w2k4eva

Hard to say without knowing a few more details... like how often you rebooted that machine back then? Are you saying you do not have any more of those eventlog entries after those ones on 4/8? Which is odd since Patch Tuesday for April wasn't until 4/14.... or did you not reboot between 4/8 and the next time you applied updates? And which ones did you apply and when? I know that the February and March patches didn't fix it since I did apply those on 3/22 and continued to have the eventlog entries until 5/26. Based on release dates, they might be KB3050995 (rvkroots.exe released 25 Mar) or KB3049874 (timezones released 27 Mar), but these normally wouldn't be expected to change profile permissions, and the other stuff released before 4/14 was not for XP. While I did eventually apply these updates on 5/30, it wasn't until after I had already done my "cacls" fix on 5/26 so I can't say whether they would have fixed the issue.

Actually the .000 profiles etc are not separate from the topic, they are a direct result of applying POSReady update KB3021674. That said, if dencorso wants to split them off, perhaps leave one post as a placeholder with an explanation of the problem and a link to where they split off to? If he has bad sectors then there are larger problems that won't be solved by just merging profiles!

Well, you had the answer in post #423 : Were you ever able to verify if this worked? What he said. Not that I was able to find, nor any reference to one either. But since I saw 3 of the 4 listed eventIDs on my system it does seem relevant. It looks like you have the same issue with LocalService and NetworkService as KB947215 illustrates for a "user" account (regkeys w/ ".bak", and RefCount nonzero) that we suspected based on the eventlog entries. But let's not edit the registry just yet... Your screenshots covered it for the profile folders. (I'm guessing the ones for TEMP.NT AUTHORITY will resemble the ones for NetworkService, since the TEMP.NT AUTHORITY.000 seems to mirror LocalService as suggested by the regfile snip. This leaves the TEMP one that I'm not sure how it pairs up). It looks like the permissions on the top level folder for these 3 profiles is okay. There may still be a problem with permissions on one of the child folders/files. In my case I took the sledgehammer approach and reset permissions for these plus all children; if you want to you could try to narrow it down to more specific folders/files. But even that is not the place to start - the beginning really needs to be, first get the backup solution to where you know you can restore things if needed. Second, I'm assuming that you have the same situation on both your "main" machine and your older "test" machine, not sure which one the registry and screenshots came from, but I assume they both match? And of course, any tinkering would start on the "test" machine... After those two are settled, then for each profile you might look at the properties of file NTUSER.DAT in that top level folder - on the General tab, be sure the read-only flag is cleared, and look at the permissions on the security tab. The next likely suspect would be the file UsrClass.Dat in each profile's LocalSettings\ApplicationData\Microsoft\Windows folder, and/or each folder between here and the main profile folder. After that there is the corresponding log fie for each of these registry hives. As you can imagine, there's quite a few potential targets, which is why I took the sledgehammer method for my case. The good news is that unlike most users, the LocalService and NetworkService don't need a lot of "personalization" so substituting the new profile from the default works okay as long as that default profile doesn't get corrupted. This is why there don't seem to be symptoms other than the event log entries.

Maybe the better question is whether you even want to install .NET at all! When I clean up an older machine this is one of the items I try to get rid of if it is not absolutely required - and the fact that "it is there now" does not count in my book as a reason to consider it "essential". You don't mention which version of XP you are installing this time vs last time or if you are attempting a version conversion. While Tablet Edition would require .NET 1.0, and I think Media Center edition does too (not sure if that can have .NET 1.1 substituted - TabletEdition cannot), it is not needed for either Home or Pro. While some video cards - usually ATI based - do use .NET 2.0 as part of their driver install, the Inspiron 1300 uses integrated intel graphics, so this shouldn't apply to your case. Some games use it, but that machine was never meant for gaming even when new, so again not likely... The only other "common" reason to want .NET that I can think of, would be if you have installed Google Sketchup - older versions needed .NET 2.0. Newer ones want .NET 4.0 but you wouldn't have been able to install the newer ones if you only have 3.5 so I'm guessing this isn't your case either. Is there some other app you want to use that requires .NET? If your normal habit is to do the windows install, the first reboot, then install video drivers, and another reboot, you would have the video being re-organized at the same time as the .NET optimization in the link given by j7n is trying to run. That combination would be more than enough to bog down a 1300 for as much as an hour or more. For this the solution would be plenty of time and several reboots to be sure the process is finished. If you haven't got some reason to keep it, maybe you should just uninstall it (there is a .NET cleanup tool at http://blogs.msdn.com/b/astebner/archive/2008/08/28/8904493.aspx) and redo the nlite disc to delete it from your install. It is not needed at all for any version of DirectX, I am running 9.0c on the machine I am posting from and do not have any .NET versions here. About the nLited disc, are you integrating (vs slipstreaming as HFSLIP would do, some things are done differently from nLite) the video driver differently this time around - or even at all? I'm not sure if a later driver from Intel rather than Dell might have a different version of OpenGL? Also do you have the right version of the Intel chipset driver INFs - again, is this nLited in before the install, vs integrated at T13 vs manually installed later, which might mean a few more reboots needed to get things settled in?

Well, it's not quite as convenient as having the fields prepopulated, but would typing stuff in at https://www.microsoft.com/technet/support/ee/transform.aspx be checking the same database? I've never actually seen anything other than 404 from the links in the property sheet so I'm not sure where it used to have gone.

Well, at least it explains why you don't have this issue! Has anyone else used this update on a NTFS-formatted drive, regardless of whether you use Avast? If so, do you have this issue or not? Are glnz and myself the only NTFS users? Yes. Hmm, your "before" looks like my "after" so it's not clear if we have exactly the same situation. before-perms.txt after-perms.txt which makes me think I said something confusing... I'm not sure if you did only the items in the middle of the post, or if you started with the command line stuff at the bottom then went back to the middle? I think I need to edit that post for clarity, just so some future reader won't end up jumping in prematurely! Meanwhile here are some background information links you might find helpful. Access Control: Understanding Windows File And Registry Permissions https://msdn.microsoft.com/en-us/magazine/cc982153.aspx Cacls https://technet.microsoft.com/en-us/library/bb490872.aspx Undocumented CACLS: Group Permissions Capabilities https://support.microsoft.com/en-us/kb/162786 Well-known security identifiers in Windows operating systems https://support.microsoft.com/en-us/kb/243330 Changes to the behavior of the default discretionary access control list (DACL) for administrator on a Windows XP-based system https://support.microsoft.com/en-us/kb/318825 this one is interesting if a little unclear - we seem to have gotten the NT4/W2K policies rather than the XP policy here, not sure if this changed with SP3 which came out after this KB was published - or maybe it's the W2K3 policy coming in w/SP3? How to set, view, change, or remove special permissions for files and folders in Windows XP https://support2.microsoft.com/kb/308419 You receive a "The User Profile Service failed the logon” error message https://support.microsoft.com/en-us/kb/947215 the event log information part is interesting. If you did NOT do the last 2 cacls commands from my post but already have those permissions, method 1 in kb947215 above may be relevant. If you DID do those, see if a reboot makes those eventlog entries clear up - if you did them but rebooting doesn't help, this might be part of the explanation. You had more temporary profiles than I did, maybe the registry entries described might be why. Not real sure about this; my temporary profiles deleted themselves without further intervention on my part. Have you rebooted more than once since spotting this issue? If so are all of those temporaries still hanging around? Who owns them? Yeah, but it must have been like, 30 years ago.... maybe I should see if my local public library has a copy, that might be fun to watch again sometime!

Edit 29 May 2015 - add green text I think I figured out what's going on, at least for my own system since I've gotten rid of those eventlog entries. And it seems just KB3021674 is the immediate culprit since the KB mentions that one "could leverage the Windows User Profile Service (ProfSvc) to load registry hives that are associated with other user accounts". I think the Local Service and Network Service used to do exactly this to borrow access they should not have had, possibly from SYSTEM, which is why it used to work for me before the update but afterward didn't and actually never should have, given some of my file permission settings. The good news is that the update does not need to be uninstalled to solve it. The first clue is in a thread about this update going wrong for Vista/W7 users, but the basic outline is the same for XP and/or WEPOS 2009 as well even though nobody mentions it... see the third post by Susan Bradley on http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/kb3021674-causes-user-profile-event-1542/f203ebf9-08f5-4b95-84af-fbe8c52f3854?page=3 To dencorso and glnz, could you both check what account is the owner of the folders: C:\Documents and Settings\Default User C:\Documents and Settings\Local Service C:\Documents and Settings\Network Service C:\Documents and Settings\ (your account name) Mine are all owned by the "Administators" group, I'm thinking that glnz may have this too but perhaps dencorso does not? Also could you both open a cmd prompt and type cd c:\Documents and Settings cacls "Default User" > perms.txt cacls LocalService >> perms.txt cacls NetworkService >> perms.txt cacls (your account name) >> perms.txt then paste the contents of perms.txt here? In my case these showed that neither Local Service nor Network Service had any access to their own profiles since they were not the owner. The way I see it, the ideal solution would be to change the owner from Administrators group to Local Service and Network Service but the UI does not give me any way to do that... it can TAKE ownership but not give it away, and having it owned by either me or Administrator would not solve the problem. The other interesting post is on page 4 of that thread, in the Susan Bradley reply near the bottom, with the screen shots. But instead of focussing on "anyUser" as she does, check out NT AUTHORITY\Local Service and NT AUTHORITY\Network Service - giving them Full Control solved it for me. Also I had to do this for the entire folder (I also propagated to all children while I was at it), not just the files ntuser.dat and usrclass.dat - doing just those 2 files replaced the 6 errors with a pair of eventID1500's but didn't completely solve it. And yes, the mystery profiles for Temp and TEMP.NT AUTHORITY went away on their own after a reboot once I fixed all the permisssions, I did not need to manually delete the temporary profiles. If you have XP Pro you could follow the screenshots but for Home you would have to either reboot to safemode (so the normally missing security tab can appear on the property sheet), or (to view the current settings) use the command line to enter cd c:\Documents and Settings cacls LocalService "NT AUTHORITY\LOCAL SERVICE" cacls NetworkService "NT AUTHORITY\NETWORK SERVICE" or to actually do the fix: cd c:\Documents and Settings cacls LocalService /t /e /g "NT AUTHORITY\LOCAL SERVICE":F cacls NetworkService /t /e /g "NT AUTHORITY\NETWORK SERVICE":F then for either way, version of the fix, reboot. This worked for me.

Not specifically about being off the network for a long time, this machine I'm on now had that situation without trouble. But yes, if Windows gets confused about your hardware - like if something mangles the startup settings for the PlugNPlay service, then you reboot - it can happen, even with no actual hardware changes, just because Windows is confused. I had that happen here in March. Not sure about "now", but I know the online activation did work for me on 22 Mar 2015.

bump . . . Surely someone else has seen this problem? Any ideas for how to solve it?

Easy, just use IE (any version or OS from W2K IE6 upward, maybe even W98 IE6? haven't tried that one but have used W2k and it works there) to visit http://catalog.update.microsoft.com/v7/site/Search.aspx It has to be in IE, other browsers won't work. It may ask you to install an activex control if you don't already have it. Once that is done, the site should normally let you search for updates by KB number, OS version, or some other keyword(s), so you can download them for offline use. Or for WEPOS2009 fans, find stuff not available in the regular MS Download site. Unlike using WindowsUpdate in Express mode, you won't get force fed anything here. Or you may get an error message like: To use this website, you browser must have the user data persistence setting enabled. To enable this, follow these steps: In Internet Explorer, click Tools , then click Internet Options. Click the Security tab, then click Custom Level. In the Settings dialog box, under the Miscellaneous section, find Userdata persistence and click Enable. Click OK twice to save and exit. but for some people this does not work, or they already have that setting enabled but still get the message anyway. This is the problem that I started the other thread about.

FWIW, reading your post made me go check my event logs (I hadn't otherwise had any reason to look since nothing seems to have gone wrong here) and I have those same 6 event log entries at each reboot starting from the day I installed those 3 updates. I also have 2 of the extra entries for TEMP and TEMP.NT AUTHORITY (but not the 3rd .000 one) under Documents and Settings, timestamped at last boot. However I do not have the extra "Account Unknown"s. The date of updating my profile matches the date I installed the updates, despite having rebooted several times since then. And the timestamp under Documents and Settings for my profile folder is some six months old, and does not match last boot time nor the date under the User profile display. Not so sure it is anything serious as there are no symptoms here other than the eventlog entries, or at least nothing that changed on that date - I have had the weird permissions thing described in my other thread for as long as I've had this machine, prior to installing those updates. I did also install other updates that day as well. Likewise here. I also have the proper version mrxdav.sys 5.1.2600.6708 from KB3019215. The only version of tlntsess.exe I have is buried under windows\$hf_mig$\kb960859\sp3qfe - in hindsight I probably shouldn't have bothered with KB3020393 since I am running XP Home which does not have the telnet server. I also run Avast Free but am using version 6, with the sandboxing features turned off; this is an older system that does not have the hardware to support virtualization. I do not have CryptoPrevent nor MBAE. I do have FF w/Noscript, SpywareBlaster 4.6, Spybot 1.6.2 and MBAM 1.75.0.1 but do not use TeaTimer so none of these should affect booting, Avast would be the only one in that category. I do not have Cubby (or any other sync app) either so that can be ruled out.. Just for giggles, are you able to use the UpdateCatalog on any/all of the user accounts on your machine? Do you even have more than one "real" user account?

Not as a daily surfer, and it's been an age since I booted it, but yes, I *DO* still have a Win3.1 system (it dualboots an old slackware install too). I think I even have those old install floppies that came with it. As for the services, lots of people tweak those. I think you would have started seeing any potential issues years ago, like at the next reboot after you adjusted them. If they didn't give trouble back then I doubt they are relevant now. In any case there is always the reference stuff compiled at http://www.blackviper.com/service-configurations/black-vipers-windows-xp-x86-32-bit-service-pack-3-service-configurations/ if you can't remember what the default values are or want to look up more details.

I have come across an older system (vpr matrix 180R) that I am in the process of rehabilitating. It is presently running XP Home with SP3 and most official updates installed, plus some unofficial ones derived from PoS2009. (It is not using the registry hack.) It is not part of a network, just a standalone system. Being Home and not Pro, it has never been part of a domain. It also has some user accounts "kenny" created 28 Nov 2002 2:50PM and Administrator created 28 Nov 2002 3:01PM. Checking Windows Update history shows that Service Pack 1 installed 06 Apr 2003 so the system must have originally shipped with plain XP; other files/folders are dated 29 May 2002 12:23AM which I think must have been the original install time. Farther down the list of update history, Service Pack 3 was installed on 8 Mar 2009 8:17PM by the previous owner. I am not the original owner, so after the system came to me I created another user account, "me" on 23 Jun 2014 2:01PM. All three of these are admin type accounts. After applying some updates like the newer WU client I got Windows Update to work without issues. The Update Catalog, however, is not working for user "me"; it gives that notorious error message that userdata persistence needs to be enabled. The message is clearly wrong since that setting already IS enabled. Googling turned up the usual stuff about how to set userdata persistence that was already set. The only other thing I found was KB909444 which had some mention of file and folder permissions. I did find that folder C:\windows\registration did not have Read and Traverse permissions for Everyone so I added that. The permissions along that path are now: However it still gives user "me" that same message (even after several reboots). As an experiment I tried user "kenny" which was the old account, and that one just works! So the issue seems to be something about permissions that is different on the newer account, since both are supposedly admin type accounts. Are there any other folders, files or possibly registry keys that may have wrong permissions besides the ones listed in KB909444?

Not that I actually do all the stuff in these links (I like my own setup better), but if you are into "lite" these might be an interesting read: https://forums.comodo.com/install-setup-configuration-help-cis/comodo-firewalldefense-lite-no-antivirus-no-trusted-vendors-t74633.0.html http://www.wilderssecurity.com/threads/making-avast-the-lowest-overhead-av-available.263940/

For a firewall I like an older version of Comodo, specifically 3.14.130099.587, I put this on all my builds from XP to W7. I prefer this one to any of the version 4 or 5 releases since they actually took away some features that I use and I don't like the other stuff they have added since then. Re the older one for W2k, I think it does not have the Defense+ component which is one of the things that I love about Comodo! Their site does not host any of the older releases though, so you may have to get it from an archive site such as http://www.filehippo.com/download_comodo/6975/ This version is only 43MB rather than 215MB for the latest. When installing I generally uncheck the optional addons and toolbars, also uncheck the AV component. My w2k builds generally get an older version of ZA Pro (5.5) since I have a multipack of licenses for that. For AV I have been using Avast 6 (not that 7 is bad, I just prefer 6), but avoid the behavior shield and sandbox features, also I don't care for the web reputation plugin or google chrome but these are not too hard to turn off. (The trick to installing it is to first adjust your system time/date to December 2011 beforehand, enter a license key, then adjust the date back to the present.) At least with AV there are quite a few to choose from. I wasn't going to use the too-heavy features they have been emphasizing in the newer releases - virtualization is just too much for an older system to support, they don't have the RAM to go there. I picked Avast based on what is NOT in the user license agreement - the others I looked at had too many objectionable items for me. I do not want software that claims the right to arbitrarily grab files off my hard drive and send them home without asking or even informing me, and that item was in all the other EULAs I looked at.