Sp0iLedBrAt Posted April 18, 2011 Posted April 18, 2011 So I had to reinstall Windows a few days ago, but all I could find was one of my older CDs, so I just used that. While trying to reply to a post related to the Group Policy Editor, I tried to open the one on my PC and discovered it showed an errorSo I looked up the CLSID in the registry and got to gpedit.dll in the system32 folder. Tried to register it and I gotSo, am I looking at a situation where I would have to find which files I'd need to add back in order to make it work, or it is something slightly more complicated?Thank you in advance
submix8c Posted April 18, 2011 Posted April 18, 2011 Found elsewhere (not giving link because this had proprietary files) explaining how to add to XP Home. Apparently, what's in XP Pro.• Copy the following files to %WinDir%\System32\ folder : • appmgmts.dll• appmgr.dll• fde.dll• fdeploy.dll• gpedit.msc• gpedit.dll• gptext.dll• Create the following folders (if they do not already exist): • %WinDir%\System32\GroupPolicy• %WinDir%\System32\GroupPolicy\ADM• Copy the following files to %WinDir%\System32\GroupPolicy\ADM\ folder : • system.adm• inetres.adm• conf.adm• Open a command prompt window by opening Start Menu → All Programs → Accessories → Command Prompt. In the command prompt window type the following commands pressing Enter after each line. regsvr32 %Windir%\System32\gpedit.dllregsvr32 %Windir%\System32\fde.dllregsvr32 %Windir%\System32\gptext.dllregsvr32 %Windir%\System32\appmgr.dllregsvr32 %Windir%\System32\fdeploy.dll• That's it. Now you can open Group Policy Editor by opening Start Menu → Run, typing gpedit.msc and pressing Enter.HTH
Sp0iLedBrAt Posted April 19, 2011 Author Posted April 19, 2011 Thank you very much. I will try searching first, as I know I already have gpedit.msc and gpedit.dll present on the system.I will report back.Cheers
Sp0iLedBrAt Posted April 19, 2011 Author Posted April 19, 2011 The GroupPolicy folder (and the ADM sub-folder) did not exist at all. I did as suggested, extracted the three files from a clean XPSP3 and put them in the ADM sub-folder. All the DLLs were already present in system32, with version 5.1.2600.5512, so SP3.gpedit.dll and appmgr.dll still can't be registered and the same error occurs. I'll see what happens after I restart.Cheers
allen2 Posted April 19, 2011 Posted April 19, 2011 Using procmon to monitor the registry access when self registering the .dll might show the thing going wrong.
Sp0iLedBrAt Posted April 20, 2011 Author Posted April 20, 2011 I used procmon.exe and filtered all the entries that contained 'regsvr32'; they are mostly by the process itself and explorer.exe. The log file itself has "only" got 1300 lines, and I'm unleashing it for all you brave men out there Cheers
allen2 Posted April 20, 2011 Posted April 20, 2011 (edited) Strange: there is nothing going to HKEY_CLASSES_ROOT\CLSID\{0FDE5092-AA2A-11D1-A7D4-0000F87571E3} where it should register gpedit.dll and nothing at all to clsid.For appmgr.dll there are 4 CLSID et 2 other entries:HKEY_CLASSES_ROOT\CLSID\{1BC972D6-555C-4FF7-BE2C-C584021A0A6A}HKEY_CLASSES_ROOT\CLSID\{7E45546F-6D52-4D10-B702-9C2E67232E62}HKEY_CLASSES_ROOT\CLSID\{942A8E4F-A261-11D1-A760-00C04FB9603F}HKEY_CLASSES_ROOT\CLSID\{BACF5C8A-A3C7-11D1-A760-00C04FB9603F}HKEY_CLASSES_ROOT\AppManagerHKEY_CLASSES_ROOT\AppManager.1You should check if you have those entries and exports those key from a working XP in the same language and SP and import them. For gpedit.dll, there are 7CLSID:HKEY_CLASSES_ROOT\CLSID\{0FDE5092-AA2A-11D1-A7D4-0000F87571E3}HKEY_CLASSES_ROOT\CLSID\{4F637904-2CAB-4F0E-8688-D3717EBD2975}HKEY_CLASSES_ROOT\CLSID\{63E23168-BFF7-4E87-A246-EF024425E4EC}HKEY_CLASSES_ROOT\CLSID\{6DC3804B-7212-458D-ADB0-9A07E2AE1FA2}HKEY_CLASSES_ROOT\CLSID\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}HKEY_CLASSES_ROOT\CLSID\{D70A2BEA-A63E-11D1-A7D4-0000F87571E3}HKEY_CLASSES_ROOT\CLSID\{EA502722-A23D-11D1-A7D3-0000F87571E3}Those reg entries are localized and might contains the path to the dll so be carefull the both XP aren't installed in the same directory/drive. Edited April 20, 2011 by allen2
Sp0iLedBrAt Posted April 20, 2011 Author Posted April 20, 2011 (edited) For the first, third and fourth value HKEY_CLASSES_ROOT\CLSID\{1BC972D6-555C-4FF7-BE2C-C584021A0A6A}HKEY_CLASSES_ROOT\CLSID\{942A8E4F-A261-11D1-A760-00C04FB9603F}HKEY_CLASSES_ROOT\CLSID\{BACF5C8A-A3C7-11D1-A760-00C04FB9603F} there is a CLSID where the default value is REG_SZ and it says "Software installation"The second HKEY_CLASSES_ROOT\CLSID\{7E45546F-6D52-4D10-B702-9C2E67232E62} is found in HKEY_CLASSES_ROOT\AppManager\CLSID\Edit: This is a log file from trying to register gpedit.dll Edited April 20, 2011 by Sp0iLedBrAt
GrofLuigi Posted April 20, 2011 Posted April 20, 2011 I'd like to think of myself as brave. In line 298 regsvr32 finally takes over. The command line is correct.Initializes, does what it has to do, but soon after that Avast\snxhk.dll is loaded (line 343, before are just checks). In line 489 it checks its configuration. Soon after that audio is initialized (maybe to play a warning sound?) After that, all apears as normal, but nothing is ever written to the registry (ignore Cryptography\RNG\Seed and SessionInformation\ProgramCount. They are written all the time and not important).Conclusion: Kill Avast in any way you can/like. (This was written about the previous log. Quick peek at logfile2 agrees).GL
Sp0iLedBrAt Posted April 21, 2011 Author Posted April 21, 2011 Avast! completely (almost brutally) killed and it still doesn't work.I just remembered most free antivirus programs don't work in Safe Mode, so that's what I'll do next.Cheers
GrofLuigi Posted April 21, 2011 Posted April 21, 2011 (edited) Try unregistering then registering the dlls. Search registry for "GPO-Disabled" and check whats around there ( HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy) . Check HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions .Any firewall? They can also block things in-memory so it will not be seen in ProcMon logs.Post a trace of the actual MMC startup (gpedit.msc).GL Edited April 21, 2011 by GrofLuigi
Sp0iLedBrAt Posted April 21, 2011 Author Posted April 21, 2011 (edited) The value for "GPO-Disabled" is 0 and it is found in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPO-List\0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions has 3 different sub-folders that refer to gptext.dll, which registers (and unregisters) successfully. I have exported them and attached them here.No firewall here, even the default one is disabled. As to the actual gpedit.msc trace, I'm afraid I won't be able to do it in the following days. GL, I'm sure you'll understand Have a nice, looong weekend. Edited April 21, 2011 by Sp0iLedBrAt
submix8c Posted April 21, 2011 Posted April 21, 2011 (edited) Well, this may/may not help -nLit\I386\AU.IN_ Content+SizenLit\I386\DOSNET.INF Content+SizenLit\I386\FONT.IN_ Content+SizenLit\I386\HIVECLS.INF Content+SizenLit\I386\HIVEDEF.INF Content+SizenLit\I386\HIVESFT.INF Content+SizenLit\I386\HIVESYS.INF Content+SizenLit\I386\HIVEUSD.INF Content+SizenLit\I386\INTL.INF Content+SizenLit\I386\QMGR.IN_ Content+SizenLit\I386\SFCFILES.DL_ Content+SizenLit\I386\SYSOC.IN_ Content+SizenLit\I386\TXTSETUP.SIF Content+SizenLit\I386\WBEMOC.IN_ Content+SizenLit\I386\WMP.IN_ Content+SizeOrig\I386\NHELPER.EX_ SourceNotFnd <-HelperOrig\I386\NLITE.IN_ SourceNotFnd <-DirectivenLit\I386\SYSSETUP.DL_ Content+Size <-Temp for nLitenLit\I386\SYSSETUP.IN_ Content+Size <-Temp for nLiteOrig\I386\SYSSBCK.DL_ SourceNotFnd <-BackupOrig\I386\SYSSBCK.IN_ SourceNotFnd <-BackupnLit\I386\APPMGR.DL_ TargetNotFndnLit\I386\CLOCK.AV_ TargetNotFnd <-(ignore)nLit\I386\CONF.AD_ TargetNotFndnLit\I386\GPEDIT.DL_ TargetNotFndnLit\I386\GPEDIT.MS_ TargetNotFndnLit\I386\GPRSLT.EX_ TargetNotFndnLit\I386\GPTEXT.DL_ TargetNotFndnLit\I386\GPUPDATE.EX_ TargetNotFndnLit\I386\HISECDC.IN_ TargetNotFndnLit\I386\HISECWS.IN_ TargetNotFndnLit\I386\INETCORP.AD_ TargetNotFndnLit\I386\INETRES.AD_ TargetNotFndnLit\I386\INETSET.AD_ TargetNotFndnLit\I386\RSOP.MF_ TargetNotFndnLit\I386\RSOP.MS_ TargetNotFndnLit\I386\RSOPPROV.EX_ TargetNotFndnLit\I386\RSOPSNPW.CH_ TargetNotFndnLit\I386\RSOPW.CH_ TargetNotFndnLit\I386\SECPOL.MS_ TargetNotFndnLit\I386\SWTCHBRD.BM_ TargetNotFndnLit\I386\SYSTEM.AD_ TargetNotFndnLit\I386\WMPLAYER.AD_ TargetNotFndnLit\I386\WSECEDIT.DL_ TargetNotFndnLit\I386\WUAU.AD_ TargetNotFndnLit\I386\YAHOO.BM_ TargetNotFnd <-(ignore)The above is what nLite did when I removed ADM Templates, GP MgmtCons, and:Lcl Security Settings - Part of Administrative Tools which can be used to easily edit:- Password Policy- Account Lockout Policy- Audit Policy- User Right Assignment- Security OptionsNeeded for: - Group Policy Management ConsoleSome differences are obvious based on removal. I could upload the INF's if that would help; don't think just those would violate any rules...Really stoopid question - What's the Security within the Registry? Allowed to modify (e.g. Admin rights as a Logged-on Admin)? EDIT (to answer myself) Obviously do, since register/reregister a/l one DLL... Edited April 21, 2011 by submix8c
GrofLuigi Posted April 21, 2011 Posted April 21, 2011 The value for "GPO-Disabled" is 0 and it is found in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPO-List\0That's OK.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions has 3 different sub-folders that refer to gptext.dll, which registers (and unregisters) successfully. I have exported them and attached them here.Most of the group polices are missing. I also haven't seen them myself for a long time since in my builds I always remove them, so I might not be able to help you in the most direct way - by comparing to my system. What's wierd is that Last Session.ini doesn't indicate any removal.No firewall here, even the default one is disabled. As to the actual gpedit.msc trace, I'm afraid I won't be able to do it in the following days. GL, I'm sure you'll understand Have a nice, looong weekend.Sure, have a nice weekend you too GL
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now