| RockChok |
| (Fresh Scripter) |
| 2007-07-12 05:14 PM |
LoadHive and Vista
|
I have a script that worked great under XP but now our machines are running Vista. The part where it fails is when it tries to process LoadHive. Here is the portion that fails:
$returncodeloadhive = LoadHive ("HKEY_USERS\A", "C:\test\ntuser.dat")
I get access denied. This still works under XP but fails under Vista. I am the local administrator with UAC turned off. Any clues?
Thanks for any help.
| Witto |
| (MM club member) |
| 2007-07-12 05:19 PM |
|
|
Re: LoadHive and Vista
|
Strange
AFAIK common users have only "read" permission to HKEY_USERS
IMHO You need administrative privileges
| Les |
| (KiX Master) |
| 2007-07-12 05:34 PM |
|
Re: LoadHive and Vista
|
Don't you also need backup and restore rights?
| RockChok |
| (Fresh Scripter) |
| 2007-07-12 05:47 PM |
|
Re: LoadHive and Vista
|
I am the local administrator. Do I need more specific rights?
| Mart |
| (KiX Supporter) |
| 2007-07-12 05:53 PM |
|
|
Re: LoadHive and Vista
|
I do not have much experience with Vista but I guess being local admin should be enough.
| Les |
| (KiX Master) |
| 2007-07-12 05:55 PM |
|
Re: LoadHive and Vista
|
Well... I don't do Vista, but on previous versions AFAIK local admin does not have backup and restore by default.
| RockChok |
| (Fresh Scripter) |
| 2007-07-12 06:24 PM |
|
Re: LoadHive and Vista
|
Added myself to the Backup Operators group, restarted, and no go. Checked local policy and Backup and Restore rights are assigned to Backup Operators and Administrators. I am a member of both.
| RockChok |
| (Fresh Scripter) |
| 2007-07-12 11:30 PM |
|
Re: LoadHive and Vista
|
Update for those interested in resolving. I tried using vista's built in utility Reg.exe.
Syntax: Reg load hklm\test c:\test\ntuser.dat.
Works.
next
Reg load hklm\test \\server\share\folder\ntuser.dat
access denied
doesn't work
Loading a dat file from a UNC path seems to not work. Is this by design under vista?
Earlier I think I stated that loading the hive locally didn't work. I got confused in my testing. I really would like to make this run from a UNC path rather than copy the file locally, modify it, and then overwrite the existing file at the UNC location.
Once again sorry about the earlier confusion and thanks for any help.
NTDOC
|
| (KiX Master) |
| 2007-07-12 11:55 PM |
|
|
Re: LoadHive and Vista
|
What if you map a drive first?
|
Allen
|
| (KiX Supporter) |
| 2007-07-12 11:58 PM |
|
Re: LoadHive and Vista
|
Does a mapped drive work? If so, just use it temporarily to do what you need and unmap it.
[edit] Doc beat me
[/edit]
| Mart |
| (KiX Supporter) |
| 2007-07-13 09:28 AM |
|
|
|
Re: LoadHive and Vista
|
Just a stupid thing that came up when reading this thread once again.
The access denied error is that error really coming from the registry stuff or from accessing the file on the server? Because it works with a local file.......
|
Lonkero
|
| (KiX Master Guru) |
| 2007-07-13 11:30 AM |
|
Re: LoadHive and Vista
|
you just told what I've been silently wondering for a while.
| Mart |
| (KiX Supporter) |
| 2007-07-13 11:35 AM |
|
|
|
Re: LoadHive and Vista
|
Must be something like telepathy, the silent force, ying and yang, whatever..........
|
Lonkero
|
| (KiX Master Guru) |
| 2007-07-13 11:52 AM |
|
Re: LoadHive and Vista
|
with the force we must be.
| RockChok |
| (Fresh Scripter) |
| 2007-07-13 03:57 PM |
|
Re: LoadHive and Vista
|
I did try mapping a drive and no dice. Also, the script works on XP with me running it so permissions are correct. I'm sure its purely Vista. I had another guy on Vista try this and he reproduced the problem. I'm running this as a domain admin and I get the following message using Process Monitor:
28547 8:46:25.4002811 AM reg.exe 4832 RegLoadKey HKLM\test ACCESS DENIED Hive Path: UNC\Domain\Share\profiles\User\NTUSER.DAT
32293 8:46:26.0527129 AM reg.exe 4832 QuerySecurityFile \\Domain\Share\Profiles\User\NTUSER.DAT ACCESS DENIED Information: DACL
These are the only two access denied messages I get when performing this operation. Again this works when the file is copied locally or when the file is accessed from an UNC path on XP. Can anyone shed light as to why this is happening?
|
Lonkero
|
| (KiX Master Guru) |
| 2007-07-13 04:50 PM |
|
Re: LoadHive and Vista
|
either it's policy or the registry loads impersonated...
as far as I can think of the reasons.
| RockChok |
| (Fresh Scripter) |
| 2007-07-13 05:02 PM |
|
Re: LoadHive and Vista
|
This is something native to Vista. I have even reproduced the problem by:
1. Open regedit
2. Select HKLML, Select File --> Load Hive
3. Browse to a network path which contains a NTUSER.DAT
4. Create a key name
I get access denied. I am 99% certain no policy is impacting this other than what Vista comes with. Are their others running Vista who can reproduce this?
| Les |
| (KiX Master) |
| 2007-07-13 05:22 PM |
|
Re: LoadHive and Vista
|
OK, then not a KiX issue.
| RockChok |
| (Fresh Scripter) |
| 2007-07-13 05:31 PM |
|
Re: LoadHive and Vista
|
Correct, Kix doesn't cause the issue.
|
Lonkero
|
| (KiX Master Guru) |
| 2007-07-13 05:55 PM |
|
Re: LoadHive and Vista
|
yes, no other policy but most likely a default policy.
something about unc paths threaded as normal unknown zone websites = untrusted.
| RockChok |
| (Fresh Scripter) |
| 2007-07-13 06:13 PM |
|
Re: LoadHive and Vista
|
Joel you are correct although I haven't tracked it down just yet. I just connected to a Vista machine off our domain through RDP where I have access to my local drives. I performed the same procedure and it worked. I am not certain what is specific to Vista that prevents a registry hive from loading where it does allow it on XP. Again the Vista and XP machines are under the same OU with the exact same policies applied. I know this isn't a KIX issue but I had tunnel vision as to why my KIX script stopped working.