Reg command

M

Mike

I am trying to load a user hive from a UNC path. When I do this I get access
denied. I can do this from a Windows XP machine. If I copy the file locally
I can the load the hive. What is preventing me from loading it through a UNC
path?
 
S

Spenceation

If you are running this on the command prompt make sure you are using either
the Run As command, or run the command prompt with admin privlileges. UAC
will not appear during the command prompt.

"Mike" wrote:

> I am trying to load a user hive from a UNC path. When I do this I get access
> denied. I can do this from a Windows XP machine. If I copy the file locally
> I can the load the hive. What is preventing me from loading it through a UNC
> path?
 
M

Mike

I am running this with admin privileges. I turned off UAC as well. This
problem is even reproduced with Regedit.

Open Regedit and select HKLM
Click File and Load Hive
Navigate to a NTUSER.DAT file located on a network share
Give the key a name and select OK.
Access denied.

Is this a new security feature with Vista and if so how do you undo it?

"Spenceation" wrote:

> If you are running this on the command prompt make sure you are using either
> the Run As command, or run the command prompt with admin privlileges. UAC
> will not appear during the command prompt.
>
> "Mike" wrote:
>
> > I am trying to load a user hive from a UNC path. When I do this I get access
> > denied. I can do this from a Windows XP machine. If I copy the file locally
> > I can the load the hive. What is preventing me from loading it through a UNC
> > path?
 
S

Spenceation

Try running this command with the actual administrator account, this account
bypasses alot of UAC and vista restrictions.

"Mike" wrote:

> I am running this with admin privileges. I turned off UAC as well. This
> problem is even reproduced with Regedit.
>
> Open Regedit and select HKLM
> Click File and Load Hive
> Navigate to a NTUSER.DAT file located on a network share
> Give the key a name and select OK.
> Access denied.
>
> Is this a new security feature with Vista and if so how do you undo it?
>
> "Spenceation" wrote:
>
> > If you are running this on the command prompt make sure you are using either
> > the Run As command, or run the command prompt with admin privlileges. UAC
> > will not appear during the command prompt.
> >
> > "Mike" wrote:
> >
> > > I am trying to load a user hive from a UNC path. When I do this I get access
> > > denied. I can do this from a Windows XP machine. If I copy the file locally
> > > I can the load the hive. What is preventing me from loading it through a UNC
> > > path?
 
M

Mike

UAC is turned off

"Spenceation" wrote:

> Try running this command with the actual administrator account, this account
> bypasses alot of UAC and vista restrictions.
>
> "Mike" wrote:
>
> > I am running this with admin privileges. I turned off UAC as well. This
> > problem is even reproduced with Regedit.
> >
> > Open Regedit and select HKLM
> > Click File and Load Hive
> > Navigate to a NTUSER.DAT file located on a network share
> > Give the key a name and select OK.
> > Access denied.
> >
> > Is this a new security feature with Vista and if so how do you undo it?
> >
> > "Spenceation" wrote:
> >
> > > If you are running this on the command prompt make sure you are using either
> > > the Run As command, or run the command prompt with admin privlileges. UAC
> > > will not appear during the command prompt.
> > >
> > > "Mike" wrote:
> > >
> > > > I am trying to load a user hive from a UNC path. When I do this I get access
> > > > denied. I can do this from a Windows XP machine. If I copy the file locally
> > > > I can the load the hive. What is preventing me from loading it through a UNC
> > > > path?
 
D

dean-dean

For lack of a better idea, try this. Navigate to C:\Windows\ and
right-click on regedit.exe. Choose Run as Administrator.


"Mike" <Mike@discussions.microsoft.com> wrote in message
news:C83D2887-F1A2-4CF1-9008-C7F155E09582@microsoft.com...
> UAC is turned off
>
> "Spenceation" wrote:
>
>> Try running this command with the actual administrator account, this
>> account
>> bypasses alot of UAC and vista restrictions.
>>
>> "Mike" wrote:
>>
>> > I am running this with admin privileges. I turned off UAC as well.
>> > This
>> > problem is even reproduced with Regedit.
>> >
>> > Open Regedit and select HKLM
>> > Click File and Load Hive
>> > Navigate to a NTUSER.DAT file located on a network share
>> > Give the key a name and select OK.
>> > Access denied.
>> >
>> > Is this a new security feature with Vista and if so how do you undo it?
>> >
>> > "Spenceation" wrote:
>> >
>> > > If you are running this on the command prompt make sure you are using
>> > > either
>> > > the Run As command, or run the command prompt with admin privlileges.
>> > > UAC
>> > > will not appear during the command prompt.
>> > >
>> > > "Mike" wrote:
>> > >
>> > > > I am trying to load a user hive from a UNC path. When I do this I
>> > > > get access
>> > > > denied. I can do this from a Windows XP machine. If I copy the
>> > > > file locally
>> > > > I can the load the hive. What is preventing me from loading it
>> > > > through a UNC
>> > > > path?
 
M

Mike

Same result.

I think it has something to do with a policy from somewhere. What I mean.
I have a Vista and XP machine in the same OU with the same policy being
applied to them both. I can load a registry hive under XP but not Vista. I
then made a RDP connection to a Vista machine off our domain. Opened Regedit
and repeated the same steps and I can load the registry hive. Do you think
it has anything to do with a trusted path that Vista looks at more closely
than XP did?

"dean-dean" wrote:

> For lack of a better idea, try this. Navigate to C:\Windows\ and
> right-click on regedit.exe. Choose Run as Administrator.
>
>
> "Mike" <Mike@discussions.microsoft.com> wrote in message
> news:C83D2887-F1A2-4CF1-9008-C7F155E09582@microsoft.com...
> > UAC is turned off
> >
> > "Spenceation" wrote:
> >
> >> Try running this command with the actual administrator account, this
> >> account
> >> bypasses alot of UAC and vista restrictions.
> >>
> >> "Mike" wrote:
> >>
> >> > I am running this with admin privileges. I turned off UAC as well.
> >> > This
> >> > problem is even reproduced with Regedit.
> >> >
> >> > Open Regedit and select HKLM
> >> > Click File and Load Hive
> >> > Navigate to a NTUSER.DAT file located on a network share
> >> > Give the key a name and select OK.
> >> > Access denied.
> >> >
> >> > Is this a new security feature with Vista and if so how do you undo it?
> >> >
> >> > "Spenceation" wrote:
> >> >
> >> > > If you are running this on the command prompt make sure you are using
> >> > > either
> >> > > the Run As command, or run the command prompt with admin privlileges.
> >> > > UAC
> >> > > will not appear during the command prompt.
> >> > >
> >> > > "Mike" wrote:
> >> > >
> >> > > > I am trying to load a user hive from a UNC path. When I do this I
> >> > > > get access
> >> > > > denied. I can do this from a Windows XP machine. If I copy the
> >> > > > file locally
> >> > > > I can the load the hive. What is preventing me from loading it
> >> > > > through a UNC
> >> > > > path?
>
>
 
S

Spenceation

Are you trying to load this hive over the network? Vista does restrict
certain registry paths from being editted remotely.

System\CurrentControlSet\Control\Print\Printers
System\CurrentControlSet\Services\Eventlog
Software\Microsoft\OLAP Server
Software\Microsoft\Windows NT\CurrentVersion\Print
Software\Microsoft\Windows NT\CurrentVersion\Windows
System\CurrentControlSet\Control\ContentIndex
System\CurrentControlSet\Control\Terminal Server
System\CurrentControlSet\Control\Terminal Server\UserConfig
System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
Software\Microsoft\Windows NT\CurrentVersion\Perflib
System\CurrentControlSet\Services\SysmonLog

These paths are allowed to be remotely accessible and their sub-paths. These
settings are stored in the security settings of group poilicy under:
Network Access: Remotely accessible registry paths and sub-paths
Since the machines share the same OU try running a Result of Policies to see
if any settings differ. Also open Regedit and right click on the hive that
you are editting and select permissions. The default permissions might be
different on this machine due to the OUs or other reasons. If your account
has permissions and you are locally logged in, you should be able to edit the
registry without error.


"Mike" wrote:

> Same result.
>
> I think it has something to do with a policy from somewhere. What I mean.
> I have a Vista and XP machine in the same OU with the same policy being
> applied to them both. I can load a registry hive under XP but not Vista. I
> then made a RDP connection to a Vista machine off our domain. Opened Regedit
> and repeated the same steps and I can load the registry hive. Do you think
> it has anything to do with a trusted path that Vista looks at more closely
> than XP did?
>
> "dean-dean" wrote:
>
> > For lack of a better idea, try this. Navigate to C:\Windows\ and
> > right-click on regedit.exe. Choose Run as Administrator.
> >
> >
> > "Mike" <Mike@discussions.microsoft.com> wrote in message
> > news:C83D2887-F1A2-4CF1-9008-C7F155E09582@microsoft.com...
> > > UAC is turned off
> > >
> > > "Spenceation" wrote:
> > >
> > >> Try running this command with the actual administrator account, this
> > >> account
> > >> bypasses alot of UAC and vista restrictions.
> > >>
> > >> "Mike" wrote:
> > >>
> > >> > I am running this with admin privileges. I turned off UAC as well.
> > >> > This
> > >> > problem is even reproduced with Regedit.
> > >> >
> > >> > Open Regedit and select HKLM
> > >> > Click File and Load Hive
> > >> > Navigate to a NTUSER.DAT file located on a network share
> > >> > Give the key a name and select OK.
> > >> > Access denied.
> > >> >
> > >> > Is this a new security feature with Vista and if so how do you undo it?
> > >> >
> > >> > "Spenceation" wrote:
> > >> >
> > >> > > If you are running this on the command prompt make sure you are using
> > >> > > either
> > >> > > the Run As command, or run the command prompt with admin privlileges.
> > >> > > UAC
> > >> > > will not appear during the command prompt.
> > >> > >
> > >> > > "Mike" wrote:
> > >> > >
> > >> > > > I am trying to load a user hive from a UNC path. When I do this I
> > >> > > > get access
> > >> > > > denied. I can do this from a Windows XP machine. If I copy the
> > >> > > > file locally
> > >> > > > I can the load the hive. What is preventing me from loading it
> > >> > > > through a UNC
> > >> > > > path?
> >
> >
 
M

Mike

Not to be dense here but I can't find Computer Configuration\Windows
Settings\Security Settings\Network Access Protection

Under Security Settings
-Account Policies
-Local Policies
-Windows Firewall with Advanced Security
-Public Key Policies
-Software Restriction Policies
-IP Security Policies on Local Computer

What am I missing?


"Spenceation" wrote:

> Are you trying to load this hive over the network? Vista does restrict
> certain registry paths from being editted remotely.
>
> System\CurrentControlSet\Control\Print\Printers
> System\CurrentControlSet\Services\Eventlog
> Software\Microsoft\OLAP Server
> Software\Microsoft\Windows NT\CurrentVersion\Print
> Software\Microsoft\Windows NT\CurrentVersion\Windows
> System\CurrentControlSet\Control\ContentIndex
> System\CurrentControlSet\Control\Terminal Server
> System\CurrentControlSet\Control\Terminal Server\UserConfig
> System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
> Software\Microsoft\Windows NT\CurrentVersion\Perflib
> System\CurrentControlSet\Services\SysmonLog
>
> These paths are allowed to be remotely accessible and their sub-paths. These
> settings are stored in the security settings of group poilicy under:
> Network Access: Remotely accessible registry paths and sub-paths
> Since the machines share the same OU try running a Result of Policies to see
> if any settings differ. Also open Regedit and right click on the hive that
> you are editting and select permissions. The default permissions might be
> different on this machine due to the OUs or other reasons. If your account
> has permissions and you are locally logged in, you should be able to edit the
> registry without error.
>
>
> "Mike" wrote:
>
> > Same result.
> >
> > I think it has something to do with a policy from somewhere. What I mean.
> > I have a Vista and XP machine in the same OU with the same policy being
> > applied to them both. I can load a registry hive under XP but not Vista. I
> > then made a RDP connection to a Vista machine off our domain. Opened Regedit
> > and repeated the same steps and I can load the registry hive. Do you think
> > it has anything to do with a trusted path that Vista looks at more closely
> > than XP did?
> >
> > "dean-dean" wrote:
> >
> > > For lack of a better idea, try this. Navigate to C:\Windows\ and
> > > right-click on regedit.exe. Choose Run as Administrator.
> > >
> > >
> > > "Mike" <Mike@discussions.microsoft.com> wrote in message
> > > news:C83D2887-F1A2-4CF1-9008-C7F155E09582@microsoft.com...
> > > > UAC is turned off
> > > >
> > > > "Spenceation" wrote:
> > > >
> > > >> Try running this command with the actual administrator account, this
> > > >> account
> > > >> bypasses alot of UAC and vista restrictions.
> > > >>
> > > >> "Mike" wrote:
> > > >>
> > > >> > I am running this with admin privileges. I turned off UAC as well.
> > > >> > This
> > > >> > problem is even reproduced with Regedit.
> > > >> >
> > > >> > Open Regedit and select HKLM
> > > >> > Click File and Load Hive
> > > >> > Navigate to a NTUSER.DAT file located on a network share
> > > >> > Give the key a name and select OK.
> > > >> > Access denied.
> > > >> >
> > > >> > Is this a new security feature with Vista and if so how do you undo it?
> > > >> >
> > > >> > "Spenceation" wrote:
> > > >> >
> > > >> > > If you are running this on the command prompt make sure you are using
> > > >> > > either
> > > >> > > the Run As command, or run the command prompt with admin privlileges.
> > > >> > > UAC
> > > >> > > will not appear during the command prompt.
> > > >> > >
> > > >> > > "Mike" wrote:
> > > >> > >
> > > >> > > > I am trying to load a user hive from a UNC path. When I do this I
> > > >> > > > get access
> > > >> > > > denied. I can do this from a Windows XP machine. If I copy the
> > > >> > > > file locally
> > > >> > > > I can the load the hive. What is preventing me from loading it
> > > >> > > > through a UNC
> > > >> > > > path?
> > >
> > >
 
S

Spenceation

Go to Local Policies then Security Options. the User Rights Assignment folder
will assign rights to users and Security Options enables or disables computer
security settings.

"Mike" wrote:

> Not to be dense here but I can't find Computer Configuration\Windows
> Settings\Security Settings\Network Access Protection
>
> Under Security Settings
> -Account Policies
> -Local Policies
> -Windows Firewall with Advanced Security
> -Public Key Policies
> -Software Restriction Policies
> -IP Security Policies on Local Computer
>
> What am I missing?
>
>
> "Spenceation" wrote:
>
> > Are you trying to load this hive over the network? Vista does restrict
> > certain registry paths from being editted remotely.
> >
> > System\CurrentControlSet\Control\Print\Printers
> > System\CurrentControlSet\Services\Eventlog
> > Software\Microsoft\OLAP Server
> > Software\Microsoft\Windows NT\CurrentVersion\Print
> > Software\Microsoft\Windows NT\CurrentVersion\Windows
> > System\CurrentControlSet\Control\ContentIndex
> > System\CurrentControlSet\Control\Terminal Server
> > System\CurrentControlSet\Control\Terminal Server\UserConfig
> > System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
> > Software\Microsoft\Windows NT\CurrentVersion\Perflib
> > System\CurrentControlSet\Services\SysmonLog
> >
> > These paths are allowed to be remotely accessible and their sub-paths. These
> > settings are stored in the security settings of group poilicy under:
> > Network Access: Remotely accessible registry paths and sub-paths
> > Since the machines share the same OU try running a Result of Policies to see
> > if any settings differ. Also open Regedit and right click on the hive that
> > you are editting and select permissions. The default permissions might be
> > different on this machine due to the OUs or other reasons. If your account
> > has permissions and you are locally logged in, you should be able to edit the
> > registry without error.
> >
> >
> > "Mike" wrote:
> >
> > > Same result.
> > >
> > > I think it has something to do with a policy from somewhere. What I mean.
> > > I have a Vista and XP machine in the same OU with the same policy being
> > > applied to them both. I can load a registry hive under XP but not Vista. I
> > > then made a RDP connection to a Vista machine off our domain. Opened Regedit
> > > and repeated the same steps and I can load the registry hive. Do you think
> > > it has anything to do with a trusted path that Vista looks at more closely
> > > than XP did?
> > >
> > > "dean-dean" wrote:
> > >
> > > > For lack of a better idea, try this. Navigate to C:\Windows\ and
> > > > right-click on regedit.exe. Choose Run as Administrator.
> > > >
> > > >
> > > > "Mike" <Mike@discussions.microsoft.com> wrote in message
> > > > news:C83D2887-F1A2-4CF1-9008-C7F155E09582@microsoft.com...
> > > > > UAC is turned off
> > > > >
> > > > > "Spenceation" wrote:
> > > > >
> > > > >> Try running this command with the actual administrator account, this
> > > > >> account
> > > > >> bypasses alot of UAC and vista restrictions.
> > > > >>
> > > > >> "Mike" wrote:
> > > > >>
> > > > >> > I am running this with admin privileges. I turned off UAC as well.
> > > > >> > This
> > > > >> > problem is even reproduced with Regedit.
> > > > >> >
> > > > >> > Open Regedit and select HKLM
> > > > >> > Click File and Load Hive
> > > > >> > Navigate to a NTUSER.DAT file located on a network share
> > > > >> > Give the key a name and select OK.
> > > > >> > Access denied.
> > > > >> >
> > > > >> > Is this a new security feature with Vista and if so how do you undo it?
> > > > >> >
> > > > >> > "Spenceation" wrote:
> > > > >> >
> > > > >> > > If you are running this on the command prompt make sure you are using
> > > > >> > > either
> > > > >> > > the Run As command, or run the command prompt with admin privlileges.
> > > > >> > > UAC
> > > > >> > > will not appear during the command prompt.
> > > > >> > >
> > > > >> > > "Mike" wrote:
> > > > >> > >
> > > > >> > > > I am trying to load a user hive from a UNC path. When I do this I
> > > > >> > > > get access
> > > > >> > > > denied. I can do this from a Windows XP machine. If I copy the
> > > > >> > > > file locally
> > > > >> > > > I can the load the hive. What is preventing me from loading it
> > > > >> > > > through a UNC
> > > > >> > > > path?
> > > >
> > > >
 
M

Mike

Found it. XP does not contain Network access: Remotely accessible registry
paths and subpaths. So this is probably blocking me. So if I understand
this correctly, this list provides which keys can be editted when you load a
hive. When a user's hive is loaded (NTUSER.DAT), is it then scanned to see
if there isn't anything violating the list? If so, you get access denied?

"Spenceation" wrote:

> Go to Local Policies then Security Options. the User Rights Assignment folder
> will assign rights to users and Security Options enables or disables computer
> security settings.
>
> "Mike" wrote:
>
> > Not to be dense here but I can't find Computer Configuration\Windows
> > Settings\Security Settings\Network Access Protection
> >
> > Under Security Settings
> > -Account Policies
> > -Local Policies
> > -Windows Firewall with Advanced Security
> > -Public Key Policies
> > -Software Restriction Policies
> > -IP Security Policies on Local Computer
> >
> > What am I missing?
> >
> >
> > "Spenceation" wrote:
> >
> > > Are you trying to load this hive over the network? Vista does restrict
> > > certain registry paths from being editted remotely.
> > >
> > > System\CurrentControlSet\Control\Print\Printers
> > > System\CurrentControlSet\Services\Eventlog
> > > Software\Microsoft\OLAP Server
> > > Software\Microsoft\Windows NT\CurrentVersion\Print
> > > Software\Microsoft\Windows NT\CurrentVersion\Windows
> > > System\CurrentControlSet\Control\ContentIndex
> > > System\CurrentControlSet\Control\Terminal Server
> > > System\CurrentControlSet\Control\Terminal Server\UserConfig
> > > System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
> > > Software\Microsoft\Windows NT\CurrentVersion\Perflib
> > > System\CurrentControlSet\Services\SysmonLog
> > >
> > > These paths are allowed to be remotely accessible and their sub-paths. These
> > > settings are stored in the security settings of group poilicy under:
> > > Network Access: Remotely accessible registry paths and sub-paths
> > > Since the machines share the same OU try running a Result of Policies to see
> > > if any settings differ. Also open Regedit and right click on the hive that
> > > you are editting and select permissions. The default permissions might be
> > > different on this machine due to the OUs or other reasons. If your account
> > > has permissions and you are locally logged in, you should be able to edit the
> > > registry without error.
> > >
> > >
> > > "Mike" wrote:
> > >
> > > > Same result.
> > > >
> > > > I think it has something to do with a policy from somewhere. What I mean.
> > > > I have a Vista and XP machine in the same OU with the same policy being
> > > > applied to them both. I can load a registry hive under XP but not Vista. I
> > > > then made a RDP connection to a Vista machine off our domain. Opened Regedit
> > > > and repeated the same steps and I can load the registry hive. Do you think
> > > > it has anything to do with a trusted path that Vista looks at more closely
> > > > than XP did?
> > > >
> > > > "dean-dean" wrote:
> > > >
> > > > > For lack of a better idea, try this. Navigate to C:\Windows\ and
> > > > > right-click on regedit.exe. Choose Run as Administrator.
> > > > >
> > > > >
> > > > > "Mike" <Mike@discussions.microsoft.com> wrote in message
> > > > > news:C83D2887-F1A2-4CF1-9008-C7F155E09582@microsoft.com...
> > > > > > UAC is turned off
> > > > > >
> > > > > > "Spenceation" wrote:
> > > > > >
> > > > > >> Try running this command with the actual administrator account, this
> > > > > >> account
> > > > > >> bypasses alot of UAC and vista restrictions.
> > > > > >>
> > > > > >> "Mike" wrote:
> > > > > >>
> > > > > >> > I am running this with admin privileges. I turned off UAC as well.
> > > > > >> > This
> > > > > >> > problem is even reproduced with Regedit.
> > > > > >> >
> > > > > >> > Open Regedit and select HKLM
> > > > > >> > Click File and Load Hive
> > > > > >> > Navigate to a NTUSER.DAT file located on a network share
> > > > > >> > Give the key a name and select OK.
> > > > > >> > Access denied.
> > > > > >> >
> > > > > >> > Is this a new security feature with Vista and if so how do you undo it?
> > > > > >> >
> > > > > >> > "Spenceation" wrote:
> > > > > >> >
> > > > > >> > > If you are running this on the command prompt make sure you are using
> > > > > >> > > either
> > > > > >> > > the Run As command, or run the command prompt with admin privlileges.
> > > > > >> > > UAC
> > > > > >> > > will not appear during the command prompt.
> > > > > >> > >
> > > > > >> > > "Mike" wrote:
> > > > > >> > >
> > > > > >> > > > I am trying to load a user hive from a UNC path. When I do this I
> > > > > >> > > > get access
> > > > > >> > > > denied. I can do this from a Windows XP machine. If I copy the
> > > > > >> > > > file locally
> > > > > >> > > > I can the load the hive. What is preventing me from loading it
> > > > > >> > > > through a UNC
> > > > > >> > > > path?
> > > > >
> > > > >
 
S

Spenceation

Correct. Any other registry hives will be blocked if it isn't listed or a
sub-path of a hive on that list remotely. If you are applying this to
multiple machines, try one first and then see the results. Hopefully this
will fix it. Let me know, I'm curious if that is what is blocking it.

"Spenceation" wrote:

> Go to Local Policies then Security Options. the User Rights Assignment folder
> will assign rights to users and Security Options enables or disables computer
> security settings.
>
> "Mike" wrote:
>
> > Not to be dense here but I can't find Computer Configuration\Windows
> > Settings\Security Settings\Network Access Protection
> >
> > Under Security Settings
> > -Account Policies
> > -Local Policies
> > -Windows Firewall with Advanced Security
> > -Public Key Policies
> > -Software Restriction Policies
> > -IP Security Policies on Local Computer
> >
> > What am I missing?
> >
> >
> > "Spenceation" wrote:
> >
> > > Are you trying to load this hive over the network? Vista does restrict
> > > certain registry paths from being editted remotely.
> > >
> > > System\CurrentControlSet\Control\Print\Printers
> > > System\CurrentControlSet\Services\Eventlog
> > > Software\Microsoft\OLAP Server
> > > Software\Microsoft\Windows NT\CurrentVersion\Print
> > > Software\Microsoft\Windows NT\CurrentVersion\Windows
> > > System\CurrentControlSet\Control\ContentIndex
> > > System\CurrentControlSet\Control\Terminal Server
> > > System\CurrentControlSet\Control\Terminal Server\UserConfig
> > > System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
> > > Software\Microsoft\Windows NT\CurrentVersion\Perflib
> > > System\CurrentControlSet\Services\SysmonLog
> > >
> > > These paths are allowed to be remotely accessible and their sub-paths. These
> > > settings are stored in the security settings of group poilicy under:
> > > Network Access: Remotely accessible registry paths and sub-paths
> > > Since the machines share the same OU try running a Result of Policies to see
> > > if any settings differ. Also open Regedit and right click on the hive that
> > > you are editting and select permissions. The default permissions might be
> > > different on this machine due to the OUs or other reasons. If your account
> > > has permissions and you are locally logged in, you should be able to edit the
> > > registry without error.
> > >
> > >
> > > "Mike" wrote:
> > >
> > > > Same result.
> > > >
> > > > I think it has something to do with a policy from somewhere. What I mean.
> > > > I have a Vista and XP machine in the same OU with the same policy being
> > > > applied to them both. I can load a registry hive under XP but not Vista. I
> > > > then made a RDP connection to a Vista machine off our domain. Opened Regedit
> > > > and repeated the same steps and I can load the registry hive. Do you think
> > > > it has anything to do with a trusted path that Vista looks at more closely
> > > > than XP did?
> > > >
> > > > "dean-dean" wrote:
> > > >
> > > > > For lack of a better idea, try this. Navigate to C:\Windows\ and
> > > > > right-click on regedit.exe. Choose Run as Administrator.
> > > > >
> > > > >
> > > > > "Mike" <Mike@discussions.microsoft.com> wrote in message
> > > > > news:C83D2887-F1A2-4CF1-9008-C7F155E09582@microsoft.com...
> > > > > > UAC is turned off
> > > > > >
> > > > > > "Spenceation" wrote:
> > > > > >
> > > > > >> Try running this command with the actual administrator account, this
> > > > > >> account
> > > > > >> bypasses alot of UAC and vista restrictions.
> > > > > >>
> > > > > >> "Mike" wrote:
> > > > > >>
> > > > > >> > I am running this with admin privileges. I turned off UAC as well.
> > > > > >> > This
> > > > > >> > problem is even reproduced with Regedit.
> > > > > >> >
> > > > > >> > Open Regedit and select HKLM
> > > > > >> > Click File and Load Hive
> > > > > >> > Navigate to a NTUSER.DAT file located on a network share
> > > > > >> > Give the key a name and select OK.
> > > > > >> > Access denied.
> > > > > >> >
> > > > > >> > Is this a new security feature with Vista and if so how do you undo it?
> > > > > >> >
> > > > > >> > "Spenceation" wrote:
> > > > > >> >
> > > > > >> > > If you are running this on the command prompt make sure you are using
> > > > > >> > > either
> > > > > >> > > the Run As command, or run the command prompt with admin privlileges.
> > > > > >> > > UAC
> > > > > >> > > will not appear during the command prompt.
> > > > > >> > >
> > > > > >> > > "Mike" wrote:
> > > > > >> > >
> > > > > >> > > > I am trying to load a user hive from a UNC path. When I do this I
> > > > > >> > > > get access
> > > > > >> > > > denied. I can do this from a Windows XP machine. If I copy the
> > > > > >> > > > file locally
> > > > > >> > > > I can the load the hive. What is preventing me from loading it
> > > > > >> > > > through a UNC
> > > > > >> > > > path?
> > > > >
> > > > >
 
M

Mike

I removed the entries from the list. Thinking this would disable the
setting. Same result. I then added back to the list the top most keys of
the hive (AppEvents, Console, Control Panel, Environment, Identities,
Keyboard Layout, Printers, Software, UNICODE Program Groups) and again the
same result. I still don't know if the setting is actually blocking me or
not. I did do a gpupdate /force and restart between changes.

"Spenceation" wrote:

> Correct. Any other registry hives will be blocked if it isn't listed or a
> sub-path of a hive on that list remotely. If you are applying this to
> multiple machines, try one first and then see the results. Hopefully this
> will fix it. Let me know, I'm curious if that is what is blocking it.
>
> "Spenceation" wrote:
>
> > Go to Local Policies then Security Options. the User Rights Assignment folder
> > will assign rights to users and Security Options enables or disables computer
> > security settings.
> >
> > "Mike" wrote:
> >
> > > Not to be dense here but I can't find Computer Configuration\Windows
> > > Settings\Security Settings\Network Access Protection
> > >
> > > Under Security Settings
> > > -Account Policies
> > > -Local Policies
> > > -Windows Firewall with Advanced Security
> > > -Public Key Policies
> > > -Software Restriction Policies
> > > -IP Security Policies on Local Computer
> > >
> > > What am I missing?
> > >
> > >
> > > "Spenceation" wrote:
> > >
> > > > Are you trying to load this hive over the network? Vista does restrict
> > > > certain registry paths from being editted remotely.
> > > >
> > > > System\CurrentControlSet\Control\Print\Printers
> > > > System\CurrentControlSet\Services\Eventlog
> > > > Software\Microsoft\OLAP Server
> > > > Software\Microsoft\Windows NT\CurrentVersion\Print
> > > > Software\Microsoft\Windows NT\CurrentVersion\Windows
> > > > System\CurrentControlSet\Control\ContentIndex
> > > > System\CurrentControlSet\Control\Terminal Server
> > > > System\CurrentControlSet\Control\Terminal Server\UserConfig
> > > > System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
> > > > Software\Microsoft\Windows NT\CurrentVersion\Perflib
> > > > System\CurrentControlSet\Services\SysmonLog
> > > >
> > > > These paths are allowed to be remotely accessible and their sub-paths. These
> > > > settings are stored in the security settings of group poilicy under:
> > > > Network Access: Remotely accessible registry paths and sub-paths
> > > > Since the machines share the same OU try running a Result of Policies to see
> > > > if any settings differ. Also open Regedit and right click on the hive that
> > > > you are editting and select permissions. The default permissions might be
> > > > different on this machine due to the OUs or other reasons. If your account
> > > > has permissions and you are locally logged in, you should be able to edit the
> > > > registry without error.
> > > >
> > > >
> > > > "Mike" wrote:
> > > >
> > > > > Same result.
> > > > >
> > > > > I think it has something to do with a policy from somewhere. What I mean.
> > > > > I have a Vista and XP machine in the same OU with the same policy being
> > > > > applied to them both. I can load a registry hive under XP but not Vista. I
> > > > > then made a RDP connection to a Vista machine off our domain. Opened Regedit
> > > > > and repeated the same steps and I can load the registry hive. Do you think
> > > > > it has anything to do with a trusted path that Vista looks at more closely
> > > > > than XP did?
> > > > >
> > > > > "dean-dean" wrote:
> > > > >
> > > > > > For lack of a better idea, try this. Navigate to C:\Windows\ and
> > > > > > right-click on regedit.exe. Choose Run as Administrator.
> > > > > >
> > > > > >
> > > > > > "Mike" <Mike@discussions.microsoft.com> wrote in message
> > > > > > news:C83D2887-F1A2-4CF1-9008-C7F155E09582@microsoft.com...
> > > > > > > UAC is turned off
> > > > > > >
> > > > > > > "Spenceation" wrote:
> > > > > > >
> > > > > > >> Try running this command with the actual administrator account, this
> > > > > > >> account
> > > > > > >> bypasses alot of UAC and vista restrictions.
> > > > > > >>
> > > > > > >> "Mike" wrote:
> > > > > > >>
> > > > > > >> > I am running this with admin privileges. I turned off UAC as well.
> > > > > > >> > This
> > > > > > >> > problem is even reproduced with Regedit.
> > > > > > >> >
> > > > > > >> > Open Regedit and select HKLM
> > > > > > >> > Click File and Load Hive
> > > > > > >> > Navigate to a NTUSER.DAT file located on a network share
> > > > > > >> > Give the key a name and select OK.
> > > > > > >> > Access denied.
> > > > > > >> >
> > > > > > >> > Is this a new security feature with Vista and if so how do you undo it?
> > > > > > >> >
> > > > > > >> > "Spenceation" wrote:
> > > > > > >> >
> > > > > > >> > > If you are running this on the command prompt make sure you are using
> > > > > > >> > > either
> > > > > > >> > > the Run As command, or run the command prompt with admin privlileges.
> > > > > > >> > > UAC
> > > > > > >> > > will not appear during the command prompt.
> > > > > > >> > >
> > > > > > >> > > "Mike" wrote:
> > > > > > >> > >
> > > > > > >> > > > I am trying to load a user hive from a UNC path. When I do this I
> > > > > > >> > > > get access
> > > > > > >> > > > denied. I can do this from a Windows XP machine. If I copy the
> > > > > > >> > > > file locally
> > > > > > >> > > > I can the load the hive. What is preventing me from loading it
> > > > > > >> > > > through a UNC
> > > > > > >> > > > path?
> > > > > >
> > > > > >
 
S

Spenceation

Can you tell me what the error says word for word. And are there any events
that popup in the event viewer? Try loading another NTUser.dat file,
preferably one that is new and almost blank.

"Mike" wrote:

> I removed the entries from the list. Thinking this would disable the
> setting. Same result. I then added back to the list the top most keys of
> the hive (AppEvents, Console, Control Panel, Environment, Identities,
> Keyboard Layout, Printers, Software, UNICODE Program Groups) and again the
> same result. I still don't know if the setting is actually blocking me or
> not. I did do a gpupdate /force and restart between changes.
>
> "Spenceation" wrote:
>
> > Correct. Any other registry hives will be blocked if it isn't listed or a
> > sub-path of a hive on that list remotely. If you are applying this to
> > multiple machines, try one first and then see the results. Hopefully this
> > will fix it. Let me know, I'm curious if that is what is blocking it.
> >
> > "Spenceation" wrote:
> >
> > > Go to Local Policies then Security Options. the User Rights Assignment folder
> > > will assign rights to users and Security Options enables or disables computer
> > > security settings.
> > >
> > > "Mike" wrote:
> > >
> > > > Not to be dense here but I can't find Computer Configuration\Windows
> > > > Settings\Security Settings\Network Access Protection
> > > >
> > > > Under Security Settings
> > > > -Account Policies
> > > > -Local Policies
> > > > -Windows Firewall with Advanced Security
> > > > -Public Key Policies
> > > > -Software Restriction Policies
> > > > -IP Security Policies on Local Computer
> > > >
> > > > What am I missing?
> > > >
> > > >
> > > > "Spenceation" wrote:
> > > >
> > > > > Are you trying to load this hive over the network? Vista does restrict
> > > > > certain registry paths from being editted remotely.
> > > > >
> > > > > System\CurrentControlSet\Control\Print\Printers
> > > > > System\CurrentControlSet\Services\Eventlog
> > > > > Software\Microsoft\OLAP Server
> > > > > Software\Microsoft\Windows NT\CurrentVersion\Print
> > > > > Software\Microsoft\Windows NT\CurrentVersion\Windows
> > > > > System\CurrentControlSet\Control\ContentIndex
> > > > > System\CurrentControlSet\Control\Terminal Server
> > > > > System\CurrentControlSet\Control\Terminal Server\UserConfig
> > > > > System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
> > > > > Software\Microsoft\Windows NT\CurrentVersion\Perflib
> > > > > System\CurrentControlSet\Services\SysmonLog
> > > > >
> > > > > These paths are allowed to be remotely accessible and their sub-paths. These
> > > > > settings are stored in the security settings of group poilicy under:
> > > > > Network Access: Remotely accessible registry paths and sub-paths
> > > > > Since the machines share the same OU try running a Result of Policies to see
> > > > > if any settings differ. Also open Regedit and right click on the hive that
> > > > > you are editting and select permissions. The default permissions might be
> > > > > different on this machine due to the OUs or other reasons. If your account
> > > > > has permissions and you are locally logged in, you should be able to edit the
> > > > > registry without error.
> > > > >
> > > > >
> > > > > "Mike" wrote:
> > > > >
> > > > > > Same result.
> > > > > >
> > > > > > I think it has something to do with a policy from somewhere. What I mean.
> > > > > > I have a Vista and XP machine in the same OU with the same policy being
> > > > > > applied to them both. I can load a registry hive under XP but not Vista. I
> > > > > > then made a RDP connection to a Vista machine off our domain. Opened Regedit
> > > > > > and repeated the same steps and I can load the registry hive. Do you think
> > > > > > it has anything to do with a trusted path that Vista looks at more closely
> > > > > > than XP did?
> > > > > >
> > > > > > "dean-dean" wrote:
> > > > > >
> > > > > > > For lack of a better idea, try this. Navigate to C:\Windows\ and
> > > > > > > right-click on regedit.exe. Choose Run as Administrator.
> > > > > > >
> > > > > > >
> > > > > > > "Mike" <Mike@discussions.microsoft.com> wrote in message
> > > > > > > news:C83D2887-F1A2-4CF1-9008-C7F155E09582@microsoft.com...
> > > > > > > > UAC is turned off
> > > > > > > >
> > > > > > > > "Spenceation" wrote:
> > > > > > > >
> > > > > > > >> Try running this command with the actual administrator account, this
> > > > > > > >> account
> > > > > > > >> bypasses alot of UAC and vista restrictions.
> > > > > > > >>
> > > > > > > >> "Mike" wrote:
> > > > > > > >>
> > > > > > > >> > I am running this with admin privileges. I turned off UAC as well.
> > > > > > > >> > This
> > > > > > > >> > problem is even reproduced with Regedit.
> > > > > > > >> >
> > > > > > > >> > Open Regedit and select HKLM
> > > > > > > >> > Click File and Load Hive
> > > > > > > >> > Navigate to a NTUSER.DAT file located on a network share
> > > > > > > >> > Give the key a name and select OK.
> > > > > > > >> > Access denied.
> > > > > > > >> >
> > > > > > > >> > Is this a new security feature with Vista and if so how do you undo it?
> > > > > > > >> >
> > > > > > > >> > "Spenceation" wrote:
> > > > > > > >> >
> > > > > > > >> > > If you are running this on the command prompt make sure you are using
> > > > > > > >> > > either
> > > > > > > >> > > the Run As command, or run the command prompt with admin privlileges.
> > > > > > > >> > > UAC
> > > > > > > >> > > will not appear during the command prompt.
> > > > > > > >> > >
> > > > > > > >> > > "Mike" wrote:
> > > > > > > >> > >
> > > > > > > >> > > > I am trying to load a user hive from a UNC path. When I do this I
> > > > > > > >> > > > get access
> > > > > > > >> > > > denied. I can do this from a Windows XP machine. If I copy the
> > > > > > > >> > > > file locally
> > > > > > > >> > > > I can the load the hive. What is preventing me from loading it
> > > > > > > >> > > > through a UNC
> > > > > > > >> > > > path?
> > > > > > >
> > > > > > >
 
M

Mike

Sorry for taking so long to get back to you. The error states: "Cannot Load
\\server\share\folder\NTUSER.DAT: Access is denied"

This is after trying to load the hive. I did use process monitor to see
what was happening and this is what it reports:

28547 8:46:25.4002811 AM reg.exe 4832 RegLoadKey HKLM\test ACCESS DENIED
Hive Path: UNC\Domain\Share\profiles\User\NTUSER.DAT
32293 8:46:26.0527129 AM reg.exe 4832 QuerySecurityFile
\\Domain\Share\Profiles\User\NTUSER.DAT ACCESS DENIED Information: DACL

There are no error messages in the event log

I will try and load another new NTUSER.DAT


"Spenceation" wrote:

> Can you tell me what the error says word for word. And are there any events
> that popup in the event viewer? Try loading another NTUser.dat file,
> preferably one that is new and almost blank.
>
> "Mike" wrote:
>
> > I removed the entries from the list. Thinking this would disable the
> > setting. Same result. I then added back to the list the top most keys of
> > the hive (AppEvents, Console, Control Panel, Environment, Identities,
> > Keyboard Layout, Printers, Software, UNICODE Program Groups) and again the
> > same result. I still don't know if the setting is actually blocking me or
> > not. I did do a gpupdate /force and restart between changes.
> >
> > "Spenceation" wrote:
> >
> > > Correct. Any other registry hives will be blocked if it isn't listed or a
> > > sub-path of a hive on that list remotely. If you are applying this to
> > > multiple machines, try one first and then see the results. Hopefully this
> > > will fix it. Let me know, I'm curious if that is what is blocking it.
> > >
> > > "Spenceation" wrote:
> > >
> > > > Go to Local Policies then Security Options. the User Rights Assignment folder
> > > > will assign rights to users and Security Options enables or disables computer
> > > > security settings.
> > > >
> > > > "Mike" wrote:
> > > >
> > > > > Not to be dense here but I can't find Computer Configuration\Windows
> > > > > Settings\Security Settings\Network Access Protection
> > > > >
> > > > > Under Security Settings
> > > > > -Account Policies
> > > > > -Local Policies
> > > > > -Windows Firewall with Advanced Security
> > > > > -Public Key Policies
> > > > > -Software Restriction Policies
> > > > > -IP Security Policies on Local Computer
> > > > >
> > > > > What am I missing?
> > > > >
> > > > >
> > > > > "Spenceation" wrote:
> > > > >
> > > > > > Are you trying to load this hive over the network? Vista does restrict
> > > > > > certain registry paths from being editted remotely.
> > > > > >
> > > > > > System\CurrentControlSet\Control\Print\Printers
> > > > > > System\CurrentControlSet\Services\Eventlog
> > > > > > Software\Microsoft\OLAP Server
> > > > > > Software\Microsoft\Windows NT\CurrentVersion\Print
> > > > > > Software\Microsoft\Windows NT\CurrentVersion\Windows
> > > > > > System\CurrentControlSet\Control\ContentIndex
> > > > > > System\CurrentControlSet\Control\Terminal Server
> > > > > > System\CurrentControlSet\Control\Terminal Server\UserConfig
> > > > > > System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
> > > > > > Software\Microsoft\Windows NT\CurrentVersion\Perflib
> > > > > > System\CurrentControlSet\Services\SysmonLog
> > > > > >
> > > > > > These paths are allowed to be remotely accessible and their sub-paths. These
> > > > > > settings are stored in the security settings of group poilicy under:
> > > > > > Network Access: Remotely accessible registry paths and sub-paths
> > > > > > Since the machines share the same OU try running a Result of Policies to see
> > > > > > if any settings differ. Also open Regedit and right click on the hive that
> > > > > > you are editting and select permissions. The default permissions might be
> > > > > > different on this machine due to the OUs or other reasons. If your account
> > > > > > has permissions and you are locally logged in, you should be able to edit the
> > > > > > registry without error.
> > > > > >
> > > > > >
> > > > > > "Mike" wrote:
> > > > > >
> > > > > > > Same result.
> > > > > > >
> > > > > > > I think it has something to do with a policy from somewhere. What I mean.
> > > > > > > I have a Vista and XP machine in the same OU with the same policy being
> > > > > > > applied to them both. I can load a registry hive under XP but not Vista. I
> > > > > > > then made a RDP connection to a Vista machine off our domain. Opened Regedit
> > > > > > > and repeated the same steps and I can load the registry hive. Do you think
> > > > > > > it has anything to do with a trusted path that Vista looks at more closely
> > > > > > > than XP did?
> > > > > > >
> > > > > > > "dean-dean" wrote:
> > > > > > >
> > > > > > > > For lack of a better idea, try this. Navigate to C:\Windows\ and
> > > > > > > > right-click on regedit.exe. Choose Run as Administrator.
> > > > > > > >
> > > > > > > >
> > > > > > > > "Mike" <Mike@discussions.microsoft.com> wrote in message
> > > > > > > > news:C83D2887-F1A2-4CF1-9008-C7F155E09582@microsoft.com...
> > > > > > > > > UAC is turned off
> > > > > > > > >
> > > > > > > > > "Spenceation" wrote:
> > > > > > > > >
> > > > > > > > >> Try running this command with the actual administrator account, this
> > > > > > > > >> account
> > > > > > > > >> bypasses alot of UAC and vista restrictions.
> > > > > > > > >>
> > > > > > > > >> "Mike" wrote:
> > > > > > > > >>
> > > > > > > > >> > I am running this with admin privileges. I turned off UAC as well.
> > > > > > > > >> > This
> > > > > > > > >> > problem is even reproduced with Regedit.
> > > > > > > > >> >
> > > > > > > > >> > Open Regedit and select HKLM
> > > > > > > > >> > Click File and Load Hive
> > > > > > > > >> > Navigate to a NTUSER.DAT file located on a network share
> > > > > > > > >> > Give the key a name and select OK.
> > > > > > > > >> > Access denied.
> > > > > > > > >> >
> > > > > > > > >> > Is this a new security feature with Vista and if so how do you undo it?
> > > > > > > > >> >
> > > > > > > > >> > "Spenceation" wrote:
> > > > > > > > >> >
> > > > > > > > >> > > If you are running this on the command prompt make sure you are using
> > > > > > > > >> > > either
> > > > > > > > >> > > the Run As command, or run the command prompt with admin privlileges.
> > > > > > > > >> > > UAC
> > > > > > > > >> > > will not appear during the command prompt.
> > > > > > > > >> > >
> > > > > > > > >> > > "Mike" wrote:
> > > > > > > > >> > >
> > > > > > > > >> > > > I am trying to load a user hive from a UNC path. When I do this I
> > > > > > > > >> > > > get access
> > > > > > > > >> > > > denied. I can do this from a Windows XP machine. If I copy the
> > > > > > > > >> > > > file locally
> > > > > > > > >> > > > I can the load the hive. What is preventing me from loading it
> > > > > > > > >> > > > through a UNC
> > > > > > > > >> > > > path?
> > > > > > > >
> > > > > > > >
 
You must log in or register to reply here.

Similar threads

C
Preventing Excel macro spreadsheets from being blocked that are located on a domain-based file server connecting via a namespace mapped drive
Replies
0
Views
30
CROSS_5430
C
R
Make proxy settings per-machine (rather than per-user)
Replies
0
Views
41
robmacf
R
R
Make proxy settings per-machine (rather than per-user)
Replies
0
Views
49
robmacf
R
J
Unable to restore files from daily backups using Windows Backup and Restore (Windows 7)
Replies
0
Views
32
Jonathan Watanabe
J
J
Unable to restore files from daily backups using Windows Backup and Restore (Windows 7)
Replies
0
Views
30
Jonathan Watanabe
J
Back
Top Bottom