement,
>>>Mathieu CHATEAU
>>>http://lordoftheping.blogspot.com
>>>
>>>
>>>"W" <W@W.org> wrote in message news:part1of1.1.8ok2k3rUm9okSg@ue.ph...
>>>> Hi
>>>> Sorry for the dramatic subject... I hope it's a fairly simple thing...
>>>>
>>>>
>>>> Basically I changed the Logon properties for the RPC service on our PDC
>>>> from
>>>> the original Network Service account to use the Local System account.
>>>>
>>>> I did this to see if it would fix an error I was having with another
>>>> service
>>>> not starting citing a dependency group failed to start & the only thing
>>>> in
>>>> the
>>>> dependency group is the RPC. So... I thought if I changed the Logon
>>>> credentials and it worked I'd have a better clue as to what was
>>>> wrong...
>>>> (That
>>>> probably sounds very irrational but it made sense at the time). I did
>>>> have
>>>> every intention of changing it back... but... Once I'd rebooted the
>>>> server I
>>>> found that the option to change the Logon type back to a Network
>>>> Service
>>>> account was greyed out... DOH!!! What a shmuck I am... I should have
>>>> realised
>>>> what a dumb thing it was to mess with the RPC anyway I know. I feel
>>>> like
>>>> a
>>>> n00b. Maybe I am...
>>>>
>>>> Anyway, can someone help me change this back?
>>>>
>>>> I've actually not encountered any errors at all but something tells me
>>>> the
>>>> increased privileges that a Local System account would have are
>>>> probably a
>>>> bad
>>>> thing. Incidentally the test did not fix the service starting error.
>>>>
>>>> I'm guessing that as the logged on administrator I'm not aloud to
>>>> change
>>>> LSA
>>>> stuff? Is there a way around this?
>>>>
>>>> Thanks for any help, much appreciated!
>>>>
>>>> W
>
 
W

W

Sure did learn something ) or rather, reminded myself of something I had
learned...
Top advice re: VMing the environment, I agree 100%
If only I could VM the wife & I's "discussions" as well )

All the best & thanks again

W


"Mathieu CHATEAU" <gollum123@free.fr> wrote:
>I do not blame you, but i hope you learned something about trying
>unsecure/managed/known changes directly on production server.
>
>You should install Microsoft Virtual PC 2007 + trial windows in VM to test
>stuff before
>
>just my 2 cents, do not become angry )
>
>--
>Cordialement,
>Mathieu CHATEAU
>http://lordoftheping.blogspot.com
>
>
>"W" <W@W.org> wrote in message news:part1of1.1.c9GwHDOwXiwNPw@ue.ph...
>> All sorted.
>> 100% fine after reboot.
>>
>> Thanks again for reply
>>
>> W <W@W.org> wrote:
>>>Thanks for the reply!
>>>I've made the reg changes & the srvices MMC shows the correct info now.
>>>I have to wait till close of business to reboot but I've got a good
>>>feeling.
>>>
>>>Thanks very much for the help.
>>>I'll post again after I reboot & let you know if it worked.
>>>
>>>W
>>>
>>>
>>>"Mathieu CHATEAU" <gollum123@free.fr> wrote:
>>>>Hello,
>>>>
>>>>1/change it manually from regedit
>>>>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs
>>>>ObjectName
>>>>put back NT AUTHORITY\NetworkService
>>>>
>>>>you may start in Active Directory Mode to try changing it back.
>>>>For the Network Service account password, just leave it blank
>>>>
>>>>In case it helps, here is the default registry setting for rpcss:
>>>>
>>>>
>>>>
>>>>Windows Registry Editor Version 5.00
>>>>
>>>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
>>>>"Description"="Serves as the endpoint mapper and COM Service Control
>>>>Manager. If this service is stopped or disabled, programs using COM or
>>>>Remote Procedure Call (RPC) services will not function properly."
>>>>"DisplayName"="Remote Procedure Call (RPC)"
>>>>"ErrorControl"=dword:00000001
>>>>"Group"="COM Infrastructure"
>>>>"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
>>>>
>>>>
>>>>74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
>>>>
>>>>
>>>>00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
>>>> 6b,00,20,00,72,00,70,00,63,00,73,00,73,00,00,00
>>>>"ObjectName"="NT AUTHORITY\\NetworkService"
>>>>"Start"=dword:00000002
>>>>"Type"=dword:00000020
>>>>"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
>>>> 00,02,00,00,00,60,ea,00,00
>>>>
>>>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
>>>>"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
>>>>
>>>>
>>>>00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
>>>> 72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
>>>>
>>>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
>>>>"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
>>>>
>>>>
>>>>00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
>>>>
>>>>
>>>>00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
>>>>
>>>>
>>>>05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
>>>>
>>>>
>>>>20,02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
>>>>
>>>>
>>>>00,18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,\
>>>> 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
>>>>
>>>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
>>>>"0"="Root\\LEGACY_RPCSS\\0000"
>>>>"Count"=dword:00000001
>>>>"NextInstance"=dword:00000001
>>>>
>>>>
>>>>
>>>>
>>>>--
>>>>Cordialement,
>>>>Mathieu CHATEAU
>>>>http://lordoftheping.blogspot.com
>>>>
>>>>
>>>>"W" <W@W.org> wrote in message news:part1of1.1.8ok2k3rUm9okSg@ue.ph...
>>>>> Hi
>>>>> Sorry for the dramatic subject... I hope it's a fairly simple thing...
>>>>>
>>>>>
>>>>> Basically I changed the Logon properties for the RPC service on our PDC
>>>>> from
>>>>> the original Network Service account to use the Local System account.
>>>>>
>>>>> I did this to see if it would fix an error I was having with another
>>>>> service
>>>>> not starting citing a dependency group failed to start & the only thing
>>>>> in
>>>>> the
>>>>> dependency group is the RPC. So... I thought if I changed the Logon
>>>>> credentials and it worked I'd have a better clue as to what was
>>>>> wrong...
>>>>> (That
>>>>> probably sounds very irrational but it made sense at the time). I did
>>>>> have
>>>>> every intention of changing it back... but... Once I'd rebooted the
>>>>> server I
>>>>> found that the option to change the Logon type back to a Network
>>>>> Service
>>>>> account was greyed out... DOH!!! What a shmuck I am... I should have
>>>>> realised
>>>>> what a dumb thing it was to mess with the RPC anyway I know. I feel
>>>>> like
>>>>> a
>>>>> n00b. Maybe I am...
>>>>>
>>>>> Anyway, can someone help me change this back?
>>>>>
>>>>> I've actually not encountered any errors at all but something tells me
>>>>> the
>>>>> increased privileges that a Local System account would have are
>>>>> probably a
>>>>> bad
>>>>> thing. Incidentally the test did not fix the service starting error.
>>>>>
>>>>> I'm guessing that as the logged on administrator I'm not aloud to
>>>>> change
>>>>> LSA
>>>>> stuff? Is there a way around this?
>>>>>
>>>>> Thanks for any help, much appreciated!
>>>>>
>>>>> W
>>
 
You must log in or register to reply here.

Similar threads

E
Windows Installer service not starting
Replies
0
Views
46
Elan Rosenberg
E
D
Can someone help with "The network is not present or not started" and Error 1075: The dependency service does not exist or has been marked for deletio
Replies
0
Views
28
DMTx_013
D
G
Unable to change hacked account's email! I recovered my account by getting a password reset BUT I can't change the email the hacker put in my account
Replies
0
Views
58
Gavin888
G
C
The age on my account has changed to my sons. I cannot change it back
Replies
0
Views
64
Charli Johnson
C
C
The age on my account has changed to my sons. I cannot change it back
Replies
0
Views
56
Charli Johnson
C
Back
Top Bottom