Jump to content

POSReady 2009 updates ported to Windows XP SP3 ENU


glnz

Recommended Posts


heinoganda - Thanks for your concern.  For what it's worth, speccy shows that everything is OK in my Optiplex 755 running XP Pro SP3.  Let's see what happens next month.

Link to comment
Share on other sites

For "#456 icon_share.pngpost_offline.pngw2k4eva Posted 28 May 2015 - 04:55 AM " --

 

FIRST PART OF THIS POST:

 

w2k4eva - Many thanks again for your time and detail.  There's a lot there for me to learn, and given my utter lack of experience in this area, I hesitate to do anything.

 

FYI - I did not do anything - did not try any CACL instructions at all, or anything else.

 

Is there any way I can try to do something without running huge risks?

 

Also, is there an XP version of this very interesting article you suggested:  https://support.microsoft.com/en-us/kb/947215 ?

 

Following that article, please see the txt file I have uploaded here.  It is a copy of a portion of my registry from what that article discusses - any thoughts?

 

SECOND PART OF THIS POST:  w2k4eva - going back to your post #456, you wrote:

 

 

The other interesting post is on page 4 of that thread, in the Susan Bradley reply near the bottom, with the screen shots. But instead of focussing on "anyUser" as she does, check out NT AUTHORITY\Local Service and NT AUTHORITY\Network Service - giving them Full Control solved it for me. Also I had to do this for the entire folder (I also propagated to all children while I was at it), not just the files ntuser.dat and usrclass.dat - doing just those 2 files replaced the 6 errors with a pair of eventID1500's but didn't completely solve it. And yes, the mystery profiles for Temp and TEMP.NT AUTHORITY went away on their own after a reboot once I fixed all the permisssions, I did not need to manually delete the temporary profiles.

 

Sorry for noob question, but how do I "check out NT AUTHORITY\Local Service and NT AUTHORITY\Network Service"?  How do I get there?

 

THIRD PART OF THIS POST:  Please also see my second attachment "Permissions for LocalService and Network Service", a Word doc with screenshots.  I am showing what I see under Properties for three different user folders, and maybe there's a clue somewhere.

 

Thanks.

Copy of Part of ProfileList 6-27-15.txt

Permissions for LocalService and NetworkService 6-28-15.doc

Edited by glnz
Link to comment
Share on other sites

Is there any way I can try to do something without running huge risks?

 

Well, you had the answer in post #423 :

 

I will sometime soon

a] do a new total backup when CryptoPrevent is off, and using the Aomei Backupper Pro 2.5 Win PE disk only, and

b] then install an empty hard drive and do a Restore to that empty hard drive (again using the Aomei Backupper Pro 2.5 Win PE disk only) to first make sure I can even do a Restore at all.

Then, I'll try your suggestion above on the new hard drive.

 

Were you ever able to verify if this worked?

 

. . . .another thing you should do only after you have a good backup. Your plan to put in another disk and restore the backup on it, then work on the new disk is sound and safe. Don't try to get a shortcut... usually that's something one regrets afterwards. This is the sort of situation where Murphy's Law applies: so, one has to make sure nothing relevant may go wrong, and then nothing at all will. :)

 

What he said.

 

Also, is there an XP version of this very interesting article you suggested:  https://support.microsoft.com/en-us/kb/947215 ?

 

Not that I was able to find, nor any reference to one either. But since I saw 3 of the 4 listed eventIDs on my system it does seem relevant.

 

Following that article, please see the txt file I have uploaded here.  It is a copy of a portion of my registry from what that article discusses - any thoughts?

 

It looks like you have the same issue with LocalService and NetworkService as KB947215 illustrates for a "user" account (regkeys w/ ".bak", and RefCount nonzero) that we suspected based on the eventlog entries. But let's not edit the registry just yet...

 

Sorry for noob question, but how do I "check out NT AUTHORITY\Local Service and NT AUTHORITY\Network Service"?  How do I get there?

 

Your screenshots covered it for the profile folders. (I'm guessing the ones for TEMP.NT AUTHORITY will resemble the ones for NetworkService, since the TEMP.NT AUTHORITY.000 seems to mirror LocalService as suggested by the regfile snip. This leaves the TEMP one that I'm not sure how it pairs up).

 

THIRD PART OF THIS POST:  Please also see my second attachment "Permissions for LocalService and Network Service", a Word doc with screenshots.  I am showing what I see under Properties for three different user folders, and maybe there's a clue somewhere.

 

It looks like the permissions on the top level folder for these 3 profiles is okay. There may still be a problem with permissions on one of the child folders/files. In my case I took the sledgehammer approach and reset permissions for these plus all children; if you want to you could try to narrow it down to more specific folders/files.

 

But even that is not the place to start - the beginning really needs to be, first get the backup solution to where you know you can restore things if needed.

 

Second, I'm assuming that you have the same situation on both your "main" machine and your older "test" machine, not sure which one the registry and screenshots came from, but I assume they both match? And of course, any tinkering would start on the "test" machine...

 

After those two are settled, then for each profile you might look at the properties of file NTUSER.DAT in that top level folder - on the General tab, be sure the read-only flag is cleared, and look at the permissions on the security tab. The next likely suspect would be the file UsrClass.Dat in each profile's LocalSettings\ApplicationData\Microsoft\Windows folder, and/or each folder between here and the main profile folder. After that there is the corresponding log fie for each of these registry hives. As you can imagine, there's quite a few potential targets, which is why I took the sledgehammer method for my case.

 

The good news is that unlike most users, the LocalService and NetworkService don't need a lot of "personalization" so substituting the new profile from the default works okay as long as that default profile doesn't get corrupted. This is why there don't seem to be symptoms other than the event log entries.

Link to comment
Share on other sites

Pardon my interjection, but it seems that discussion of ".000" profiles is entirely separate for the POSReady topic. In my case, it wound up confusing me. :crazy:

 

Side note: I'm working on a friend's computer as we speak that wound up with a corrupted User Profile that by default created a Temp one. The PC got pretty fouled up (bad sectors). Said owner (his mother) wound up using the TEMP ones and now I'm in the processes of figuring out how to Merge Newest-To-OldestOriginal. IOW, the above posts (usually) indicated Profile Corruption (for whatever reason) and there's (generally) a way of "fixing it back" as long as you don't let it go too far.

 

Would it be possible to move the non-POSReady posts to a new topic?

Link to comment
Share on other sites

Pardon my interjection, but it seems that discussion of ".000" profiles is entirely separate for the POSReady topic. In my case, it wound up confusing me. :crazy:

. . .  .

Would it be possible to move the non-POSReady posts to a new topic?

 

Actually the .000 profiles etc are not separate from the topic, they are a direct result of applying POSReady update KB3021674. That said, if dencorso wants to split them off, perhaps leave one post as a placeholder with an explanation of the problem and a link to where they split off to?

 

Side note: I'm working on a friend's computer as we speak that wound up with a corrupted User Profile that by default created a Temp one. The PC got pretty fouled up (bad sectors). Said owner (his mother) wound up using the TEMP ones and now I'm in the processes of figuring out how to Merge Newest-To-OldestOriginal. IOW, the above posts (usually) indicated Profile Corruption (for whatever reason) and there's (generally) a way of "fixing it back" as long as you don't let it go too far.

 

If he has bad sectors then there are larger problems that won't be solved by just merging profiles!

 

Link to comment
Share on other sites

Having only superficially followed the line of discussion introduced by member glnz in post # 407, I hope I’m not just getting in the way here, but FYI…

I’ve never had any problems installing POS updates, and haven’t experienced any problems with my systems, but on one of three machines I checked Event Viewer does show these six errors starting in January:

 

post-375408-0-70153900-1435688473_thumb.

 

and ending in April:

 

post-375408-0-05577300-1435688534_thumb.

 

So whatever was broken in January was fixed in April?

Link to comment
Share on other sites

Uhhh....

If he has bad sectors then there are larger problems that won't be solved by just merging profiles!

An Offline Scandisk "fixed" it. An Offline Virus/Trajan scan cleaned it (including the HIV files). I then proceeded to back up said Single Partition. Next step was to logon as Administrator (never ever EVER used) and created a Work Admin Profile. I then proceeded to back up (copy) the Original to a temp folder. I then Deleted that Profile *and* the "ghost* ones, then Recreated it.  Finally I copied the Original (from temp) back over it. Finally, I rebooted into the Original. Guess what?

 

I've run into this this before. Don't think what you think before you think. It all depends on what got clobbered. Been there, done that.

 

A liitle background (and MS is "kind of" wrong on the first link).

https://support.microsoft.com/en-us/kb/811151

This link actually points to that one and several others.

http://answers.microsoft.com/en-us/windows/forum/security/windows-keeps-changing-user-profile-folder/bd1f56cd-0fd4-4498-852c-6f12e487c931

 

My procedure will be to do the "merge" Offline newest to oldest in a Temp folder before blowing away and recreating.

 

Google this.

xp "corrupted profile" "000"

;)

Edited by submix8c
Link to comment
Share on other sites

Having only superficially followed the line of discussion introduced by member glnz in post # 407, I hope I’m not just getting in the way here, but FYI…

I’ve never had any problems installing POS updates, and haven’t experienced any problems with my systems, but on one of three machines I checked Event Viewer does show these six errors starting in January:

 

attachicon.gifSix began 01132015.JPG

 

and ending in April:

 

attachicon.gifSix ended 04082015.JPG

 

So whatever was broken in January was fixed in April?

 

Hard to say without knowing a few more details... like how often you rebooted that machine back then? Are you saying you do not have any more of those eventlog entries after those ones on 4/8? Which is odd since Patch Tuesday for April wasn't until 4/14.... or did you not reboot between 4/8 and the next time you applied updates? And which ones did you apply and when?

 

I know that the February and March patches didn't fix it since I did apply those on 3/22 and continued to have the eventlog entries until 5/26.

 

Based on release dates, they might be KB3050995 (rvkroots.exe released 25 Mar) or KB3049874 (timezones released 27 Mar), but these normally wouldn't be expected to change profile permissions, and the other stuff released before 4/14 was not for XP.  While I did eventually apply these updates on 5/30, it wasn't until after I had already done my "cacls" fix on 5/26 so I can't say whether they would have fixed the issue.

Link to comment
Share on other sites

Hello ... I have one question regarding the POSReady updates after April 2014 ... I decided not to install any additional updates after April 2014 ... except for the MS Office 2007 updates that show up every month or two ... I have MS Office 2000 installed.

 

My question is about one update ...  KB3050995 (rvkroots.exe released 25 Mar) ... can I install that one update into my regular XP SP3 sysytem and would it install or work? I think that one update seems important to have, am I wrong on that idea?

 

Another update would be the Time Zone update ... but KB3049874 (TimeZones released 27 Mar) seems to be only for: Daylight saving time changes for Mexico, Mongolia, and Iran in Windows.

 

So I wouldn't probably need that update for now but if a new Time Zone update would appear for my area, could it just be installed right into Windows XP and would it actually install and work?

 

Can the update be changed in someway to be correctly added?

 

I think for now these are the only updates that I am interested in.

...

Edited by monroe
Link to comment
Share on other sites

@w2k4eva, the screenshots in post #493 are from my “daily driver” internet machine, which I boot daily (at least), and the error entries are there from every bootup from 1/3/2015 to 4/8/2015, since which date the errors have disappeared.

 

I’ve now taken a look at three other machines; one of them shows no such errors, but the other two do have the six errors present every boot right up through today 7/1/2015.

 

So, I’ve now checked out a total of six Windows XP machines, all of which have every POS update offered (usually applied within a couple of days of issue), similar software environments, and results regarding the six errors in question look like this:

 

  • msi Atom XP Pro:  no errors ever
  • eMachines Atom XP Home:  no errors ever
  • custom-built machine XP Pro:  no errors ever
  • Dell XPS XP Pro used daily:  errors from 1/13/2015 to 4/8/2015 (but none since)
  • Dell E520 XP Pro:  errors from 1/13/2015 through 7/1 (today)
  • Dell 3000 XP Pro:  errors from 11/11/2014 through 7/1 (today)

 

If I’m not mistaken, both of the problem machines used by member glnz are Dell machines.

 

I’m sensing a pattern here, and it’s spelled…DELL.

 

Too bad I’m not technical enough to see why the problem vanished on my daily Dell XPS computer in April.  I’ll have to think about that one.

Link to comment
Share on other sites

Looking at my three Dell machines that have the six Event Viewer Errors in question, I tried to see what was different about the one that no longer has the errors…

 

I checked out the Event Viewer/Application list to see what happened after each set of six boot-up Error entries, to tell what changed after 4/8/2015 on that machine that did not change on the other two Dell computers?

 

The difference is the six “HHCTRL Event ID: 1904” informations, which can be seen in this screen grab:

 

post-375408-0-15027000-1435780765_thumb.

 

And here is what the Properties look like for one of them:

 

post-375408-0-06893400-1435780803_thumb.

 

Out of my depth here, but it does seem peculiar that there happen to be six 1904 Information entries on 4/8/2015 (after which no more of the six Errors), and no such informations on the two Dell machines where the six Errors have persisted.

Link to comment
Share on other sites

My question is about one update ...  KB3050995 (rvkroots.exe released 25 Mar) ... can I install that one update into my regular XP SP3 sysytem and would it install or work? I think that one update seems important to have, am I wrong on that idea?

 

Yes, if you download the W2k3 version of that update, it will install as-is on XP, and you are correct that the updates about root certs are important.

 

So I wouldn't probably need that update for now but if a new Time Zone update would appear for my area, could it just be installed right into Windows XP and would it actually install and work?

 

Can the update be changed in someway to be correctly added?

 

Unfortunately MS has put blocking code into the time zone updates issued post-EOL. So this leaves you with three choices if you want them.

 

1) Look through the KB articles to find what was added, then adjust your time zones manually. Or copy the relevant registry entries, possibly from a newer machine that has the update installed... rather a pain.

 

2) Use the POSReady registry hack, then get the POSReady version of the update either from Windows Update or the Update Catalog. But be aware that this path is something of a one-way street - once the reghack is applied, you probably won't be able to reverse it from within Windows, you would need an offline registry editor.

 

3) Modify the updates to work on plain XP. This is the path I am using. Instructions can be found at http://www.ryanvm.net/forum/viewtopic.php?p=115464#115464 .  I generally start from the WEPOS version rather than the W2K3 ones, although for timezone updates that are basically just regkeys the difference may not matter. Do be aware that the resulting update won't have the usual sanity checks about versions etc so you must be selective about finding a suitable source file and how it is applied - you wouldn't want to have an IE7 update applied to a system that has either IE6 or IE8, for example.

 

Link to comment
Share on other sites

@w2k4eva, the screenshots in post #493 are from my “daily driver” internet machine, which I boot daily (at least), and the error entries are there from every bootup from 1/3/2015 to 4/8/2015, since which date the errors have disappeared.

. . . .

Too bad I’m not technical enough to see why the problem vanished on my daily Dell XPS computer in April.  I’ll have to think about that one.

 

Okay, so whatever it was must have been after 4/8/2015 10:57:43 but before your next boot (not visible in the eventlog screenshots). From your next post it looks like you are headed in that direction already. Did you install anything or do any updates during that time window? Change any file or folder permissions? Change any registry keys/permissions?

 

  • msi Atom XP Pro:  no errors ever
  • eMachines Atom XP Home:  no errors ever
  • custom-built machine XP Pro:  no errors ever
  • Dell XPS XP Pro used daily:  errors from 1/13/2015 to 4/8/2015 (but none since)
  • Dell E520 XP Pro:  errors from 1/13/2015 through 7/1 (today)
  • Dell 3000 XP Pro:  errors from 11/11/2014 through 7/1 (today)

If I’m not mistaken, both of the problem machines used by member glnz are Dell machines.

 

I’m sensing a pattern here, and it’s spelled…DELL.

 

Yes, he does say they are Dells. My own formerly problematic box is a vpr matrix, this brand was formerly owned by Best Buy, who has since gotten out of the OEM business. I have no way of knowing whether vpr matrix may have bought their factory install image either from Dell or from whatever place Dell got theirs from. But it isn't yet clear that my box had the same situation as glnz does, or that yours exactly matches either his or mine; the eventlog entries have a wide variety of possible causes.

 

Looking at my three Dell machines that have the six Event Viewer Errors in question, I tried to see what was different about the one that no longer has the errors…

 

I checked out the Event Viewer/Application list to see what happened after each set of six boot-up Error entries, to tell what changed after 4/8/2015 on that machine that did not change on the other two Dell computers?

 

The difference is the six “HHCTRL Event ID: 1904” informations, which can be seen in this screen grab:

 

I do sometimes get those eventID 1904's. They always seem to come in pairs (as yours do), whenever I open some sort of help file. I've forgotten if it was the *.hlp format vs the *.chm format that does it, or if both do. It looks like you opened three helpfiles (or pages within a helpfile?) within a few minutes of each other. I used to get them before applying the KB3021674 update, and continue to have them after my cacls fix, so I don't think they are related.

 

Should be an easy enough thing to test, first look at the eventlogs on the non-Dells, see if they have these entries, or if opening help files (of either format) causes them. Then see if there are more of them at other times on any of the Dells. Eventually try opening a  help file on one of the Dells that still has the eventID 1511 entries, to see if the 1904 shows up. Then reboot and see if the 1511 etc persist.

 

If that test doesn't resolve it, you'll need to look a little farther for whatever may be different. At least most of yours are Pro rather than Home, which makes checking permissions a little easier.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...