Apparently, one of the Windows updates is causing corruption of the Access Control List (ACL's) in the registry. I had entire sections of my registry nodes that lost the ACL'S.
While I was researching the problem, I came across a website where someone had a similar problem with getting windows OS programs/services to run and they discovered that there was some registry corruption and missing ACL's.
There are two different options that I ended up doing to get the system back in operation.
It seems that running one or the other alone will not fix the problem, but doing both should get you back in service.
- Make a backup of your registry (and a complete backup of the system wouldn't hurt either!)
- Go to Microsoft's website and download a program called subinacl.exe from this site; http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en
- Install the subinacl.exe (it downloads as an MSI file).
- Copy the code below into a text file and then name the text file reset.cmd.
- I copied the command file to my temp folder to run, but as you can see from the cmd file, it contains the path to the executable subinacl.exe.
title Resetting ACLs...
cd /d "%ProgramFiles%\Windows Resource Kits\Tools"
echo Resetting ACLs...
echo (this may take several minutes to complete)
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
echo System Drive...
subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
echo Windows Directory...
subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
echo Press any key to exit . . .
3. As this command file runs it will show you the status of the reset and create a log that you can go back into and inspect for problems.
4. When this command file completes, you then need to open a command window (using Run As Administrator) and run the following command;
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose >c:\temp\secedit_output.txt
(the redirect of output echos the programs output to a text file, but secedit also creates a log file. The program will show you the location of the log file when it is done).
These two actions combined will reset the permissions on the registry nodes back to their default settings.
Reboot and check your Event Log service... at this point it should be running.
After effects of this process which happened to me, were that the Network List Service would not run... I still had network and internet access, however the Network icon in the task notification area had a Red X, and mouse over displayed a tooltip that said "Server Execution Failed". This was a result of resetting the ACL's.
The Network List Service (netprofm
) would not run because it did not have permission to run.
In order to correct this issue, you must open the Component Services
snap-in and drill down under Computers/My Computer/DCOM Config/netprofm
(this is for Vista!) and right click the node, and select Properties.
Click on the Security tab and make certain the correct user names are listed and that they have the appropriate permissions. I have 4 users listed with the same permissions; (your mileage may vary )
- Administrators - Perms; Local Launch, Local activation
- Local Service
Next, go to the Identity tab and ensure that The System account (services only)
is the item that is checked. Make sure the changes you make get applied.
Restart your computer so the ACL's are refreshed.
Once you come back up from the reboot, things should be pretty much back to normal.
You may find a stray program here and there that may need to have it's permissions reset, but you should be operational.