remoteregistry issues

For the past few months there has been a very minor and seemingly random issue where antivirus was not able to be pushed out from a server to an XP workstation. Other small issues continued to develop as more and more XP workstations were rolled out to new employees. Some of DameWare’s tools were not responding properly, and other network tools like psservice would simply return a “network path not found” even though I could ping the heck out of the device.

Today, I was attempting to “patch” systems with a registry key that would block XP SP2 from being rolled out. However, some, but not all, of the recent XP machines that I have rolled out were giving me the dreaded “network path not found” message. Finally, I took the time to tackle this odd little issue.

I checked the Event Log on a whim, and noticed a number of entries for a failure to start a DCOM server with the message “Access is denied” and an eventid of 10000. I narrowed this down to an issue with the WMI controls not having access to start up. At about the same time I realized that the normally Automatic service, RemoteRegistry, was not starting on the offending machines, but was started just fine on machines that had no issues. Putting three and three together, the DCOM event log errors were logged every time this service attempted to start, and an access denied pointed back to a security setting I implement on new machines: limiting the NTFS permissions for the C: drive.

After some googling now that I knew what to look for, I found that I needed to restore the “MACHINE\Local Service” account to Modify/Read/List Contents/Write access to the C:\%SYSTEM% folder. This change did not have to be implemented through the subdirs, but rather just on that particular directory.

Once this permission was restored, things worked great. I used DameWare to browse and set NTFS permissons on offending systems. Psservice then let me remotely start up the RemoteRegistry service, and another command line let me run the BlockXPSP2.cmd file to “patch” the system up.

Definitely pissed me off for a while that I had to be troubleshooting this issue, but so very rewarding to finally clear it up, and in the process clear up some other smallers issues from the past. Needless to say, the “install” docs for setting up new computers have been updated…

One thought on “remoteregistry issues

Comments are closed.