[Dshield] Help! Can no longer install programs - Related toSecurity updates?

Castle, Shane scastle at co.boulder.co.us
Mon Jan 22 14:39:01 GMT 2007


I encountered this, but the way I encountered it is in mapped drives;
local drives always worked.  If this is actually your problem
(executables on mapped drives will not run), then it is likely caused by
the IE security extension, frequently installed on servers and sometimes
on workstations.

I fixed it by adding the system owning the share to the trusted systems
list as '\\systemname'.  A coworker fixed it for himself by turning off
the security extension.

--
Shane Castle

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Peter
Stendahl-Juvonen
Sent: Monday, January 22, 2007 05:12
To: General DShield Discussion List
Subject: Re: [Dshield] Help! Can no longer install programs - Related
toSecurity updates?

[-- Begin GPG Output (Mon Jan 22 07:33:55 2007) --]
gpg: Signature made 01/22/07 05:12:24 using DSA key ID 28439D24
gpg: Good signature from "Peter Stendahl-Juvonen
<peter.stendahl-juvonen at welho.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 6848 A15F 8DEC 54BE D4F4  E972 436D 4A0A 2843
9D24

[--End GPG Output --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Adrian et al.

Thanks for prompt response.

Unluckily, could find no evidence of loss of integrity regarding the
privileges of SYSTEM or the Administrative Users Group on this system.

The following have full control over the installation/setup executable
file:
- - A limited user account (the executable resides in this user
account's
Own Files)
- - The Administrative Users Group
- - SYSTEM
[- even added the (renamed) Admin account explicitly with full control,
but it had no impact, installation/open file attempts fail as reported
originally]

The following have full control over the root (drive):
- - The Administrative Users Group (This Folder, Subfolders and Files)
- - Creator-Owner (Only Subfolders and Files)
- - SYSTEM (This Folder, Subfolders and Files)
[- even added the (renamed) Admin account explicitly with full control
(This Folder, Subfolders and Files), but it had no impact,
installation/open file attempts fail as reported originally]

The following have Read/Execute permission over the root (drive):
- - Authenticated Users (Only this folder)

The following have full control over the WINDOWS directory:
- - The Administrative Users Group (This Folder, Subfolders and Files)
- - Creator-Owner (Only Subfolders and Files)
- - SYSTEM (This Folder, Subfolders and Files)
[- even added the (renamed) Admin account explicitly with full control
(This Folder, Subfolders and Files), but it had no impact,
installation/open file attempts fail as reported originally]

The following have Modify permissions over the WINDOWS directory:
- - Power Users (This Folder, Subfolders and Files)

The following have Read/Execute permission over the WINDOWS directory:
- - Authenticated Users (This Folder, Subfolders and Files)

BTW, I have set up Explorer and Desktop running as separate processes on
this system, but figure that it is less significant, since that is not
the case with the other system where the same problem occurred. I have
in addition tried to open the installation/setup executable file also
via the Run As (using the renamed Admin account as user name), but the
attempts fail in the same error prompt. I have even launched Explorer
the same way; Run As (using the renamed Admin account as user name), but
the attempts fail in the same error prompt, when attempting to open the
executable installation/setup file.

On the other system, I managed to install the software after having
played long enough with the path name. Essentially, I shortened the
pathname long enough, and finally managed to run the executable.
However, not sure, whether it was only coincidental, since similar
attempts do not solve the issue on this other system.

Would appreciate all ideas and suggestions.

Thanks in advance for possible help.

- - Pete



22.1.2007 4:34 (UTC+2), Adrian Sanabria kirjoitti/wrote:
> I know it was a vague question, but I've had cases where the "system"
> account mysteriously disappeared from files. Makes for all kinds of
exciting
> OS behavior. That's all I can think of.
> 
> --Adrian
> 
> On 1/21/07, adrian.sanabria at gmail.com <adrian.sanabria at gmail.com>
wrote:
>> What are the permissions (local) on the file?
>>
>> Sent via BlackBerry from Cingular Wireless
>>
>> -----Original Message-----
>> From: Peter Stendahl-Juvonen <peter.stendahl-juvonen at welho.com>
>> Date: Sun, 21 Jan 2007 16:41:41
>> To:General DShield Discussion List <list at lists.dshield.org>
>> Subject: [Dshield] Help! Can no longer install programs - Related to
>>         Security updates?
>>
> Help! Can no longer install programs - Related to Security updates?
> 
> Would the distinguished subscribers to this awesome list, please
kindly
> help by pointing into correct direction in the following dilemma?
> 
> (The experienced issue made it possible to manually install, e.g. a
> security patch, so it is at least that way related to security
[patches]
> as well. ;-)
> 
> I have encountered the following issue on two systems (after having
> automatically applied the latest security updates).
> 
> Both systems are fully patched up-to-date WXP Pro systems (with a
> nationalized Finnish version [of O/S] and GUI).
> 
> I have changed the name of the Admin account (from default) on both
> systems, and attempt to execute the installation/setup file; signed on
> the Admin account, witch has (by default) full administrative
privileges.
> 
> When I attempt to run the installation/setup file, receive the
following
> prompt (direct translation from Finnish into English):
> 
> "[Full path name]
> Windows cannot use the specified device, path or file. You may not
have
> the required privileges.
> [OK]"
> 
> Nothing logged into the security log.
> 
> So, it now appears I cannot install any programs on these systems,
> before the issue is solved.
> 
> Has anyone experienced the same or similar?
> 
> Do you have idea(s), what might cause the issue, and how to correct
the
> situation? Might it relate to MS security patches?
> 
> Thanks for any pointers into the right direction.
> 
> 
> - Pete
> 
> 
>                 "A prudent question is one-half of wisdom."
>       Francis Bacon (1561-1626); English philosopher, statesman.
> 
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFtKooQ21KCihDnSQRAoZ6AJ9mMKYdmG6J6INBKEr60Jslhzk5RQCfcFET
9FUBRTdT7z/S6cR7jb9ZbOs=
=8Sgj
-----END PGP SIGNATURE-----
_________________________________________

SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught by our top rated instructors plus a huge vendor tools expo.
Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)



More information about the list mailing list