Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security NTBugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SP2 Install Error - Access is denied.

from [Wally Beck] Network Security [Permanent Link]
Subject: SP2 Install Error - Access is denied.
Date: Thu, 2 Sep 2004 20:29:40 -0400 
Problem:
When you try to install Microsoft Windows XP Service Pack 2 (SP2), you
experience the following issues:
You cannot install the service pack and may receive the following error
message towards the end of the installation process: 
"Service Pack setup has failed. Access Denied"
(http://support.microsoft.com/?kbid=873148)

However, if you use the /u switch (no user interaction) to install SP2, you
won't see an error message. 
Instead, look in C:\Windows\Svcpack.log to verify this problem exists. Look
for:
"Access is denied.
Service Pack 2 installation did not complete.
Select 'OK' to undo the changes that have been made.
Starting process:  C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
/~ -u -z
Software Update Rollback has completed with return code 0xbc2.  This rollback
requires a reboot.
Service Pack 2 installation did not complete.
Windows XP has been partially updated and may not work properly.
Update.exe extended error code = 0x5
Update.exe return code was masked to 0x643 for MSI custom action compliance."

You can also look in C:\Windows\setupapi.log in order to verify this problem.
Look for:
"Setting registry value
HKCR\Interface\{00000500-0000-0010-8000-00AA006D2EA4}\TypeLib\Version
Error 5: Access is denied.
Parsing AddReg section [ado.AddReg] in
"c:\4d835a34ff0402a27889723cf2ea\i386\update\update.inf" failed. Error 5:
Access is denied.
Parsing install section [DataAccessSection] in
"c:\4d835a34ff0402a27889723cf2ea\i386\update\update.inf" failed. Error 5:
Access is denied."


Cause:
The administrative user's permission on several registry keys are incorrectly
set and SP2 thinks it doesn't have access to modify the values in several
registry keys. In reality, the registry keys can be modified by the
administrative user, even though the registry key permissions are configured
improperly (Administrators is set to READ). I believe the registry key
permission problem is cause by a faulty MDAC 2.8 installation (prior to
installing SP2). As you may know, part of the SP2 installation process
installs MDAC 2.8 which is when the SP2 installation failure occurs.


Solution:
Thus far, we have experienced this issue on 6% of all computers in our
organization. Create a batch file using the code below and run it on a
computer that has experienced this problem. Regperm.exe (part of Windows XP)
is used to set the registry key permissions correctly. Please fix the line
wraps (each line ends with /R).

@echo off
regperm /K HKEY_CLASSES_ROOT\Interface\{00000500-0000-0010-8000-00AA006D2EA4}
/I /S /A:Administrators:F /A:SYSTEM:F /A:"CREATOR OWNER":F /A:"POWER
USERS":WCRD /A:USERS:R /R
regperm /K HKEY_CLASSES_ROOT\Interface\{00000501-0000-0010-8000-00AA006D2EA4}
/I /S /A:Administrators:F /A:SYSTEM:F /A:"CREATOR OWNER":F /A:"POWER
USERS":WCRD /A:USERS:R /R
regperm /K HKEY_CLASSES_ROOT\Interface\{00000503-0000-0010-8000-00AA006D2EA4}
/I /S /A:Administrators:F /A:SYSTEM:F /A:"CREATOR OWNER":F /A:"POWER
USERS":WCRD /A:USERS:R /R
regperm /K HKEY_CLASSES_ROOT\Interface\{00000504-0000-0010-8000-00AA006D2EA4}
/I /S /A:Administrators:F /A:SYSTEM:F /A:"CREATOR OWNER":F /A:"POWER
USERS":WCRD /A:USERS:R /R
regperm /K HKEY_CLASSES_ROOT\Interface\{00000506-0000-0010-8000-00AA006D2EA4}
/I /S /A:Administrators:F /A:SYSTEM:F /A:"CREATOR OWNER":F /A:"POWER
USERS":WCRD /A:USERS:R /R
regperm /K HKEY_CLASSES_ROOT\Interface\{0000050E-0000-0010-8000-00AA006D2EA4}
/I /S /A:Administrators:F /A:SYSTEM:F /A:"CREATOR OWNER":F /A:"POWER
USERS":WCRD /A:USERS:R /R
regperm /K HKEY_CLASSES_ROOT\Interface\{00000512-0000-0010-8000-00AA006D2EA4}
/I /S /A:Administrators:F /A:SYSTEM:F /A:"CREATOR OWNER":F /A:"POWER
USERS":WCRD /A:USERS:R /R
regperm /K HKEY_CLASSES_ROOT\Interface\{00000515-0000-0010-8000-00AA006D2EA4}
/I /S /A:Administrators:F /A:SYSTEM:F /A:"CREATOR OWNER":F /A:"POWER
USERS":WCRD /A:USERS:R /R
regperm /K HKEY_CLASSES_ROOT\Interface\{00000534-0000-0010-8000-00AA006D2EA4}
/I /S /A:Administrators:F /A:SYSTEM:F /A:"CREATOR OWNER":F /A:"POWER
USERS":WCRD /A:USERS:R /R
regperm /K HKEY_CLASSES_ROOT\Interface\{0000054C-0000-0010-8000-00AA006D2EA4}
/I /S /A:Administrators:F /A:SYSTEM:F /A:"CREATOR OWNER":F /A:"POWER
USERS":WCRD /A:USERS:R /R
regperm /K HKEY_CLASSES_ROOT\Interface\{0000054D-0000-0010-8000-00AA006D2EA4}
/I /S /A:Administrators:F /A:SYSTEM:F /A:"CREATOR OWNER":F /A:"POWER
USERS":WCRD /A:USERS:R /R
regperm /K HKEY_CLASSES_ROOT\Interface\{0000054F-0000-0010-8000-00AA006D2EA4}
/I /S /A:Administrators:F /A:SYSTEM:F /A:"CREATOR OWNER":F /A:"POWER
USERS":WCRD /A:USERS:R /R
regperm /K HKEY_CLASSES_ROOT\Interface\{00000550-0000-0010-8000-00AA006D2EA4}
/I /S /A:Administrators:F /A:SYSTEM:F /A:"CREATOR OWNER":F /A:"POWER
USERS":WCRD /A:USERS:R /R
regperm /K HKEY_CLASSES_ROOT\Interface\{00000555-0000-0010-8000-00AA006D2EA4}
/I /S /A:Administrators:F /A:SYSTEM:F /A:"CREATOR OWNER":F /A:"POWER
USERS":WCRD /A:USERS:R /R
regperm /K HKEY_CLASSES_ROOT\Interface\{00000556-0000-0010-8000-00AA006D2EA4}
/I /S /A:Administrators:F /A:SYSTEM:F /A:"CREATOR OWNER":F /A:"POWER
USERS":WCRD /A:USERS:R /R
regperm /K HKEY_CLASSES_ROOT\Interface\{00000564-0000-0010-8000-00AA006D2EA4}
/I /S /A:Administrators:F /A:SYSTEM:F /A:"CREATOR OWNER":F /A:"POWER
USERS":WCRD /A:USERS:R /R
regperm /K HKEY_CLASSES_ROOT\Interface\{00000565-0000-0010-8000-00AA006D2EA4}
/I /S /A:Administrators:F /A:SYSTEM:F /A:"CREATOR OWNER":F /A:"POWER
USERS":WCRD /A:USERS:R /R
regperm /K HKEY_CLASSES_ROOT\Interface\{00000569-0000-0010-8000-00AA006D2EA4}
/I /S /A:Administrators:F /A:SYSTEM:F /A:"CREATOR OWNER":F /A:"POWER
USERS":WCRD /A:USERS:R /R
CLS

Now, does anyone know how to use VBScript to check the permissions on one of
these registry keys? I'd like to automate this solution to run the batch file
if necessary. And no, this
(http://www.microsoft.com/technet/community/scriptcenter/registry/scrreg01.ms
px) won't work because the administrative user can change the permissions
even though it appears that they only have READ access.

Wally Beck
Gainesville College
wbeck@gc.peachnet.edu




-----
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is configured such 
that just hitting reply is going to result in the message coming to the list, 
not to the individual who sent the message. This was done to help reduce the 
number of Out of Office messages posters received. So if you want to send a 
reply just to the poster, you'll have to copy their email address out of the 
message and place it in your TO: field.
-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SQL Server 2000 SP2 xp_sendmail bug, simon edwins (BITS)
Next by Date:  FW: [Unpatched] Shell and Drag'n'Drop vulnerabilities, Thor Larholm
Previous by Thread:  SQL Server 2000 SP2 xp_sendmail bug, simon edwins (BITS)
Next by Thread:  Re: SP2 Install Error - Access is denied., Andrew Aronoff
Indexes:  [Date] [Thread] [Top] [All Lists]