Main Forum > Tweaking.com Support & Help

ACLs on UsrClass.dat messed up after restore

<< < (2/4) > >>

Shane:
Thats the thing, registry backup gets the whole file and the restore is the seem, it calls the RegLoad api and tells windows to use this file, and thats it. nothing is written or changed in the registry file itself.

So that means that if the file itself is getting the wrong permissions and it isnt the registry keys, then you need to look at inheritance. Files that are put into a folder, either by being created or moved get the permissions of the parent folder.

Also in the registry you can look up the hive list location and see exactly where the classes hive is being pulled from, that way we can make sure it isnt simply trying to pull from the wrong place.

Shane

indrawn:
But as I mentioned in the first post, when I manually copied the UsrClass.dat file, the permissions were fine:


--- Quote ---I corrected the immediate issue by logging in with another account and manually copying the UsrClass.dat file from the registry backup folder to "C:\Users\UserName\AppData\Local\Microsoft\Windows" (where "UserName" is the ID that had the problem). This resulted in proper ACL setup, and I didn't have any problems.
--- End quote ---

I also created a test file in "C:\Users\UserName\AppData\Local\Microsoft\Windows", and its permissions match what I (and other users on my system) have for UsrClass.dat. The one difference is that on UsrClass.dat, the owner is "System" and on the test file, it was my own user ID.

Shane:
The api I use to restore the registry is this one
https://msdn.microsoft.com/en-us/library/windows/desktop/ms724913%28v=vs.85%29.aspx

I checked on a fresh install of Windows 7 with all updates in vmware. No backups or restores done, so this is a untouched install.

When i check the owner of "C:\Users\UserName\AppData\Local\Microsoft\Windows" it is the user account that is the owner, when I checked UsrClass.dat inside that folder "System" was the owner of the file. Then the only 3 accounts on it for permissions where "System" "Administrators" and the user account it self, all 3 where set with full permissions.

When you copy the file into that folder yourself it is getting the owner and permissions from the parent folder, which is why you are seeing the user account as the owner.

So now I am asking myself, "if System is the default owner of the file, then why isnt his system able to load it?"

Shane

indrawn:
Yeah, I know what you mean. Sorry, I can only report what I see. :cry:

I checked in the backup location, and the owner of UsrClass.dat is System, and the other perms look fine.

I installed another registry backup utility, and I'm going to see if this issue happens with that one too. I think it will. I'll post back.

Shane:
Let me know what you find.

Also if you havent yet, run a normal chkdsk on your drive

chkdsk c: /f

Part of the steps of check disk is to verify and repair the security descriptors, which is what the ACL is in. Lets make sure it simply isnt something goffy with it :-)

Shane

Navigation

[0] Message Index

[#] Next page

[*] Previous page