Jump to content

Recommended Posts

Posted

So I had to reinstall Windows a few days ago, but all I could find was one of my older CDs, so I just used that. While trying to reply to a post related to the Group Policy Editor, I tried to open the one on my PC and discovered it showed an error

So I looked up the CLSID in the registry and got to gpedit.dll in the system32 folder. Tried to register it and I got

So, am I looking at a situation where I would have to find which files I'd need to add back in order to make it work, or it is something slightly more complicated?

Thank you in advance


Posted

Found elsewhere (not giving link because this had proprietary files) explaining how to add to XP Home. Apparently, what's in XP Pro.

• Copy the following files to %WinDir%\System32\ folder :

• appmgmts.dll

• appmgr.dll

• fde.dll

• fdeploy.dll

• gpedit.msc

• gpedit.dll

• gptext.dll

• Create the following folders (if they do not already exist):

• %WinDir%\System32\GroupPolicy

• %WinDir%\System32\GroupPolicy\ADM

• Copy the following files to %WinDir%\System32\GroupPolicy\ADM\ folder :

• system.adm

• inetres.adm

• conf.adm

• Open a command prompt window by opening Start Menu → All Programs → Accessories → Command Prompt. In the command prompt window type the following commands pressing Enter after each line.

regsvr32 %Windir%\System32\gpedit.dll

regsvr32 %Windir%\System32\fde.dll

regsvr32 %Windir%\System32\gptext.dll

regsvr32 %Windir%\System32\appmgr.dll

regsvr32 %Windir%\System32\fdeploy.dll

• That's it. Now you can open Group Policy Editor by opening Start Menu → Run, typing gpedit.msc and pressing Enter.

HTH

Posted

Thank you very much. I will try searching first, as I know I already have gpedit.msc and gpedit.dll present on the system.

I will report back.

Cheers

Posted

The GroupPolicy folder (and the ADM sub-folder) did not exist at all. I did as suggested, extracted the three files from a clean XPSP3 and put them in the ADM sub-folder. All the DLLs were already present in system32, with version 5.1.2600.5512, so SP3.

gpedit.dll and appmgr.dll still can't be registered and the same error occurs. I'll see what happens after I restart.

Cheers

Posted

Using procmon to monitor the registry access when self registering the .dll might show the thing going wrong.

Posted

I used procmon.exe and filtered all the entries that contained 'regsvr32'; they are mostly by the process itself and explorer.exe. The log file itself has "only" got 1300 lines, and I'm unleashing it for all you brave men out there :)

Cheers

Posted (edited)

Strange: there is nothing going to HKEY_CLASSES_ROOT\CLSID\{0FDE5092-AA2A-11D1-A7D4-0000F87571E3} where it should register gpedit.dll and nothing at all to clsid.

For appmgr.dll there are 4 CLSID et 2 other entries:

HKEY_CLASSES_ROOT\CLSID\{1BC972D6-555C-4FF7-BE2C-C584021A0A6A}
HKEY_CLASSES_ROOT\CLSID\{7E45546F-6D52-4D10-B702-9C2E67232E62}
HKEY_CLASSES_ROOT\CLSID\{942A8E4F-A261-11D1-A760-00C04FB9603F}
HKEY_CLASSES_ROOT\CLSID\{BACF5C8A-A3C7-11D1-A760-00C04FB9603F}
HKEY_CLASSES_ROOT\AppManager
HKEY_CLASSES_ROOT\AppManager.1

You should check if you have those entries and exports those key from a working XP in the same language and SP and import them.

For gpedit.dll, there are 7CLSID:

HKEY_CLASSES_ROOT\CLSID\{0FDE5092-AA2A-11D1-A7D4-0000F87571E3}
HKEY_CLASSES_ROOT\CLSID\{4F637904-2CAB-4F0E-8688-D3717EBD2975}
HKEY_CLASSES_ROOT\CLSID\{63E23168-BFF7-4E87-A246-EF024425E4EC}
HKEY_CLASSES_ROOT\CLSID\{6DC3804B-7212-458D-ADB0-9A07E2AE1FA2}
HKEY_CLASSES_ROOT\CLSID\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}
HKEY_CLASSES_ROOT\CLSID\{D70A2BEA-A63E-11D1-A7D4-0000F87571E3}
HKEY_CLASSES_ROOT\CLSID\{EA502722-A23D-11D1-A7D3-0000F87571E3}

Those reg entries are localized and might contains the path to the dll so be carefull the both XP aren't installed in the same directory/drive.

Edited by allen2
Posted (edited)

For the first, third and fourth value

HKEY_CLASSES_ROOT\CLSID\{1BC972D6-555C-4FF7-BE2C-C584021A0A6A}
HKEY_CLASSES_ROOT\CLSID\{942A8E4F-A261-11D1-A760-00C04FB9603F}
HKEY_CLASSES_ROOT\CLSID\{BACF5C8A-A3C7-11D1-A760-00C04FB9603F}

there is a CLSID where the default value is REG_SZ and it says "Software installation"

The second

HKEY_CLASSES_ROOT\CLSID\{7E45546F-6D52-4D10-B702-9C2E67232E62}

is found in HKEY_CLASSES_ROOT\AppManager\CLSID\

Edit: This is a log file from trying to register gpedit.dll

Edited by Sp0iLedBrAt
Posted

I'd like to think of myself as brave. :)

In line 298 regsvr32 finally takes over. The command line is correct.

Initializes, does what it has to do, but soon after that Avast\snxhk.dll is loaded (line 343, before are just checks). In line 489 it checks its configuration. Soon after that audio is initialized (maybe to play a warning sound?)

After that, all apears as normal, but nothing is ever written to the registry (ignore Cryptography\RNG\Seed and SessionInformation\ProgramCount. They are written all the time and not important).

Conclusion: Kill Avast in any way you can/like. :hello:

(This was written about the previous log. Quick peek at logfile2 agrees).

GL

Posted

Avast! completely (almost brutally) killed and it still doesn't work.

I just remembered most free antivirus programs don't work in Safe Mode, so that's what I'll do next.

Cheers

Posted (edited)

Try unregistering then registering the dlls. Search registry for "GPO-Disabled" and check whats around there ( HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy) . Check HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions .

Any firewall? They can also block things in-memory so it will not be seen in ProcMon logs.

Post a trace of the actual MMC startup (gpedit.msc).

GL

Edited by GrofLuigi
Posted (edited)

The value for "GPO-Disabled" is 0 and it is found in

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPO-List\0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions has 3 different sub-folders that refer to gptext.dll, which registers (and unregisters) successfully. I have exported them and attached them here.

No firewall here, even the default one is disabled. As to the actual gpedit.msc trace, I'm afraid I won't be able to do it in the following days. GL, I'm sure you'll understand ;)

Have a nice, looong weekend.

Edited by Sp0iLedBrAt
Posted (edited)

Well, this may/may not help -

nLit\I386\AU.IN_       Content+Size
nLit\I386\DOSNET.INF Content+Size
nLit\I386\FONT.IN_ Content+Size
nLit\I386\HIVECLS.INF Content+Size
nLit\I386\HIVEDEF.INF Content+Size
nLit\I386\HIVESFT.INF Content+Size
nLit\I386\HIVESYS.INF Content+Size
nLit\I386\HIVEUSD.INF Content+Size
nLit\I386\INTL.INF Content+Size
nLit\I386\QMGR.IN_ Content+Size
nLit\I386\SFCFILES.DL_ Content+Size
nLit\I386\SYSOC.IN_ Content+Size
nLit\I386\TXTSETUP.SIF Content+Size
nLit\I386\WBEMOC.IN_ Content+Size
nLit\I386\WMP.IN_ Content+Size
Orig\I386\NHELPER.EX_ SourceNotFnd <-Helper
Orig\I386\NLITE.IN_ SourceNotFnd <-Directive
nLit\I386\SYSSETUP.DL_ Content+Size <-Temp for nLite
nLit\I386\SYSSETUP.IN_ Content+Size <-Temp for nLite
Orig\I386\SYSSBCK.DL_ SourceNotFnd <-Backup
Orig\I386\SYSSBCK.IN_ SourceNotFnd <-Backup
nLit\I386\APPMGR.DL_ TargetNotFnd
nLit\I386\CLOCK.AV_ TargetNotFnd <-(ignore)
nLit\I386\CONF.AD_ TargetNotFnd
nLit\I386\GPEDIT.DL_ TargetNotFnd
nLit\I386\GPEDIT.MS_ TargetNotFnd
nLit\I386\GPRSLT.EX_ TargetNotFnd
nLit\I386\GPTEXT.DL_ TargetNotFnd
nLit\I386\GPUPDATE.EX_ TargetNotFnd
nLit\I386\HISECDC.IN_ TargetNotFnd
nLit\I386\HISECWS.IN_ TargetNotFnd
nLit\I386\INETCORP.AD_ TargetNotFnd
nLit\I386\INETRES.AD_ TargetNotFnd
nLit\I386\INETSET.AD_ TargetNotFnd
nLit\I386\RSOP.MF_ TargetNotFnd
nLit\I386\RSOP.MS_ TargetNotFnd
nLit\I386\RSOPPROV.EX_ TargetNotFnd
nLit\I386\RSOPSNPW.CH_ TargetNotFnd
nLit\I386\RSOPW.CH_ TargetNotFnd
nLit\I386\SECPOL.MS_ TargetNotFnd
nLit\I386\SWTCHBRD.BM_ TargetNotFnd
nLit\I386\SYSTEM.AD_ TargetNotFnd
nLit\I386\WMPLAYER.AD_ TargetNotFnd
nLit\I386\WSECEDIT.DL_ TargetNotFnd
nLit\I386\WUAU.AD_ TargetNotFnd
nLit\I386\YAHOO.BM_ TargetNotFnd <-(ignore)

The above is what nLite did when I removed ADM Templates, GP MgmtCons, and:

Lcl Security Settings - Part of Administrative Tools which can be used to easily edit:

- Password Policy

- Account Lockout Policy

- Audit Policy

- User Right Assignment

- Security Options

Needed for:

- Group Policy Management Console

Some differences are obvious based on removal. I could upload the INF's if that would help; don't think just those would violate any rules...

Really stoopid question - What's the Security within the Registry? Allowed to modify (e.g. Admin rights as a Logged-on Admin)? EDIT (to answer myself) Obviously do, since register/reregister a/l one DLL...

Edited by submix8c
Posted

The value for "GPO-Disabled" is 0 and it is found in

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPO-List\0

That's OK.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions has 3 different sub-folders that refer to gptext.dll, which registers (and unregisters) successfully. I have exported them and attached them here.

Most of the group polices are missing. I also haven't seen them myself for a long time since in my builds I always remove them, so I might not be able to help you in the most direct way - by comparing to my system. What's wierd is that Last Session.ini doesn't indicate any removal.

No firewall here, even the default one is disabled. As to the actual gpedit.msc trace, I'm afraid I won't be able to do it in the following days. GL, I'm sure you'll understand ;)

Have a nice, looong weekend.

Sure, have a nice weekend you too :)

GL

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...