Re: How to fix broken security in Windows 2000?

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 01/18/05 

Date: Mon, 17 Jan 2005 23:24:41 -0700

I have read, and reread, you entire posting.
As far as I can tell, all that you have told us, aside from
your suspected cause, is
<quote>
The problem itself is that the computer complains about a new
file version that it can't check. It doesn't reveal what file
</quote>
That is not really very much to go on.
When does this happen for example. 

-- 
Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Shannon Jacobs" <shanen@my-deja.com> wrote in message
news:uH$rAxP$EHA.2540@TK2MSFTNGP09.phx.gbl...
> In http://support.microsoft.com/default.aspx?scid=kb;en-us;293781 there is
> the very interesting comment:
>
> "As you may have noticed in the provided information, some of the
> certificates have expired. However, these certificates are necessary for
> backwards compatibility. Even if there is an expired trusted root
> certificate, anything that was signed with that certificate prior to the
> expiration date needs that trusted root certificate to be validated. As
long
> as expired certificates are not revoked, it can be used to validate
anything
> that was signed prior to its expiration."
>
> Oh! *NOW* you [Microsoft] tell me. Just too bad the information wasn't
> provided earlier.
>
> Been wrestling with this problem for several weeks, and though I'm not
> certain, I very strongly suspect that what happened is that I deleted a
> required security certificate in the foolish belief that the expiration
date
> had some meaning. Quite trivial to do from IE: Tools menu -> Internet
> Options command -> Content tab -> Certificates button -> Trusted Root
> Certificates tab. Not certain because it happened a while ago and the
> resulting problem is minor, though annoying. Some possibility it may have
> been caused by a WindowsUpdate, possibly even one that was pushed onto my
> machine by the corporate IT people.
>
> The problem itself is that the computer complains about a new file version
> that it can't check. It doesn't reveal what file, and it doesn't actually
> say anything about a missing security certificate, but I'm pretty sure
> that's what's going on. The SFC fails to run, which is apparently related.
>
> I'm pretty sure that all of the root certificates have been restored, but
> either there is a missing certificate somewhere else, or it is some kind
of
> chain reaction thing.
>
> Anyone else having similar problems? Any suggestions about how to fix it?
> Diagnostic steps to identify the missing certificate or even the affected
> file?
>