Jump to content
Sign in to follow this  
Guest Pierre Muller

Restricted user accounts hidden after DAF run

Recommended Posts

Guest Pierre Muller

I am trying to reinstall ZoneAlarm on my computer a PC running Windows XP Home.

Having found several advices to run DAF, I did install and run it with Repair Permissions tool.

After rebooting, only the administrator accounts still showed up on the Windows Login screen. It gave me a cold sweat, but I soon realized that the limited accounts were still present.

It took me a little bit longer to figure out why the did not appear anymore, neither at login screen, nor in the 'User accounts' fron the 'Control Panel'.

Finally, I did find them still listed in the 'Computer management' under 'Local Users and Groups'. The limited accounts were not even disabled, but they did not belong

to any group anymore. Restoring them as members of 'Users' group was enough to get them back to normal.

I suspect that DAF did remove the 'Users' group from these limited accounts. Is this a known bug or feature of DAF?

Pierre Muller

Share this post


Link to post
Share on other sites

It's not (directly) a bug in DAF (except for possible negligence on my part), but rather a side effect of secedit.exe and the template it uses to restore permissions. I tried to fix this before and the fix worked and hasn't come back until very recently (your report is one of a small handful that I am just now hearing about). I haven't yet figured out why this is happening again, exactly, but I'll go ahead and take responsibility for the bug anyway since I triggered it.

I've gotten a lot of reports that other peoples' limited accounts have stayed put with the current version of Dial-a-fix (from users who were affected by the previous thing that I thought I had "fixed"), and I have been unable to reproduce the problem myself as of yet.

In the next version of Dial-a-fix (which is being worked on right now) I will ensure that the Users group retains its members. I'll also try to narrow down the exact conditions under which this occurs, since it doesn't seem to be very consistent.

I sincerely apologize for any inconvenience this may have caused you! I also hope you were able to resolve your ZoneAlarm issue.

Let me know if I can be of any assistance.

Share this post


Link to post
Share on other sites

There isn't any "source" so to speak, as Dial-a-fix simply passes execution over to secedit.exe.

The commands are:

secedit.exe /analyze /db %systemroot%\sectest.db /cfg %systemroot%\inf\defltwk.inf /log %systemroot%\security\logs\secanalyze.log

secedit.exe /configure /db %systemroot%\sectest.db /cfg %systemroot%\inf\defltwk.inf /log %systemroot%\security\logs\secrepair.log

(Ugh why do code boxes text wrap on here? Code boxes should always use scrollbars. The above commands are two long lines each.)

Share this post


Link to post
Share on other sites
Guest Shanmugam

There isn't any "source" so to speak, as Dial-a-fix simply passes execution over to secedit.exe.

The commands are:

secedit.exe /analyze /db %systemroot%\sectest.db /cfg %systemroot%\inf\defltwk.inf /log %systemroot%\security\logs\secanalyze.log


secedit.exe /configure /db %systemroot%\sectest.db /cfg %systemroot%\inf\defltwk.inf /log %systemroot%\security\logs\secrepair.log

(Ugh why do code boxes text wrap on here? Code boxes should always use scrollbars. The above commands are two long lines each.)

And actually when running these commands, it removes all the limited users from the group 'users'. But you will be able to retrieve it by right clicking the user name in 'local users and groups' and going to 'properties'. Click on the 'Member of' tab and you will notice that it is blank. Now, add the 'users' group and it should start appearing in the login screen and in the control panel

Thanks,

Shanmugam

Share this post


Link to post
Share on other sites

(Ugh why do code boxes text wrap on here? Code boxes should always use scrollbars. The above commands are two long lines each.)

Because you used the CODE tag and not the CODEBOX tag. I fixed it for you. :cool:

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...