Page 1 of 2 12>
Topic Options
#177877 - 2007-07-12 05:14 PM LoadHive and Vista
RockChok Offline
Fresh Scripter

Registered: 2004-11-12
Posts: 10
I have a script that worked great under XP but now our machines are running Vista. The part where it fails is when it tries to process LoadHive. Here is the portion that fails:

$returncodeloadhive = LoadHive ("HKEY_USERS\A", "C:\test\ntuser.dat")

I get access denied. This still works under XP but fails under Vista. I am the local administrator with UAC turned off. Any clues?

Thanks for any help.

Top
#177878 - 2007-07-12 05:19 PM Re: LoadHive and Vista [Re: RockChok]
Witto Offline
MM club member
*****

Registered: 2004-09-29
Posts: 1828
Loc: Belgium
Strange
AFAIK common users have only "read" permission to HKEY_USERS
IMHO You need administrative privileges

Top
#177879 - 2007-07-12 05:34 PM Re: LoadHive and Vista [Re: Witto]
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Don't you also need backup and restore rights?
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#177881 - 2007-07-12 05:47 PM Re: LoadHive and Vista [Re: RockChok]
RockChok Offline
Fresh Scripter

Registered: 2004-11-12
Posts: 10
I am the local administrator. Do I need more specific rights?
Top
#177882 - 2007-07-12 05:53 PM Re: LoadHive and Vista [Re: Les]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
I do not have much experience with Vista but I guess being local admin should be enough.

Edited by Mart (2007-07-12 05:54 PM)
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#177883 - 2007-07-12 05:55 PM Re: LoadHive and Vista [Re: RockChok]
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Well... I don't do Vista, but on previous versions AFAIK local admin does not have backup and restore by default.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#177884 - 2007-07-12 06:24 PM Re: LoadHive and Vista [Re: RockChok]
RockChok Offline
Fresh Scripter

Registered: 2004-11-12
Posts: 10
Added myself to the Backup Operators group, restarted, and no go. Checked local policy and Backup and Restore rights are assigned to Backup Operators and Administrators. I am a member of both.
Top
#177898 - 2007-07-12 11:30 PM Re: LoadHive and Vista [Re: RockChok]
RockChok Offline
Fresh Scripter

Registered: 2004-11-12
Posts: 10
Update for those interested in resolving. I tried using vista's built in utility Reg.exe.

Syntax: Reg load hklm\test c:\test\ntuser.dat.
Works.

next

Reg load hklm\test \\server\share\folder\ntuser.dat
access denied
doesn't work

Loading a dat file from a UNC path seems to not work. Is this by design under vista?

Earlier I think I stated that loading the hive locally didn't work. I got confused in my testing. I really would like to make this run from a UNC path rather than copy the file locally, modify it, and then overwrite the existing file at the UNC location.

Once again sorry about the earlier confusion and thanks for any help.

Top
#177900 - 2007-07-12 11:55 PM Re: LoadHive and Vista [Re: RockChok]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
What if you map a drive first?
Top
#177901 - 2007-07-12 11:58 PM Re: LoadHive and Vista [Re: RockChok]
Allen Administrator Online   shocked
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
Does a mapped drive work? If so, just use it temporarily to do what you need and unmap it.

[edit] Doc beat me \:\( [/edit]

Top
#177911 - 2007-07-13 09:28 AM Re: LoadHive and Vista [Re: Allen]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
Just a stupid thing that came up when reading this thread once again.

The access denied error is that error really coming from the registry stuff or from accessing the file on the server? Because it works with a local file.......
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#177913 - 2007-07-13 11:30 AM Re: LoadHive and Vista [Re: Mart]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
you just told what I've been silently wondering for a while.
_________________________
!

download KiXnet

Top
#177914 - 2007-07-13 11:35 AM Re: LoadHive and Vista [Re: Lonkero]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
Must be something like telepathy, the silent force, ying and yang, whatever.......... \:\)
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#177915 - 2007-07-13 11:52 AM Re: LoadHive and Vista [Re: Mart]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
with the force we must be.
_________________________
!

download KiXnet

Top
#177923 - 2007-07-13 03:57 PM Re: LoadHive and Vista [Re: RockChok]
RockChok Offline
Fresh Scripter

Registered: 2004-11-12
Posts: 10
I did try mapping a drive and no dice. Also, the script works on XP with me running it so permissions are correct. I'm sure its purely Vista. I had another guy on Vista try this and he reproduced the problem. I'm running this as a domain admin and I get the following message using Process Monitor:

28547 8:46:25.4002811 AM reg.exe 4832 RegLoadKey HKLM\test ACCESS DENIED Hive Path: UNC\Domain\Share\profiles\User\NTUSER.DAT
32293 8:46:26.0527129 AM reg.exe 4832 QuerySecurityFile \\Domain\Share\Profiles\User\NTUSER.DAT ACCESS DENIED Information: DACL

These are the only two access denied messages I get when performing this operation. Again this works when the file is copied locally or when the file is accessed from an UNC path on XP. Can anyone shed light as to why this is happening?

Top
#177925 - 2007-07-13 04:50 PM Re: LoadHive and Vista [Re: RockChok]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
either it's policy or the registry loads impersonated...
as far as I can think of the reasons.
_________________________
!

download KiXnet

Top
#177926 - 2007-07-13 05:02 PM Re: LoadHive and Vista [Re: RockChok]
RockChok Offline
Fresh Scripter

Registered: 2004-11-12
Posts: 10
This is something native to Vista. I have even reproduced the problem by:

1. Open regedit
2. Select HKLML, Select File --> Load Hive
3. Browse to a network path which contains a NTUSER.DAT
4. Create a key name

I get access denied. I am 99% certain no policy is impacting this other than what Vista comes with. Are their others running Vista who can reproduce this?

Top
#177927 - 2007-07-13 05:22 PM Re: LoadHive and Vista [Re: RockChok]
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
OK, then not a KiX issue.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#177928 - 2007-07-13 05:31 PM Re: LoadHive and Vista [Re: RockChok]
RockChok Offline
Fresh Scripter

Registered: 2004-11-12
Posts: 10
Correct, Kix doesn't cause the issue.
Top
#177929 - 2007-07-13 05:55 PM Re: LoadHive and Vista [Re: RockChok]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
yes, no other policy but most likely a default policy.
something about unc paths threaded as normal unknown zone websites = untrusted.
_________________________
!

download KiXnet

Top
Page 1 of 2 12>


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
2 registered (morganw, mole) and 414 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.071 seconds in which 0.023 seconds were spent on a total of 14 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org