Another downside of upgrading a Windows 2000 to Windows XP

Windows XP LogoEach Microsoft operating system installation allows you to do an “in-place” upgrade.  aka, The “Do you wish to upgrade this computer to Windows xyz” prompt when you insert a Microsoft OS CD/DVD.

The Windows 2000 –> Windows XP upgrade had a small problem.  When you tried to remote access the registry, the now Windows XP would tell you “Permission Denied”.

Microsoft documented the fix in KB892192.

By default, Windows 2000 does not have a built-in user account named Local Service. Instead, the Remote Registry Service is logged on as Local System. In Windows XP, the Remote Registry Service is logged on as Local Service.

One way to fix it, is to use the REGPERM utility, with a command line like this:
c:\winnt\system32\regperm.exe /k "hkey_local_machine\SYSTEM CurrentControlSet\Control\SecurePipeServers\winreg"" /E /a:"Local Service":R /I

Windows 2000 had Active Directory folders.

In Windows 2000 you could create a shortcut to an Active Directory resource, and turn it into an Windows Explorer view.  One of my (now long gone) predecessors worked out it would make life easier for end users.

“Oh, you just want to see the security groups you have delegation rights too?  No problems.  I’ll create you a shortcut.”

The AD Folder shortcut would look like this on a Windows 2000 system:
This is an Active Directory folder

The user reported that since a Windows XP upgrade, the icon looked like this:
This is an Broken Active Directory folder
(and the shortcut no longer worked.)

You can tell the Windows 2000 shortcut looks like a Folder shortcut.  The Windows XP shortcut, just looks broken.

Continue reading

Semi-regular web-link clearance (2) – January 2010

Dealing with VMs, Snapshots and the dreaded broken security channel

The problem with that perfect world is that you might want to snapshot a single machine to perform a what-if test and then be able to roll back if the idea is a bust. But if you do not snapshot all the VMs at the same instance, you run the risk of one of the machines changing it’s secure channel password during the what-if period. When you revert the changes during that session and you attempt to login, you will get an error message saying that the trust relationship with the domain controller is broken. You only option is to remove and re-add the machine to the domain.

Windows 7 Application Compatibility List for IT Professionals

We released the Windows 7 Compatibility Center a few weeks ago. This lets you look up one application at a time. You can find that at http://windows.com/compatibility.

Today, we have a downloadable list indicating vendor support. If you want to write some automated matching against your list of application, you can use this – it is an Excel download of all known information from vendors. You can find that at http://www.microsoft.com/downloads/details.aspx?FamilyID=890e522e-e39e-4278-aebc-186f81e29173&displaylang=en.

Support for Windows 2000 and Windows XP SP2 will end on July 13, 2010

How to open a parachute during free-fall: Introducing Quick Security References (QSRs)

A QSR is designed to provide the information necessary to quickly understand and address specific security threats from the perspectives of four IT-focused job roles (business decision makers, architect/program manager, developer, and tester). QSRs will also help establish security practices and provide a framework for addressing future incidents.

Package This

Package This is a GUI tool written in C# for creating help files (.chm and .hxs) from the content obtained from the MSDN Library or the TechNet Library via the MSDN Content Service. You select the content you want from the table of contents, build a help file, and use the content offline. You are making personalized ebooks of MSDN or TechNet content. Both help file formats also give full text search and keyword search.

Bookmark and Share

MS06-049 for Windows 2000 SP4 causes data lost.

From Slashbot:
“It looks like there is a problem with the recently released MS06-049 / KB920958 patch. If you have compression activated on any folder, then the compressed data is at risk from corruption. New files that are close to a multiple of 4K in size will have their last 4,000 bytes or so overwritten with 0xDF. Although this problem has been reported to Microsoft, as yet there appears to have been no official announcement. ”

It’s true, Microsoft have told me the same thing.

Bookmark and Share