Repair ACL

  • Thread starter Thread starter Richard Turnock
  • Start date Start date
R

Richard Turnock

Guest
Either I or OneCare beta messed up the ACL for files in the System32
directory and now some services won't start. Is there a way to set the rights
back to a default value?
 
RE: Repair ACL

Jasper,

Thanks for the response I'll check into the icacls option.

Specifically the Firwall won't start (but I need it to clear some options)
and it won't start because Base Filtering Engine won't start, ostensibly
because it can't find the file. I have some trouble tracing which actual DLL
svchost is trying to start but my guess is BFE.DLL. It reports that the file
is not there.

Richard

"Jesper" wrote:

> No. There is no way to revert ACLs.
>
> There are two possible recovery options, short of reformatting and
> reinstalling. The first is to use icacls on a clean system to save the ACL
> and then restore it on the corrupted system. The second option is to use
> something like Process Monitor
> (http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/processmonitor.mspx)
> to figure out what file access is failing and adjusting the ACLs on those
> files.
>
> There may be many complaints to leverage against OneCare, but I am pretty
> sure none of them include corrupting ACLs. At least I have not seen it. What
> services are failing?
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
>
>
> "Richard Turnock" wrote:
>
> > Either I or OneCare beta messed up the ACL for files in the System32
> > directory and now some services won't start. Is there a way to set the rights
> > back to a default value?
 
RE: Repair ACL

Yes, the base filtering engine is bfe.dll. Check if it is there. If not,
something really strange is going on. Here is the ACL that is supposed to be
on that file:
C:\Windows>icacls system32\BFE.DLL
system32\BFE.DLL NT SERVICE\TrustedInstaller:(F)
BUILTIN\Administrators:(RX)
NT AUTHORITY\SYSTEM:(RX)
BUILTIN\Users:(RX)

---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20


"Richard Turnock" wrote:

> Jasper,
>
> Thanks for the response I'll check into the icacls option.
>
> Specifically the Firwall won't start (but I need it to clear some options)
> and it won't start because Base Filtering Engine won't start, ostensibly
> because it can't find the file. I have some trouble tracing which actual DLL
> svchost is trying to start but my guess is BFE.DLL. It reports that the file
> is not there.
>
> Richard
>
> "Jesper" wrote:
>
> > No. There is no way to revert ACLs.
> >
> > There are two possible recovery options, short of reformatting and
> > reinstalling. The first is to use icacls on a clean system to save the ACL
> > and then restore it on the corrupted system. The second option is to use
> > something like Process Monitor
> > (http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/processmonitor.mspx)
> > to figure out what file access is failing and adjusting the ACLs on those
> > files.
> >
> > There may be many complaints to leverage against OneCare, but I am pretty
> > sure none of them include corrupting ACLs. At least I have not seen it. What
> > services are failing?
> > ---
> > Your question may already be answered in Windows Vista Security:
> > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> >
> >
> > "Richard Turnock" wrote:
> >
> > > Either I or OneCare beta messed up the ACL for files in the System32
> > > directory and now some services won't start. Is there a way to set the rights
> > > back to a default value?
 
RE: Repair ACL

Jasper,

Thanks. The file is there with what appear to be OK ACL. Procmon says that
it can't open a the "security" key under it in the registry, which gets
reported as the file not being there. There is no security key for it.

I tried an "upgrade" installation of Vista over itself but it failed as it
couldn't configure a system component.

I am going to try to restore the system state from an older backup if I can
pursuade Vista to do that.

Thanks for the direction to procmon - very interesting look at what's going
on.

"Jesper" wrote:

> Yes, the base filtering engine is bfe.dll. Check if it is there. If not,
> something really strange is going on. Here is the ACL that is supposed to be
> on that file:
> C:\Windows>icacls system32\BFE.DLL
> system32\BFE.DLL NT SERVICE\TrustedInstaller:(F)
> BUILTIN\Administrators:(RX)
> NT AUTHORITY\SYSTEM:(RX)
> BUILTIN\Users:(RX)
>
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
>
>
> "Richard Turnock" wrote:
>
> > Jasper,
> >
> > Thanks for the response I'll check into the icacls option.
> >
> > Specifically the Firwall won't start (but I need it to clear some options)
> > and it won't start because Base Filtering Engine won't start, ostensibly
> > because it can't find the file. I have some trouble tracing which actual DLL
> > svchost is trying to start but my guess is BFE.DLL. It reports that the file
> > is not there.
> >
> > Richard
> >
> > "Jesper" wrote:
> >
> > > No. There is no way to revert ACLs.
> > >
> > > There are two possible recovery options, short of reformatting and
> > > reinstalling. The first is to use icacls on a clean system to save the ACL
> > > and then restore it on the corrupted system. The second option is to use
> > > something like Process Monitor
> > > (http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/processmonitor.mspx)
> > > to figure out what file access is failing and adjusting the ACLs on those
> > > files.
> > >
> > > There may be many complaints to leverage against OneCare, but I am pretty
> > > sure none of them include corrupting ACLs. At least I have not seen it. What
> > > services are failing?
> > > ---
> > > Your question may already be answered in Windows Vista Security:
> > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > >
> > >
> > > "Richard Turnock" wrote:
> > >
> > > > Either I or OneCare beta messed up the ACL for files in the System32
> > > > directory and now some services won't start. Is there a way to set the rights
> > > > back to a default value?
 
Back
Top