Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Fixing a computer with hosed permissions & activation problems?

08 Oct 2012   #21
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

You obviously haven't seen some of my snottier posts, then!

I have and enjoyed every one of them.


My System SpecsSystem Spec
.
08 Oct 2012   #22
Keirnoth

Windows 7 Professional 32-bit
 
 

Edit: It's complaining Windows isn't genuine again. Maybe I should try to re-enter the COA key?

Here are the results:

Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>SC QC EVENTLOG
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: EVENTLOG
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        LOAD_ORDER_GROUP   : Event Log
        TAG                : 0
        DISPLAY_NAME       : Windows Event Log
        DEPENDENCIES       :
        SERVICE_START_NAME : NT AUTHORITY\LocalService

C:\Windows\system32>SC QUERYEX EVENTLOG

SERVICE_NAME: EVENTLOG
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 5  (0x5)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 0
        FLAGS              :

C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI
C:\Windows\System32\Logfiles\WMI NT AUTHORITY\SYSTEM:(F)
                                 BUILTIN\Administrators:(F)

Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI\RtBackup
C:\Windows\System32\Logfiles\WMI\RtBackup NT AUTHORITY\SYSTEM:(F)
                                          BUILTIN\Administrators:(F)

Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>
My System SpecsSystem Spec
09 Oct 2012   #23
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

We need to change the permissions there first - it may well be what's causing the problems.
Open an Elevated Command Prompt windows, and run the following commands..

ICACLS C:\Windows\System32\Logfiles\WMI /grant SYSTEM:(OI)(CI)(F)
ICACLS C:\Windows\System32\Logfiles\WMI /grant "LOCAL SERVICE":(OI)(CI)(F)
ICACLS C:\Windows\System32\Logfiles\WMI /grant "NETWORK SERVICE":(OI)(CI)(F)
ICACLS C:\Windows\System32\Logfiles\WMI /grant Administrators:(OI)(CI)(F)
ICACLS C:\Windows\System32\Logfiles\WMI /grant "Performance Log Users":(OI)(CI)(F)
ICACLS C:\Windows\System32\Logfiles\WMI\RtBackup /grant SYSTEM:(OI)(CI)(F)

The reboot and run the following commands....

NET START EVENTLOG
SC QUERYEX EVENTLOG
NET START SPPSVC

post the results of those, and a new MGADiag report - I'll get on the file mismatches soon.
My System SpecsSystem Spec
.

09 Oct 2012   #24
Keirnoth

Windows 7 Professional 32-bit
 
 

After running the icacls commands:

Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI /grant SYSTEM:(OI)(CI)(F)
processed file: C:\Windows\System32\Logfiles\WMI
Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI /grant "LOCAL SERVICE":(OI)(CI)(F)
processed file: C:\Windows\System32\Logfiles\WMI
Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI /grant "NETWORK SERVICE":(OI)(CI)(F)
processed file: C:\Windows\System32\Logfiles\WMI
Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI /grant Administrators:(OI)(CI)(F)
processed file: C:\Windows\System32\Logfiles\WMI
Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI /grant "Performance Log Users":(OI)(CI)(F)
processed file: C:\Windows\System32\Logfiles\WMI
Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI\RtBackup /grant SYSTEM:(OI)(CI)(F)
processed file: C:\Windows\System32\Logfiles\WMI\RtBackup
Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>
After rebooting and running the second set of commands:

Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>NET START EVENTLOG
The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

System error 5 has occurred.

Access is denied.


C:\Windows\system32>SC QUERYEX EVENTLOG

SERVICE_NAME: EVENTLOG
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 5  (0x5)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 0
        FLAGS              :

C:\Windows\system32>NET START SPPSVC
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.


C:\Windows\system32>
Event Viewer/Log isn't starting? :(
My System SpecsSystem Spec
09 Oct 2012   #25
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

Yeah - that's the root cause of your problem - it's lacking access to necessary files, so we need to work out which ones..... back later.
My System SpecsSystem Spec
09 Oct 2012   #26
Keirnoth

Windows 7 Professional 32-bit
 
 

Are you saying that the permissions in the entire Windows folder could possibly have been hosed?

If so, damn, I wonder what this user did to cause that. The thing is, I've done a malware scan with all the usual tools and NOTHING is coming up that could suggest it was malware.

It just sounds like something went horribly wrong and took the entire system down with it.

At this point it almost sounds like it would be better off to just do a repair install, but I'm not giving up yet.
My System SpecsSystem Spec
09 Oct 2012   #27
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

It certainly looks a possibility - a repair install may be the easiest solution.

Let's see if the RtBackup folder contents have the right permissions - and a few other things as well

In an Elevated Command Prompt window, run the following commands...

DIR C:\Windows\System32 /AR /S
ICACLS C:\Windows\System32\Logfiles\WMI\RtBackup /grant AdministratorsR)
ICACLS C:\Windows\System32\Logfiles\WMI\RtBackup /T
ICACLS C:\Windows\System32\Logfiles\WMI\RtBackup /remove Administrators
ICACLS C:\Windows\System32\Logfiles
ICACLS C:\Windows\System32
ICACLS C:\Windows\Logs
ICACLS C:\Windows\ServiceProfiles\NetworkService
ICACLS C:\Windows\ServiceProfiles\LocalService

post the results - in a Code box, please!
My System SpecsSystem Spec
09 Oct 2012   #28
Keirnoth

Windows 7 Professional 32-bit
 
 

Here you go. Word wrapping was a bit messed up so I did my best to clean it up.

Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>DIR C:\Windows\System32 /AR /S
 Volume in drive C has no label.
 Volume Serial Number is 6EFF-DD7B

 Directory of C:\Windows\System32\config\systemprofile

10/06/2010  03:04 PM    <DIR>          Contacts
               0 File(s)              0 bytes

 Directory of C:\Windows\System32\config\systemprofile\Contacts

10/06/2010  03:04 PM    <DIR>          .
10/06/2010  03:04 PM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\Windows\System32\restore

10/06/2010  03:05 PM                76 MachineGuid.txt
               1 File(s)             76 bytes

     Total Files Listed:
               1 File(s)             76 bytes
               3 Dir(s)  105,073,401,856 bytes free

C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI\RtBackup /grant Administrators:(R)
processed file: C:\Windows\System32\Logfiles\WMI\RtBackup
Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI\RtBackup /T
C:\Windows\System32\Logfiles\WMI\RtBackup NT AUTHORITY\SYSTEM:(F)
                                          BUILTIN\Administrators:(F)
                                          NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                                          BUILTIN\Performance Log Users:(I)(OI)(CI)(F)
                                          BUILTIN\Administrators:(I)(OI)(CI)(F)
                                          NT AUTHORITY\NETWORK SERVICE:(I)(OI)(CI)(F)
                                          NT AUTHORITY\LOCAL SERVICE:(I)(OI)(CI)(F)
                                          NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)

C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTDiagLog.etl NT AUTHORITY\SYSTEM:(F)
                                                           BUILTIN\Administrators:(F)
                                                           NT AUTHORITY\SYSTEM:(I)(F)
                                                           BUILTIN\Performance Log Users:(I)(F)
                                                           BUILTIN\Administrators:(I)(F)
                                                           NT AUTHORITY\NETWORK SERVICE:(I)(F)
                                                           NT AUTHORITY\LOCAL SERVICE:(I)(F)

C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTEventLog-Application.etl NT AUTHORITY\SYSTEM:(F)
                                                                        BUILTIN\Administrators:(F)
                                                                        NT AUTHORITY\SYSTEM:(I)(F)
                                                                        BUILTIN\Performance Log Users:(I)(F)
                                                                        BUILTIN\Administrators:(I)(F)
                                                                        NT AUTHORITY\NETWORK SERVICE:(I)(F)
                                                                        NT AUTHORITY\LOCAL SERVICE:(I)(F)

C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTEventlog-Security.etl NT AUTHORITY\SYSTEM:(F)
                                                                     BUILTIN\Administrators:(F)
                                                                     NT AUTHORITY\SYSTEM:(I)(F)
                                                                     BUILTIN\Performance Log Users:(I)(F)
                                                                     BUILTIN\Administrators:(I)(F)
                                                                     NT AUTHORITY\NETWORK SERVICE:(I)(F)
                                                                     NT AUTHORITY\LOCAL SERVICE:(I)(F)

C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTEventLog-System.etl NT AUTHORITY\SYSTEM:(F)
                                                                   BUILTIN\Administrators:(F)
                                                                   NT AUTHORITY\SYSTEM:(I)(F)
                                                                   BUILTIN\Performance Log Users:(I)(F)
                                                                   BUILTIN\Administrators:(I)(F)
                                                                   NT AUTHORITY\NETWORK SERVICE:(I)(F)
                                                                   NT AUTHORITY\LOCAL SERVICE:(I)(F)


C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTUBPM.etl NT AUTHORITY\SYSTEM:(I)(F)
                                                        BUILTIN\Performance Log Users:(I)(F)
                                                        BUILTIN\Administrators:(I)(F)
                                                        NT AUTHORITY\NETWORK SERVICE:(I)(F)
                                                        NT AUTHORITY\LOCAL SERVICE:(I)(F)

Successfully processed 6 files; Failed processing 0 files

C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI\RtBackup /remove Administrators
processed file: C:\Windows\System32\Logfiles\WMI\RtBackup
Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles
C:\Windows\System32\Logfiles NT AUTHORITY\SYSTEM:(F)
                             BUILTIN\Administrators:(F)

Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>ICACLS C:\Windows\System32
C:\Windows\System32 NT SERVICE\TrustedInstaller:(F)
                    NT SERVICE\TrustedInstaller:(CI)(IO)(F)
                    NT AUTHORITY\SYSTEM:(M)
                    NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
                    BUILTIN\Administrators:(M)
                    BUILTIN\Administrators:(OI)(CI)(IO)(F)
                    BUILTIN\Users:(RX)
                    BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
                    CREATOR OWNER:(OI)(CI)(IO)(F)

Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>ICACLS C:\Windows\Logs
C:\Windows\Logs NT AUTHORITY\SYSTEM:(F)
                BUILTIN\Administrators:(F)

Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles\NetworkService
C:\Windows\ServiceProfiles\NetworkService NT AUTHORITY\SYSTEM:(F)
                                          BUILTIN\Administrators:(F)
                                          NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(F)
                                          NT SERVICE\TrustedInstaller:(I)(F)
                                          NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
                                          NT AUTHORITY\SYSTEM:(I)(F)
                                          NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
                                          BUILTIN\Administrators:(I)(F)
                                          BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
                                          BUILTIN\Users:(I)(RX)
                                          BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
                                          CREATOR OWNER:(I)(OI)(CI)(IO)(F)

Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles\LocalService
C:\Windows\ServiceProfiles\LocalService NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                                        BUILTIN\Administrators:(OI)(CI)(F)
                                        NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(F)

Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>
My System SpecsSystem Spec
10 Oct 2012   #29
Keirnoth

Windows 7 Professional 32-bit
 
 

Please let me know what needs to be done next. I see the seven forums are keeping you busy.
My System SpecsSystem Spec
10 Oct 2012   #30
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

Not just the SF ones - I cover the MS forums as well.

The WBEM structure can also cause major problems - let's have a look there....

DIR C:\Windows\System32\wbem /AR

ICACLS C:\Windows\System32\wbem
ICACLS C:\Windows\System32\wbem\MOF
ICACLS C:\Windows\System32\wbem\xml
ICACLS C:\Windows\System32\wbem\Logs
ICACLS C:\Windows\System32\wbem\Performance
ICACLS C:\Windows\System32\wbem\Repository
ICACLS C:\Windows\System32\wbem\tmf
ICACLS C:\Windows\System32\wbem\en-US


Please post the results in a Code box in your reply (the #symbol in the menu)
My System SpecsSystem Spec
Reply

 Fixing a computer with hosed permissions & activation problems?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
sfc /scannow not fixing bad file problems
I have run sfc /scannow multiple times. I have downloaded and run the System Update Readiness Tool and then rerun sfc. My log file continues to show many unfixed errors. The most recent log is attached. Help would be greatly appreciated!
Performance & Maintenance
Finally found a permissions fixing tool that actually works.
Permissions Time Machine. AMYD Projects: Permissions Time Machine v1.4 Install, tell your antivirus it is NOT malware and move the executable out of the virus chest (I'm beginning to dislike Avast) then Run as an administrator. Choose the drive you're having file access issues with then click the...
Performance & Maintenance
Windows update will not run after appare ntly fixing Activation proble
Hi This issue started off when I suddenly got an error sayonjg that I was not using a genuine copy of windows. I fiddled around with various fixes and that error appears to have gone away. However, my windows Update is not working. Initially I was getting an error saying it could not update...
Windows Updates & Activation
my computer seems to die out at random i need help fixing it
sorry about the title, recently i built a computer(yay me) but shortly after i began using it the screen would go black and stop responding to anything, i couldnt even power it down from the on/off button, i had to shut it down from the switch on the battery and sometimes thatll fail before working...
BSOD Help and Support
6 Reasons The Guy Who's Fixing Your Computer Hates You
Some NSFW language, but I had to laugh :) Source A Guy
Chillout Room
Fixing activation on my friend's computer
Long story short, I had to fix my friend's computer that was blue-screening after login, usually even in Safe Mode. She got it a while back and it's an HP that came pre-installed with Windows 7 Home Premium. Since she needed it to be working ASAP, my only solution after testing all the hardware I...
Windows Updates & Activation


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:32.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App