New
#31
Grrrrr!
Not enough caffeine!
ICACLS C:\Windows\ServiceProfiles\Networkservice /inheritance:d /q
ICACLS C:\Windows\ServiceProfiles\Networkservice
Sorry about that!
Grrrrr!
Not enough caffeine!
ICACLS C:\Windows\ServiceProfiles\Networkservice /inheritance:d /q
ICACLS C:\Windows\ServiceProfiles\Networkservice
Sorry about that!
No prob Noel :)
Code:C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles\Networkservice /inheritance:d /q Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles\Networkservice C:\Windows\ServiceProfiles\Networkservice NT AUTHORITY\SYSTEM:(F) BUILTIN\Administrators:(F) BUILTIN\Administrators:(OI)(CI)(F) NT SERVICE\TrustedInstaller:(F) NT SERVICE\TrustedInstaller:(CI)(IO)(F) NT AUTHORITY\SYSTEM:(F) NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F) BUILTIN\Administrators:(F) BUILTIN\Administrators:(OI)(CI)(IO)(F) BUILTIN\Users:(RX) BUILTIN\Users:(OI)(CI)(IO)(GR,GE) LCLS-PC\Brad:(F) CREATOR OWNER:(OI)(CI)(IO)(F) Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>
Good - that's a little less cluttered now :)
Now, let's try it again...
ICACLS C:\Windows\ServiceProfiles\Networkservice /remove "NT SERVICE\TrustedInstaller" /T
ICACLS C:\Windows\ServiceProfiles\Networkservice /remove "NT AUTHORITY\SYSTEM" /T
ICACLS C:\Windows\ServiceProfiles\Networkservice /grant "NT AUTHORITY\SYSTEM"OI)(CI)(F) /T
ICACLS C:\Windows\ServiceProfiles\Networkservice /remove Users /T
ICACLS C:\Windows\ServiceProfiles\Networkservice /remove Brad /T
ICACLS C:\Windows\ServiceProfiles\Networkservice /remove "CREATOR OWNER" /T
ICACLS C:\Windows\ServiceProfiles\Networkservice /remove Administrators /T
ICACLS C:\Windows\ServiceProfiles\Networkservice /grant AdministratorsOI)(CI)(F) /T
CLS
ICACLS C:\Windows\ServiceProfiles\Networkservice
ICACLS C:\Windows\ServiceProfiles\Networkservice\AppData
It'll clear the screen before running the report for output - please post the final screen.
Last edited by NoelDP; 13 Apr 2014 at 16:11. Reason: correct a typo and get rid of the smileys!
Code:ICACLS C:\Windows\ServiceProfiles\Networkservice /remove "NT SERVICE\TrustedInstaller" /T ........... Successfully processed 1829 files; Failed processing 0 files ICACLS C:\Windows\ServiceProfiles\Networkservice /remove "NT AUTHORITY\SYSTEM" /T ........... Successfully processed 1829 files; Failed processing 0 files ICACLS C:\Windows\ServiceProfiles\Networkservice /grant "NT AUTHORITY\SYSTEM":(OI)(CI)(F) /T ........... Successfully processed 1829 files; Failed processing 0 files ICACLS C:\Windows\ServiceProfiles\Networkservice /remove Users /T ........... Successfully processed 1829 files; Failed processing 0 files ICACLS C:\Windows\ServiceProfiles\Networkservice /remove Brad /T ........... Successfully processed 1829 files; Failed processing 0 files ICACLS C:\Windows\ServiceProfiles\Networkservice /remove "CREATOR OWNER" /T ........... Successfully processed 1829 files; Failed processing 0 files ICACLS C:\Windows\ServiceProfiles\Networkservice /remove Administrators /T processed file: C:\Windows\ServiceProfiles\Networkservice C:\Windows\ServiceProfiles\Networkservice\*: Access is denied. Successfully processed 1 files; Failed processing 1 files ICACLS C:\Windows\ServiceProfiles\Networkservice /grant Administrators:(OI)(CI)(F) /T ........... Successfully processed 1829 files; Failed processing 0 files ICACLS C:\Windows\ServiceProfiles\Networkservice C:\Windows\ServiceProfiles\Networkservice BUILTIN\Administrators:(OI)(CI)(F) NT AUTHORITY\SYSTEM:(OI)(CI)(F) Successfully processed 1 files; Failed processing 0 files ICACLS C:\Windows\ServiceProfiles\Networkservice\AppData C:\Windows\ServiceProfiles\Networkservice\AppData BUILTIN\Administrators:(F) BUILTIN\Administrators:(OI)(CI)(F) NT AUTHORITY\SYSTEM:(OI)(CI)(F) BUILTIN\Administrators:(I)(OI)(CI)(F) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) Successfully processed 1 files; Failed processing 0 files
That looks a lot tidier - but somehow the Networkservice has lost its permissions again
Please run the following commands in an Elevated Command Prompt..
ICACLS C:\Windows\ServiceProfiles\Networkservice /grant "NT AUTHORITY\Network Service"OI)(CI)(F)
ICACLS C:\Windows\ServiceProfiles\Networkservice
post the results, and reboot - then run another MGADiag report
Code:ICACLS C:\Windows\ServiceProfiles\Networkservice /grant "NT AUTHORITY\Network Service":(OI)(CI)(F) ICACLS C:\Windows\ServiceProfiles\Networkservice C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles\Networkservice /grant "NT AUTHORITY\Network Service":(OI )(CI)(F) processed file: C:\Windows\ServiceProfiles\Networkservice Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles\Networkservice C:\Windows\ServiceProfiles\Networkservice NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(F) BUILTIN\Administrators:(OI)(CI)(F) NT AUTHORITY\SYSTEM:(OI)(CI)(F) Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>
Rebooted:
Code:Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 50 Cached Online Validation Code: N/A, hr = 0xc004f012 Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7 Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34= Windows Product ID: 00359-OEM-8992687-00006 Windows Product ID Type: 2 Windows License Type: OEM SLP Windows OS version: 6.1.7601.2.00010300.1.0.003 ID: {E5FB64D2-6F10-45AB-8C58-173A0A925D38}(3) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: N/A, hr = 0x80070002 Signed By: N/A, hr = 0x80070002 Product Name: Windows 7 Home Premium Architecture: 0x00000009 Build lab: 7601.win7sp1_gdr.130828-1532 TTS Error: Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 109 N/A OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Users\LCLS\AppData\Local\Google\Chrome\Application\chrome.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data--> Office Details: <GenuineResults><MachineData><UGUID>{E5FB64D2-6F10-45AB-8C58-173A0A925D38}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-987475376-978822867-1750259723</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Aspire X3960</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P01-A0 </Version><SMBIOSVersion major="2" minor="6"/><Date>20101120000000.000000+000</Date></BIOS><HWID>F9F93607018400FE</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> Spsys.log Content: 0x80070002 Licensing Data--> Software licensing service version: 6.1.7601.17514 Error: product key not found. Windows Activation Technologies--> HrOffline: 0x00000000 HrOnline: N/A HealthStatus: 0x0000000000000000 Event Time Stamp: N/A ActiveX: Registered, Version: 7.1.7600.16395 Admin Service: Registered, Version: 7.1.7600.16395 HealthStatus Bitmask Output: HWID Data--> HWID Hash Current: KgAAAAEAAQABAAEAAAABAAAAAQABAAEA6GHWfThNnBd4duwOCE50zy5z OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes Windows marker version: 0x20001 OEMID and OEMTableID Consistent: yes BIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC ACRSYS ACRPRDCT FACP ACRSYS ACRPRDCT HPET ACRSYS ACRPRDCT MCFG ACRSYS ACRPRDCT SSDT AMICPU PROC SLIC ACRSYS ACRPRDCT
Whilst we wait for Noel, it might be worth trying to validate Windows again?Code:Licensing Data--> Software licensing service version: 6.1.7601.17514 Error: product key not found.
Perhaps - but I prefer to use this method to see if re-activation will take place naturally...
Please first try recreating Licensing Store.
Recreate the Licensing Store
Go to Start > All Programs > Accessories
Right-Click on Command Prompt and select Run as Administrator - accept the UAC prompt
Run the following commands in the Command Prompt window, using the Enter key at the end of each
net stop sppsvc
(wait until the service has stopped before entering the following lines)
CD %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
IF EXIST tokens.bar DEL tokens.bar
REN tokens.dat tokens.bar
net start sppsvc
slui.exe
After a couple of seconds the Windows Activation dialog will appear.
You may be asked to re-activate and/or re-enter your product key, or Activation may occur automatically.
If you are asked for your Key, use the one on the COA sticker on the machine's case
Reboot and Post back with a new MGADiag report.
(Note: the Line 'CD %win......\SoftwareProtectionPlatform' is all on one line - it may be broken in the Forum listing)
Code:C:\Windows\system32>net stop sppsvc The Software Protection service is stopping. The Software Protection service was stopped successfully. C:\Windows\system32>cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPla tform C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform>IF EXIST tokens .bar DEL tokens.bar C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform>REN tokens.dat tokens.bar The process cannot access the file because it is being used by another process. C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform>