Jump to content

TanMan

Member
 View Profile  See their activity

  • Posts

    19

  • Joined

  • Last visited

  • Donations

    0.00 USD 

  • Country

    United States

About TanMan

TanMan's Achievements

0

Reputation

  1. TanMan
    @NoelC, Thanks very much for helping. Based on your assertion, I decided to turn UAC back on, just to prove you wrong. I also changed LocalAccountTokenFilterPolicy back to a DWORD, like I tried originally. But after rebooting, lo and behold, I was still able to see, and connect to, the administrative shares. So all I have in place now is the registry hack for LocalAccountTokenFilterPolicy, and it's working! I have NO IDEA why it didn't work initially. As I said, I've been doing this same thing since Vista! But as it's working as it should now, I'm just chalking it up to the system admin ghosts playing with me again. Again, thank you for your assistance. I wouldn't have tried this again if not for your insistence that it should work.
  2. TanMan
    @NoelC, thanks for the response. Yes, I do have Homegroup disabled. And I could see the network shares after I added the LocalAccountTokenFilterPolicy key, like I've been doing since Vista. However, when I tried to connect to an administrative share, I was denied access and depending on how I connected, i was sometimes prompted for a different user ID and password, none of which worked. It only started working after I changed the UAC security policy. FYI, the way I'm set up is my user is the only administrator on all the machines. Everyone else is a user. They access shares that I set up for accessing their network resources, but I use the admin shares to gain full access to all the drives when I need it. On this machine I'm using Windows 8.1 Pro, and there's no server in the network, so my user is a local administrator on all the machines. It looks like perhaps you have a domain set up, and that perhaps you're using a network administrator account. Do you?
  3. TanMan
    I do understand that. And I understand how Windows passes authentication tokens, and how using the same user ID and password to connect to multiple workgroup computers is just a hack. But it's a hack that's worked since the LAN Manager days. I understand that Microsoft disabled administrative shares by default, but there's no reason that there should be NO WAY for me to re-enable administrative shares without side effects. Re regular, non-administrative shares, as I said, I have no problems making shares and accessing them. This is how the rest of the family accesses content. But I personally use the administrative shares because (1) I don't have to create another share every time I add a disk, and (2) it's just easier because it's automatic. I can't believe M$ is going to force me to install a server and a domain just in order to get administrative shares with no side effects.
  4. TanMan
    OK. I'm stumped. Doesn't happen often, but here I am. I have a bunch of computers in the house for me and the family, and I'm the administrator on most of them. I have 4 desktops that I use to share stuff for everyone to use, and no servers, so everything is Workgroup access. I have several RAID arrays hung off some of the machines to access to shared stuff. I have the same user ID and password on all the machines. I just updated one of the desktops to Windows 8.1 by adding a new SSD and installing Windows 8.1 onto it. After setting the Networking and Sharing settings to allow sharing (like I did with Windows 7), I was still unable to access the administrative shares, although I can access things that I share manually. I found that adding the registry QWORD LocalAccountTokenFilterPolicy under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System enabled me to see the administrative shares (the DWORD value didn't help under x64 Windows 8.1), but I was now prompted for a valid user ID and password. But since my user ID and password are the same on both machines, this should work. So something else was going on. According to this: https://4sysops.com/archives/access-denied-to-administrative-admin-shares-in-windows-8/ setting the local security poicy for "User Account Control: Run all administrators in Admin Approval Mode" to disabled should fix this. It did. But now the Windows Store won't open saying that UAC is disabled. How do I reenable the administrative shares on Windows 8.1 and allow access using my common administrative user without disabling the Windows Store? Anyone have any idea?
  5. TanMan
    After the reboot, I had an error in Event Viewer about an nVidia display driver unable to load because a file couldn't be found. Unable to find any nVidia services or devices, I checked Programs and Features and found two nVidia programs installed (a display driver and something called "PyhsX"). I uninstalled both and rebooted. It started up cleanly now. Hopefully this has now resolved the problem. Thanks again for everyone's help, especially cluberti. TanMan
  6. TanMan
    Hmmm. Curiouser and curiouser.... The network adapter is RealTek, not nVidia, and the drivers are rtlh64.sys and and rtnicprop64.dll. I was not aware that nVidia made network adapters, so I assumed you just meant the video driver. My bad. So I checked Process Explorer to see if nvlddmkm.sys was loaded, and it was not. I then checked Device Manager to see if I had any nVidia devices at all, and I do not. So I checked my registry, and nvlddmkm.sys is indeed in there (in a couple of places). Based on the keys where I found it, it appears it was indeed used for a video driver. Then I remembered that the machine had originally come with an nVidia video card which I had replaced with a better ATI card. So it appears nvlddmkm.sys is probably left over from the previous video card. It should never be loaded, however, since that card is no longer in the machine. I found the offending file in C:\Windows\System32\Devices, so I renamed it. I'll reboot later tonight or tomorrow (the system is busy converting a video library) and see what, if anything, complains. I'll update this thread with those results. I'm wondering why this driver got loaded at all. Since there was no nVidia device installed, it's no wonder it blue screened. By the way, sorry if I'm obtuse about some things, I'm not nearly the Windows Internals expert that you guys are.
  7. TanMan
    OK. I think I understand the issue. The video driver (it's a Diamond video card with an ATI chipset, not nVidia) is causing memory corruption which in turn is corrupting the virtual memory paging table, which resulted in the Stop C7. Note that Diamond's latest video driver is from December 2008, while ATI's current video driver is only a few days old. Unfortunately, the ATI driver does not install on my video card, so I have to use Diamond's. I'll try to get some support from them, but since they don't appear to stay current with ATI, I doubt I'll get any satisfaction from them. Re the QFE kernel, do you think the updated page protection will stop the blue screen? I mean, if memory is getting corrupted by a privileged process, how can the kernel protect itself and stop the blue screen? I'll do this if you think it's worth a try. Let me know. One more question. Since you think the problem is being caused by the video driver, do you think turning on the drive verifier will add any value?
  8. TanMan
    Ah. My bad. The only machines I have with 4GB also have Vista Home x64, so you can understand why I thought it was the O/S. I finally found the kb article that references that registry key, so I can create a full memory dump if that's needed. Were you able to find anything in my kernel dump, or shall I attempt a full memory dump?
  9. TanMan
    Kernel dump uploaded. Thank you. BTW, with Vista Home Premium x64, I only have two options for dumps, Small Memory Dump, and Kernel Memory Dump. There's no option for a Full Memory Dump. Sometimes M/S's decisions about what to leave out in the Home versions boggles the mind...
  10. TanMan
    Hey cluberti! Of course I want the real answer! 2 questions. Will you accept a RAR (it's 75% of the ZIP), and can I FTP it to the same location as last time?
  11. TanMan
    I had upgraded those drivers because of a different blue screen I was getting, so downgrading isn't really an option. Is there any way to tell for sure whether it's the video driver?
  12. TanMan
    Well, I'm back again with another blue screen. You guys were so helpful last time, I thought I'd try again. This machine is a Vista Home Premium x64 machine. I'm getting a blue screen every couple of days. I updated the video driver and ethernet driver a few weeks ago, so I suspect it's one of these. But I'd really like to narrow this down. I had the blue screen create a Kernel dump (which is the largest dump I can select). !analyze -v shows: Microsoft ® Windows Debugger Version 6.11.0001.404 X86 Copyright © Microsoft Corporation. All rights reserved. Loading Dump File [\\kids02\c$\windows\MEMORY.DMP] Kernel Summary Dump File: Only kernel address space is available Symbol search path is: srv*DownstreamStore*http://msdl.microsoft.com/download/symbols Executable search path is: Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 6001.18145.amd64fre.vistasp1_gdr.080917-1612 Machine Name: Kernel base = 0xfffff800`01e06000 PsLoadedModuleList = 0xfffff800`01fcbdb0 Debug session time: Mon Apr 13 22:16:55.864 2009 (GMT-4) System Uptime: 1 days 7:50:19.892 Loading Kernel Symbols ............................................................... ................................................................ ............ Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck C7, {fffffa8004df5850, 50, 4, 0} Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4352 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* TIMER_OR_DPC_INVALID (c7) Kernel timer or DPC used incorrectly. Arguments: Arg1: fffffa8004df5850, Type of incorrect usage. Arg2: 0000000000000050 Arg3: 0000000000000004 Arg4: 0000000000000000 Debugging Details: ------------------ OVERLAPPED_MODULE: Address regions for 'mrxsmb20' and 'nvlddmkm.sys' overlap DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xC7 PROCESS_NAME: System CURRENT_IRQL: f LAST_CONTROL_TRANSFER: from fffff80001eaafa5 to fffff80001e5b350 STACK_TEXT: fffff800`02e989f8 fffff800`01eaafa5 : 00000000`000000c7 fffffa80`04df5850 00000000`00000050 00000000`00000004 : nt!KeBugCheckEx fffff800`02e98a00 fffff800`01e637fc : 00000000`00000010 00000000`153cf4fd fffffa80`04df5be0 00000000`0000000c : nt! ?? ::FNODOBFM::`string'+0x4352 fffff800`02e98a70 fffff800`01e64238 : fffff800`02e98cd0 fffffa80`0634d602 fffff800`02e98cc8 fffffa60`00000010 : nt!KiTimerListExpire+0x27c fffff800`02e98ca0 fffff800`01e64a9f : 000139ca`b8866b54 00000000`00000000 fffff800`00000010 fffff800`01f7da80 : nt!KiTimerExpiration+0x1d8 fffff800`02e98d10 fffff800`01e65b62 : fffff800`01f7a680 fffff800`01f7a680 00000000`00000000 fffff800`01f7fb80 : nt!KiRetireDpcList+0x1df fffff800`02e98d80 fffff800`020335c0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x62 fffff800`02e98db0 00000000`fffff800 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!zzz_AsmCodeRange_End+0x4 fffff800`02e920b0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00680000`00000000 : 0xfffff800 STACK_COMMAND: kb FOLLOWUP_IP: nt! ?? ::FNODOBFM::`string'+4352 fffff800`01eaafa5 cc int 3 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+4352 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 48d1ba35 FAILURE_BUCKET_ID: X64_0xC7_nt!_??_::FNODOBFM::_string_+4352 BUCKET_ID: X64_0xC7_nt!_??_::FNODOBFM::_string_+4352 Followup: MachineOwner --------- However, I'm at a loss of how to proceed from here. Any advice would be greatly appreciated. Thanks, TanMan
  13. TanMan
    Well, a blog entry describing the problem is not exactly documenting the problem. Acknowledging the problem, yes, documenting it, no. Since the blog entry was made on Jan 7, I would have thought Microsoft would have fixed this by now. Especially since 921337 identifies the manifest problem as being caused by Visual Studio 2005, and that ticket was opened in 2006. Thanks for finding the blog entry, though. My searches had not uncovered this post.
  14. TanMan
    Interesting that someone else had the same problem, and I'm glad my solution worked for him, too. Perhaps there's a bigger problem going on. The machine has SQL Server 2005 Express installed. After I got the machine running again, I tried running Windows Update again, and along with a bunch of other updates, it again offered an SP3 update for SQL Server 2005 (this is after I manually installed SQL Server 2005 Express SP3 and fixed the machine). Curious, I attempted to install the update, and the machine crashed with the same STOP in CSRSS. So maybe she didn't turn off the computer mid-update, maybe it's the update itself that's causing the problem. I turned off Windows Update. Note that I rebuilt the machine for her last year with XP SP2 (she had too many problems with the Vista that came pre-installed), and I had delivered it with Windows Update turned off. Somehow, Windows Update got turned on recently, and that appears to be when this problem happened. The machine still has XP SP2, not SP3. It may have some post-SP2 updates (I don't know what else Windows Update installed before the problem), but I know there are still a bunch of other updates Windows Update wanted to install. I noticed there were about 25 folders with GUID names on the external drive, and each folder appeared to have the same contents (they all had the same files named with SQL, like SQLCODE.EXE). So when the machine was set to reboot after a STOP, it appears Windows Update redownloaded the same SQL Server 2005 SP3 update and tried to install it after every reboot. That's why it took several minutes to crash. I tried to delete all the GUID folders, but the delete failed because something was in use. So I gave up, made sure the system was still stable, and just returned the machine. So I think the crash is happening from Windows Update trying to install the SQL Server 2005 SP3 update, not from SQL Server just running. I think Windows Update is downloading a bad update, am not that it was just a bad download - I think perhaps it's downloading SQL Server 2005 SP3 for the full version, not the Express version. Or perhaps the version of SQL Server 2005 Express SP3 on Windows Update is corrupted. Either way, I think the downloaded version of the update appears to be what's causing the problem. HTH, TanMan
  15. TanMan
    That upload is finished should you care to show me more of your magic.
×
×
  • Create New...