Re: Possible security issue??
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 10 May 2006 00:13:21 -0500
Glad you got it sorted out and thanks for reporting back what worked! Fixing
the problem without knowing the exact original cause still is a good
ing. --- Steve
"Jeremy" <Jeremy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B5962FDC-926E-41BE-89E5-666ECBDE1BD8@xxxxxxxxxxxxxxxx
Steven,
Sorry for taking so long on my reply but last week was quite busy for me.
While I was waiting for you to get back with me I decided to re-apply the
default group policy settings since this client is small and I didn't see
any
major settings already in place. Once I did that and enabled Allow
automatice
updates immediate installation, rebooted my PC, I was able to to install
updates with no issues. After having my clients log off than back on, they
were able to install their auto updates as well. I may not have been able
to
offically troubleshoot the issue but this will suffice. :)
Also, as you recommended, I removed my laptop from their domain and was
able to install updates right away so i know it wasn't a file
system/registry
permission policy. Thanks again for you all your help. You guys are a
great
asset!
Regards,
Jeremy Johnston
"Steven L Umbach" wrote:
The link below is about all I found on that error.
http://www.eventid.net/display.asp?eventid=20&eventno=1797&source=Automatic%20Updates&phase=1
I suppose that Group Policy could also be applying some file system
[NTFS]
or registry permissions changes that may be interfering. Rsop.msc on an
XP
Pro computer would probably show such. If that is the case then if you
unjoin your computer from the domain, reboot, and try to install the same
update it would fail again as file system/registry permissions changes
are
not rolled back when a computer is removed from the influence of that
Group
Policy setting. Using the free tools regmon/filemon from systinternals
can
also track down when a user is being denied access to a file/registry
key.
http://www.sysinternals.com/Utilities/Filemon.html --- filemon and link
to
SysInternals.
I would also enable auditing of privilege use for failure on a computer
having the problem in Local Security Policy and then look to see if any
failures are recorded for privilege use when an update installation
fails.
Priviliges are user rights that are controller via security/group policy
either locally or at the domain level and it this case it would be at the
domain/OU level. --- Steve
"Jeremy" <Jeremy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C5754534-4041-4724-ADF6-A52DBEDABE33@xxxxxxxxxxxxxxxx
This is the only error I get in the system log and I did some research
on
this before I posted here. I didn't find anything helpful on the net
Event Type: Error
Event Source: Windows Update Agent
Event Category: Installation
Event ID: 20
Date: 5/3/2006
Time: 11:56:13 AM
User: N/A
Computer: JEREMYLT
Description:
Installation Failure: Windows failed to install the following update
with
error 0x8007f004: Windows Genuine Advantage Validation Tool (KB892130).
"Steven L Umbach" wrote:
Does it work when the built in local administrator account is used
which
is
NOT a domain account? Are there and errors/warnings in the logs that
you
can
view via Event Viewer that may indicate a problem with the domain such
as
userenv errors? Does running the support tool netdiag on the domain
controller and client computer pass with flying colors showing no
major
errors or warnings? Did you verify that the client computer is using
ONLY
domain controllers as their preferred/alternate DNS servers in tcp/ip
properties as shown by ipconfig /all and that the domain controller
can
be
pinged by name and IP address from the client computer? What error
messages
do the users get if any? -- Steve
"Jeremy" <Jeremy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4E7DF6E5-9645-4724-BB63-E71100BAB79D@xxxxxxxxxxxxxxxx
No it does not. Not even if the user is a Domain Admin *shrug*
"Steven L Umbach" wrote:
Does it work when the users domain account is added to the local
administrators group? It should though I would not consider that an
ideal
solution. You can configure updates to be downloaded/installed
automatically
so that the user does not need to be a local administrator. ---
Steve
"Jeremy" <Jeremy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:17CC7491-FB25-4C6C-9775-B4108825F71A@xxxxxxxxxxxxxxxx
I have a client situation where no one seems to be able to install
windows
updates on their PC's that are joined to the domain. They can
download
them
just fine but they fail during install. The only way to install
them
is
to
log in using the administrator account to the domain.
One user even has domain admin rights but he's still unable to
install
the
updates. I thought it might be a policy issue and others are
saying
internal
DNS. I have searched and searched but I'm unable to find anything
to
go
with
that will resolve this issue.
At first I thought it might have been an issue with a users
machine
but
when
I tried to run system restore under his credentials (local admin,
domain
admin) I got a message that he didn't have the appropriate rights
to
perform
this action. I could only run it from the administrators (domain)
account.
The PDC is a 2000 server..
Thank you in advance for any help.
Jeremy Johnston
.
- References:
- Re: Possible security issue??
- From: Steven L Umbach
- Re: Possible security issue??
- From: Steven L Umbach
- Re: Possible security issue??
- From: Jeremy
- Re: Possible security issue??
- From: Steven L Umbach
- Re: Possible security issue??
- From: Jeremy
- Re: Possible security issue??
- Prev by Date: Re: Not Able to Restore a Folder
- Next by Date: Re: annoying popups come from nowhere
- Previous by thread: Re: Possible security issue??
- Next by thread: Re: HELP!! Computer get onto "locked workstation "mode.
- Index(es):
Relevant Pages
|
