Restricted user accounts hidden after DAF run

[Guest Pierre Muller]

I am trying to reinstall ZoneAlarm on my computer a PC running Windows XP Home.

Having found several advices to run DAF, I did install and run it with Repair Permissions tool.

After rebooting, only the administrator accounts still showed up on the Windows Login screen. It gave me a cold sweat, but I soon realized that the limited accounts were still present.

It took me a little bit longer to figure out why the did not appear anymore, neither at login screen, nor in the 'User accounts' fron the 'Control Panel'.

Finally, I did find them still listed in the 'Computer management' under 'Local Users and Groups'. The limited accounts were not even disabled, but they did not belong

to any group anymore. Restoring them as members of 'Users' group was enough to get them back to normal.

I suspect that DAF did remove the 'Users' group from these limited accounts. Is this a known bug or feature of DAF?

Pierre Muller

[DjLizard]

It's not (directly) a bug in DAF (except for possible negligence on my part), but rather a side effect of secedit.exe and the template it uses to restore permissions. I tried to fix this before and the fix worked and hasn't come back until very recently (your report is one of a small handful that I am just now hearing about). I haven't yet figured out why this is happening again, exactly, but I'll go ahead and take responsibility for the bug anyway since I triggered it.

I've gotten a lot of reports that other peoples' limited accounts have stayed put with the current version of Dial-a-fix (from users who were affected by the previous thing that I thought I had "fixed"), and I have been unable to reproduce the problem myself as of yet.

In the next version of Dial-a-fix (which is being worked on right now) I will ensure that the Users group retains its members. I'll also try to narrow down the exact conditions under which this occurs, since it doesn't seem to be very consistent.

I sincerely apologize for any inconvenience this may have caused you! I also hope you were able to resolve your ZoneAlarm issue.

Let me know if I can be of any assistance.

[Eldmannen]

If other people could see the source, maybe they could spot the bug?

"Given enough eyeballs, all bugs are shallow".

[DjLizard]

There isn't any "source" so to speak, as Dial-a-fix simply passes execution over to secedit.exe.

The commands are:

secedit.exe /analyze /db %systemroot%\sectest.db /cfg %systemroot%\inf\defltwk.inf /log %systemroot%\security\logs\secanalyze.log


secedit.exe /configure /db %systemroot%\sectest.db /cfg %systemroot%\inf\defltwk.inf /log %systemroot%\security\logs\secrepair.log

(Ugh why do code boxes text wrap on here? Code boxes should always use scrollbars. The above commands are two long lines each.)

[Guest Shanmugam]

There isn't any "source" so to speak, as Dial-a-fix simply passes execution over to secedit.exe.

The commands are:

secedit.exe /analyze /db %systemroot%\sectest.db /cfg %systemroot%\inf\defltwk.inf /log %systemroot%\security\logs\secanalyze.log


secedit.exe /configure /db %systemroot%\sectest.db /cfg %systemroot%\inf\defltwk.inf /log %systemroot%\security\logs\secrepair.log

(Ugh why do code boxes text wrap on here? Code boxes should always use scrollbars. The above commands are two long lines each.)

And actually when running these commands, it removes all the limited users from the group 'users'. But you will be able to retrieve it by right clicking the user name in 'local users and groups' and going to 'properties'. Click on the 'Member of' tab and you will notice that it is blank. Now, add the 'users' group and it should start appearing in the login screen and in the control panel

Thanks,

Shanmugam

[Tarun]

(Ugh why do code boxes text wrap on here? Code boxes should always use scrollbars. The above commands are two long lines each.)

Because you used the CODE tag and not the CODEBOX tag. I fixed it for you. :cool: