Answered by:
S-1-5-20 Key missing from registry?

Question
-
I have a client with Vista Home Premium, failing WGA testing at least in part because the entire
HKU\S-1-5-20 Key is missing from the registry.
Trying to replicate this in a VM, I am unable to delete the Key - although I am able to clear all content from the Key.
In the Client's computer, a REG QUERY HKU returns only
HKEY_USERS\.DEFAULT
HKEY_USERS\S-1-5-19
HKEY_USERS\S-1-5-21-vvvvvvvvvvvvvvvvvvvvvvvvvv-1000
HKEY_USERS\S-1-5-21-vvvvvvvvvvvvvvvvvvvvvvvvvv-1000_Classes
HKEY_USERS\S-1-5-18REG ADD HKU\S-1-5-20 returns
ERROR: The parameter is incorrect
The permissions on HKU appear correct -
everyone- read
restricted- read
System- full control, read
administators- full control, read
Anyone have any idea how to fix this, apart from a reinstall?
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Monday, February 27, 2012 9:37 PM
Answers
-
For reference, the original thread referred to is Error 0x80070426The eventual solution was summarised in Error 0x80070426 summary post1) Run CHKDSK /R to fix any filesystem problems2) Delete the NTUSER.DAT file from the Network Service profile3) Copy the Default user’s NTUSER.DAT file across to the NetworkService profile, and amend the permissions to allow Network Service to have Full Control.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth- Marked as answer by Sabrina Shen Monday, March 5, 2012 2:22 AM
Sunday, March 4, 2012 12:09 PM
All replies
-
My understanding is these keys under user are registry hives. So thecontents of this key are in"C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT"(maybe send the 57yo grandmother your's - see I was following the originalthread)Which presumably is controlled by this [missing] registry keyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList\S-1-5-20Good work just finding the problem.And don't forget to run MGADiag.--..--"Noel D Paton" wrote in message news:defce3ab-c0da-4026-995c-a0f28f079fb1...>> I have a client with Vista Home Premium, failing WGA testing at least in> part because the entire>> HKU\S-1-5-20 Key is missing from the registry.>>> Trying to replicate this in a VM, I am unable to delete the Key - although> I am able to clear all content from the Key.>>> In the Client's computer, a REG QUERY HKU returns only>> HKEY_USERS\.DEFAULT> HKEY_USERS\S-1-5-19> HKEY_USERS\S-1-5-21-vvvvvvvvvvvvvvvvvvvvvvvvvv-1000> HKEY_USERS\S-1-5-21-vvvvvvvvvvvvvvvvvvvvvvvvvv-1000_Classes> HKEY_USERS\S-1-5-18>> REG ADD HKU\S-1-5-20 returns>> ERROR: The parameter is incorrect>> The permissions on HKU appear correct ->> everyone- read>> restricted- read>> System- full control, read>> administators- full control, read>>> Anyone have any idea how to fix this, apart from a reinstall?>>>>>> -------------------------------------------------------------------------------->> Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed> Sloth>Tuesday, February 28, 2012 12:10 PM
-
"DavidMCandy" wrote in message news:3495d583-38da-4642-86a3-dcfd1fd0feaf...My understanding is these keys under user are registry hives. So thecontents of this key are in"C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT"(maybe send the 57yo grandmother your's - see I was following the originalthread)Which presumably is controlled by this [missing] registry keyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList\S-1-5-20Good work just finding the problem.Thanks for a *useful* reply, David (which I’ve come to expect from you <g>)I thought I’d asked her to check the folder/file was present and accessible – but maybe not.The ProfileList Key is present??
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-
5-20
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkSer
vice
Flags REG_DWORD 0x0
State REG_DWORD 0x04---------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users
Default REG_EXPAND_SZ %SystemDrive%\Users\Default
Public REG_EXPAND_SZ %SystemDrive%\Users\Public
ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothTuesday, February 28, 2012 1:55 PM -
Also checkHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist--..--"Noel D Paton" wrote in message news:772d7e6d-d26c-403f-9961-b026accf3afc...> "DavidMCandy" wrote in message> news:3495d583-38da-4642-86a3-dcfd1fd0feaf...> My understanding is these keys under user are registry hives. So the> contents of this key are in>> "C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT"> (maybe send the 57yo grandmother your's - see I was following the original> thread)>> Which presumably is controlled by this [missing] registry key>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows> NT\CurrentVersion\ProfileList\S-1-5-20>> Good work just finding the problem.>>>> Thanks for a *useful* reply, David (which I’ve come to expect from you> <g>)> I thought I’d asked her to check the folder/file was present and> accessible – but maybe not.> The ProfileList Key is present??> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows> NT\CurrentVersion\ProfileList\S-1-> 5-20> ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkSer> vice> Flags REG_DWORD 0x0> State REG_DWORD 0x04>> --------------------------->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows> NT\CurrentVersion\ProfileList> ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users> Default REG_EXPAND_SZ %SystemDrive%\Users\Default> Public REG_EXPAND_SZ %SystemDrive%\Users\Public> ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData>>> --------------------------------------------------------------------------------> Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed> SlothTuesday, February 28, 2012 2:03 PM
-
"DavidMCandy" wrote in message news:8bc241b0-0092-46b9-99c6-0c9ad81a86d1...Also checkHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelistOooh – I never realised that Key existed (I think!)My VM shows..... (amongst other things - using REG QUERY)\REGISTRY\USER\S-1-5-20 REG_SZ \Device\HarddiskVolume\Windows\ServiceProfiles\NetworkService\NTUSER.DATThat looks as if it’s identical to the previous Keys found?(am I missing something here?)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothTuesday, February 28, 2012 7:13 PM -
Hi,
Before moving on, I would like to confirm the detailed error which you encountered for the original WGA issue.
Regarding the missing of the registry key HKEY_USERS\S-1-5-20, what about to export the below Registry key from a Working Machine and Merging them with the affected machine?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
Regards,
Sabrina
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Sabrina
TechNet Community Support
Wednesday, February 29, 2012 6:01 AM -
The HKEY_USERS\S-1-5-20 is a registry hive. Can you find out what is thesetting that controls the loading of hives. The ProfileList key includesprofiles that aren't loaded.PS Can you find out what are the values for the flags value eg....\ProfileList\S-1-5-20\Flags--..--"Sabrina Shen" wrote in message news:284cb912-9e60-43f6-8185-44963e661014...>> Hi,>>> Before moving on, I would like to confirm the detailed error which you> encountered for the original WGA issue.>>> Regarding the missing of the registry key HKEY_USERS\S-1-5-20, what about> to export the below Registry key from a Working Machine and Merging them> with the affected machine?>>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows> NT\CurrentVersion\ProfileList\S-1-5-20>>> Regards,>>> Sabrina>>> TechNet Subscriber Support>> If you are TechNet Subscription user and have any feedback on our support> quality, please send your feedback here.>>> -------------------------------------------------------------------------------->>> Sabrina>> TechNet Community Support>>>>Wednesday, February 29, 2012 6:19 AM
-
Sabrina
1) the ProfileList entry is not missing - it's present and apparently correct.
2) the HKU\S-1-5-20 key *is*missing, and I can find no way to recreate it - either by a REG ADD command, or a .REG file. I cannot repro the problem myself, as I am unable to actually remove the SID from the registry in my VM (or on bare metal!)
Thanks for trying, though! - any more ideas gratefully received.
David.
Info requested - I tried removing the S-1-5-20 entry from the Hivelist in my VM, but it regenerated on reboot? (and I still couldn't get rid of the HKU entry)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Wednesday, February 29, 2012 7:16 AM -
Is the hive corrupt. Try loading itreg load HKU\Test "C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT"And see if there is an error and can the subkeys be then read in Regedit,and test the security of a random key.I wonder if activation might work if you manually load the hive usingreg load HKU\S-1-5-20 "C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT"--..--"Noel D Paton" wrote in message news:ee441f58-81e3-468b-b18e-931da31b2946...> Sabrina>> 1) the ProfileList entry is not missing - it's present and apparently> correct.>> 2) the HKU\S-1-5-20 key *is*missing, and I can find no way to recreate> it - either by a REG ADD command, or a .REG file. I cannot repro the> problem myself, as I am unable to actually remove the SID from the> registry in my VM (or on bare metal!)>>> Thanks for trying, though! - any more ideas gratefully received.>>> David.>> Info requested - I tried removing the S-1-5-20 entry from the Hivelist in> my VM, but it regenerated on reboot? (and I still couldn't get rid of the> HKU entry)>>>> -------------------------------------------------------------------------------->> Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed> Sloth>Wednesday, February 29, 2012 9:32 AM
-
I noticed Laura doesn't have an entry under HiveList. This could be asymptom rather than a cause.--..--"Noel D Paton" wrote in message news:ee441f58-81e3-468b-b18e-931da31b2946...> Sabrina>> 1) the ProfileList entry is not missing - it's present and apparently> correct.>> 2) the HKU\S-1-5-20 key *is*missing, and I can find no way to recreate> it - either by a REG ADD command, or a .REG file. I cannot repro the> problem myself, as I am unable to actually remove the SID from the> registry in my VM (or on bare metal!)>>> Thanks for trying, though! - any more ideas gratefully received.>>> David.>> Info requested - I tried removing the S-1-5-20 entry from the Hivelist in> my VM, but it regenerated on reboot? (and I still couldn't get rid of the> HKU entry)>>>> -------------------------------------------------------------------------------->> Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed> Sloth>Wednesday, February 29, 2012 9:45 AM
-
"DavidMCandy" wrote in message news:00dcf40c-5da1-4807-8bf3-d9ef973518cc...Is the hive corrupt. Try loading itreg load HKU\Test "C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT"And see if there is an error and can the subkeys be then read in Regedit,and test the security of a random key.I wonder if activation might work if you manually load the hive usingreg load HKU\S-1-5-20 "C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT"
I’m busy trying to work out how best to corrupt my VM’s NTUSER.DAT file and see what happens :)
I don’t think the client is up to this sort of thing, although I could possibly ask her to upload the file (it may not be locked?)
Just got the results of the hivelist.
C:\Windows\system32>REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist
\REGISTRY\MACHINE\HARDWARE REG_SZ
\REGISTRY\MACHINE\SECURITY REG_SZ \Device\HarddiskVolume1\Windows\System32\config\SECURITY
\REGISTRY\MACHINE\SOFTWARE REG_SZ \Device\HarddiskVolume1\Windows\System32\config\SOFTWARE
\REGISTRY\MACHINE\SYSTEM REG_SZ \Device\HarddiskVolume1\Windows\System32\config\SYSTEM
\REGISTRY\USER\.DEFAULT REG_SZ \Device\HarddiskVolume1\Windows\System32\config\DEFAULT
\REGISTRY\MACHINE\SAM REG_SZ \Device\HarddiskVolume1\Windows\System32\config\SAM
\REGISTRY\MACHINE\COMPONENTS REG_SZ \Device\HarddiskVolume1\Windows\System32\config\COMPONENTS
\REGISTRY\USER\S-1-5-19 REG_SZ \Device\HarddiskVolume1\Windows\ServiceProfiles\LocalService\NTUSER.DAT
\Registry\User\S-1-5-21-1938820810-1180724512-1959737532-1000 REG_SZ \Device\HarddiskVolume1\Users\Laura\ntuser.dat
\Registry\User\S-1-5-21-1938820810-1180724512-1959737532-1000_Classes REG_SZ \Device\HarddiskVolume1\Users\Laura\AppData\Local\Microsoft\Windows\UsrClass.dat
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth- Edited by Noel D Paton Wednesday, February 29, 2012 12:27 PM clarity
Wednesday, February 29, 2012 9:47 AM -
"DavidMCandy" wrote in message news:bf35d91c-7131-4ca6-8f9d-474c26aae223...I noticed Laura doesn't have an entry under HiveList. This could be asymptom rather than a cause.--Yeah – I’ve asked her for the Permissions on the NTUSER.DAT file while I work out what to do :)
It may simply be that SYSTEM has lost read permissions, or some such.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothWednesday, February 29, 2012 10:04 AM -
Your client is a quick learner, you've asked a lot of her and she hasdelivered without saying it's too hard.Just do thisreg load HKU\Test "C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT"reg query hku\test\environmentWe are hoping for an error number.I found a web site that details the loading of NetworkService.http://blogs.msdn.com/b/richpec/archive/2009/07/20/userenv-debugging-line-by-line.aspxProblem is userenv.logs were removed for Vista. Replaced with thishttp://www.google.com.au/url?q=http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/224c95bc-e6b3-4b66-82e1-22de625b7dc6/&sa=U&ei=s_hNT7fdIvCfiAewk7la&ved=0CBIQFjAA&usg=AFQjCNHF0JrMWlzBHeSyzSKHKyijFkVmrwI don't know if these logs would be useful.--..--"Noel D Paton" wrote in message news:77e5b549-bdc7-4703-b295-41863c793bf9...> "DavidMCandy" wrote in message> news:00dcf40c-5da1-4807-8bf3-d9ef973518cc...> Is the hive corrupt. Try loading it>> reg load HKU\Test "C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT">> And see if there is an error and can the subkeys be then read in Regedit,> and test the security of a random key.>> I wonder if activation might work if you manually load the hive using>> reg load HKU\S-1-5-20> "C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT">>>>> I’m busy trying to work out how best to corrupt my VM’s NTUSER.DAT> file and see what happens :)>> I don’t think the client is up to this sort of thing, although I could> possibly ask her to upload the file (it may not be locked?)>> Just got the results of the hivelist.>> C:\Windows\system32>REG QUERY> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro> l\hivelist>> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist> \REGISTRY\MACHINE\HARDWARE REG_SZ> \REGISTRY\MACHINE\SECURITY REG_SZ \Device\HarddiskVolume1\Windows\Syst> em32\config\SECURITY> \REGISTRY\MACHINE\SOFTWARE REG_SZ \Device\HarddiskVolume1\Windows\Syst> em32\config\SOFTWARE> \REGISTRY\MACHINE\SYSTEM REG_SZ \Device\HarddiskVolume1\Windows\System> 32\config\SYSTEM> \REGISTRY\USER\.DEFAULT REG_SZ \Device\HarddiskVolume1\Windows\System3> 2\config\DEFAULT> \REGISTRY\MACHINE\SAM REG_SZ \Device\HarddiskVolume1\Windows\System32\> config\SAM> \REGISTRY\MACHINE\COMPONENTS REG_SZ \Device\HarddiskVolume1\Windows\Sy> stem32\config\COMPONENTS> \REGISTRY\USER\S-1-5-19 REG_SZ \Device\HarddiskVolume1\Windows\Service> Profiles\LocalService\NTUSER.DAT> \Registry\User\S-1-5-21-1938820810-1180724512-1959737532-1000 REG_SZ \> Device\HarddiskVolume1\Users\Laura\ntuser.dat> \Registry\User\S-1-5-21-1938820810-1180724512-1959737532-1000_Classes REG> _SZ> \Device\HarddiskVolume1\Users\Laura\AppData\Local\Microsoft\Windows\UsrCl> ass.dat>>> --------------------------------------------------------------------------------> Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed> SlothWednesday, February 29, 2012 10:07 AM
-
The eventlog may helpwmic PATH Win32_NTLogEvent get eventcode,message |findstr "networkservice"On my computer this always crashes unless the logs are mostly empty. Test onyours, it must have worked on MS's computers.My system log shows no mention of NetworkService--..--"Noel D Paton" wrote in message news:16a0a8db-7ee3-4fc5-9a54-8661e4046280...> "DavidMCandy" wrote in message> news:bf35d91c-7131-4ca6-8f9d-474c26aae223...> I noticed Laura doesn't have an entry under HiveList. This could be a> symptom rather than a cause.>> -->>>>> Yeah – I’ve asked her for the Permissions on the NTUSER.DAT file while> I work out what to do :)> It may simply be that SYSTEM has lost read permissions, or some such.>> --------------------------------------------------------------------------------> Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed> SlothWednesday, February 29, 2012 10:15 AM
-
"DavidMCandy" wrote in message news:ddc04f9c-83ee-47d9-ba65-45514dc6f627...The eventlog may helpwmic PATH Win32_NTLogEvent get eventcode,message |findstr "networkservice"On my computer this always crashes unless the logs are mostly empty. Test onyours, it must have worked on MS's computers.My system log shows no mention of NetworkServiceThis seems to hang on my VM – then get a code 80020009 errorI’ve been playing.1) Boot using RE, copy NTUSER.DAT to ntuser.copy ( after –s-h attrib)2) clear content of NTUSER.DAT and save (then _s_h attrib)Boot to Windowsreg load HKU\S-1-5-20 ntuser.copy doesn’t seem to do anything – I get an Access Denied error.reg load HKU\test ntuser.copy works, and creates a new key, and IThe problem is that the S-1-5-20 key is still present in my VM – I’ll try deleting NTUSER.DAT completely next
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothWednesday, February 29, 2012 10:50 AM -
"Noel D Paton" wrote in message news:c9e60e24-30fd-4c56-9cd2-9e0506c95c0a...I’ve been playing.1) Boot using RE, copy NTUSER.DAT to ntuser.copy ( after –s-h attrib)2) clear content of NTUSER.DAT and save (then _s_h attrib)Boot to Windowsreg load HKU\S-1-5-20 ntuser.copy doesn’t seem to do anything – I get an Access Denied error.reg load HKU\test ntuser.copy works, and creates a new key, and IThe problem is that the S-1-5-20 key is still present in my VM – I’ll try deleting NTUSER.DAT completely next
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothThat was interesting!deleting the NTUSER.DAT file completely repopulated the S-1-5-20 Key!
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothWednesday, February 29, 2012 11:03 AM -
Worth a try.--..--"Noel D Paton" wrote in message news:f8d8e594-4208-4b7d-a1cb-9acc7981a285...> "Noel D Paton" wrote in message> news:c9e60e24-30fd-4c56-9cd2-9e0506c95c0a...>> I’ve been playing.> 1) Boot using RE, copy NTUSER.DAT to ntuser.copy ( after –s-h attrib)> 2) clear content of NTUSER.DAT and save (then _s_h attrib)> Boot to Windows> reg load HKU\S-1-5-20 ntuser.copy doesn’t seem to do anything – I get> an Access Denied error.> reg load HKU\test ntuser.copy works, and creates a new key, and I>> The problem is that the S-1-5-20 key is still present in my VM – I’ll> try deleting NTUSER.DAT completely next>>>> --------------------------------------------------------------------------------> Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed> Sloth>> That was interesting!> deleting the NTUSER.DAT file completely repopulated the S-1-5-20 Key!>>> --------------------------------------------------------------------------------> Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed> SlothWednesday, February 29, 2012 11:15 AM
-
"Noel D Paton" wrote in message news:c9e60e24-30fd-4c56-9cd2-9e0506c95c0a..."DavidMCandy" wrote in message news:ddc04f9c-83ee-47d9-ba65-45514dc6f627...The eventlog may helpwmic PATH Win32_NTLogEvent get eventcode,message |findstr "networkservice"On my computer this always crashes unless the logs are mostly empty. Test onyours, it must have worked on MS's computers.My system log shows no mention of NetworkServiceThis seems to hang on my VM – then get a code 80020009 errorI’ve been playing.1) Boot using RE, copy NTUSER.DAT to ntuser.copy ( after –s-h attrib)2) clear content of NTUSER.DAT and save (then _s_h attrib)Boot to Windowsreg load HKU\S-1-5-20 ntuser.copy doesn’t seem to do anything – I get an Access Denied error.reg load HKU\test ntuser.copy works, and creates a new key, and IThe problem is that the S-1-5-20 key is still present in my VM – I’ll try deleting NTUSER.DAT completely next
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothBINGO!!!!removing access to the NTUSER.DAT file by SYSTEM, NETWORK SERVICES and AMDINs drops the whole Key from regedit!Now to see how bets to restore the default permissions :)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothWednesday, February 29, 2012 11:53 AM -
"Noel D Paton" wrote in message news:8a4d7ebd-552a-4cab-b106-bf3749fa933d...BINGO!!!!removing access to the NTUSER.DAT file by SYSTEM, NETWORK SERVICES and AMDINs drops the whole Key from regedit!Now to see how bets to restore the default permissions :)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothOK _ I uploaded a ACL list for the NetworkService folder down – let’s see what that does :)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth- Edited by Noel D Paton Wednesday, February 29, 2012 12:25 PM remove excess
Wednesday, February 29, 2012 12:21 PM -
"Noel D Paton" wrote in message news:18c8262d-8713-4c74-a3b9-9a9783af26e9..."Noel D Paton" wrote in message news:8a4d7ebd-552a-4cab-b106-bf3749fa933d...BINGO!!!!removing access to the NTUSER.DAT file by SYSTEM, NETWORK SERVICES and AMDINs drops the whole Key from regedit!Now to see how bets to restore the default permissions :)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothOK _ I uploaded a ACL list for the NetworkService folder down – let’s see what that does :)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Further testing shows that if the file is corrupted (I took a chunk out of the middle of the data, rather than just blanked the file completely), then the Key will also go AWOL – and this time will also produce the correct MGADiag error (0x80070426)So it does look as if the file itself is the root cause. If that in the case, then it’s no longer locked by the system and can be renamed from within windows.(with about 5 confirmation clicks <g>)Such a simple fix :) – if it works!
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothWednesday, February 29, 2012 1:45 PM -
Excellent.--..--"Noel D Paton" wrote in message news:ee2ced72-f5a7-4d7a-919a-2a85e6cf0089...> "Noel D Paton" wrote in message> news:18c8262d-8713-4c74-a3b9-9a9783af26e9...> "Noel D Paton" wrote in message> news:8a4d7ebd-552a-4cab-b106-bf3749fa933d...> BINGO!!!!> removing access to the NTUSER.DAT file by SYSTEM, NETWORK SERVICES and> AMDINs drops the whole Key from regedit!> Now to see how bets to restore the default permissions :)>> --------------------------------------------------------------------------------> Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed> Sloth> OK _ I uploaded a ACL list for the NetworkService folder down – let’s> see what that does :)>> --------------------------------------------------------------------------------> Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed> Sloth>>>> Further testing shows that if the file is corrupted (I took a chunk out of> the middle of the data, rather than just blanked the file completely),> then the Key will also go AWOL – and this time will also produce the> correct MGADiag error (0x80070426)>> So it does look as if the file itself is the root cause. If that in the> case, then it’s no longer locked by the system and can be renamed from> within windows.(with about 5 confirmation clicks <g>)> Such a simple fix :) – if it works!>>> --------------------------------------------------------------------------------> Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed> SlothWednesday, February 29, 2012 1:57 PM
-
"DavidMCandy" wrote in message news:262b7a6d-9217-4c34-9625-5990a18f24a6...Excellent.I spoke too early....the NTUSER.DAT file is not regenerated on a reboot
The folder only contains the DAT file, and the LOG1 and LOG2 files - no regtrans files, and no LOG file
I tested a similar configuration in my VM, by deleting from RE, but that regenerated fine.
I suspect that somewhere, something is pulling in the wrong (corrupted) NTUSER.DAT file.
There is a reference somewhere that I found that suggests that if the registry is unable to save the updated to the normal place, it will fall back to somewhere in the Users hierarchy - the question then is how is the fall-back reversed, or is it supposed to test the default location every time?
There must be a redirect in place somewhere - I just can't work out where it's likely to be, or how?
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothWednesday, February 29, 2012 7:35 PM -
Hi,
If the NTUSER.DAT file is corrupted and cannot be re-generated, what about to create a new account and then copy files to the new user profile?
Regards,
Sabrina
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Sabrina
TechNet Community Support
Friday, March 2, 2012 4:36 AM -
"Sabrina Shen" wrote in message news:5ed255bd-c004-4686-a78b-885759432e3d...
Hi,
If the NTUSER.DAT file is corrupted and cannot be re-generated, what about to create a new account and then copy files to the new user profile?
Regards,
Sabrina
That’s a thought – but since the Network Service account is a pre-machine account, rather than a per-user account surely any links to it would be outside the purview of the user profile, and so it would not be rebuilt by creating a new account?
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothFriday, March 2, 2012 8:05 AM -
For reference, the original thread referred to is Error 0x80070426The eventual solution was summarised in Error 0x80070426 summary post1) Run CHKDSK /R to fix any filesystem problems2) Delete the NTUSER.DAT file from the Network Service profile3) Copy the Default user’s NTUSER.DAT file across to the NetworkService profile, and amend the permissions to allow Network Service to have Full Control.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth- Marked as answer by Sabrina Shen Monday, March 5, 2012 2:22 AM
Sunday, March 4, 2012 12:09 PM -
Glad to see the issue was finally fixed. J
And thank you for sharing the solution which will help the other community members with the same issue.
Regards,
Sabrina
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Sabrina
TechNet Community Support
Monday, March 5, 2012 2:22 AM -
Noel,
I'm having a similar issue as this thread references. How did you delete the NTUSER.DAT of the NetworkService profile? If I try to delete the NTUSER.DAT through right click-->Delete I get the message "Cannot delete NTUSER: It is being used by another person or program. Close any programs that might be using the file and try again."
Thursday, July 5, 2012 2:16 PM -
Most of the issue was discussed in another thread. This thread was anoffshoot of the main thread.The results were summarised here at the bottomhttp://social.microsoft.com/Forums/en-US/genuinevista/thread/b4c34d7a-ae6d-4c68-9410-441f2d002964#afc2abcb-eb40-4008-8a8c-ec8c598d56b0Just confirm you have a problem with windows activation and the absense ofS-1-5-20 key missing from HKEY_USERS\ branch of the registry.--..--"C01254" wrote in message news:424229bf-a52d-45f6-a933-f678cfbc0077...> Noel,>> I'm having a similar issue as this thread references. How did you delete> the NTUSER.DAT of the NetworkService profile? If I try to delete the> NTUSER.DAT through right click-->Delete I get the message "Cannot delete> NTUSER: It is being used by another person or program. Close any> programs that might be using the file and try again.">Thursday, July 5, 2012 11:48 PM
-
Here is the link in clickable form.
--
.
--"DavidMCandy" wrote in message news:e28f957a-8828-4b49-8ebb-ff093e056985...Most of the issue was discussed in another thread. This thread was anoffshoot of the main thread.The results were summarised here at the bottomhttp://social.microsoft.com/Forums/en-US/genuinevista/thread/b4c34d7a-ae6d-4c68-9410-441f2d002964#afc2abcb-eb40-4008-8a8c-ec8c598d56b0Just confirm you have a problem with windows activation and the absense ofS-1-5-20 key missing from HKEY_USERS\ branch of the registry.--..--"C01254" wrote in message news:424229bf-a52d-45f6-a933-f678cfbc0077...> Noel,>> I'm having a similar issue as this thread references. How did you delete> the NTUSER.DAT of the NetworkService profile? If I try to delete the> NTUSER.DAT through right click-->Delete I get the message "Cannot delete> NTUSER: It is being used by another person or program. Close any> programs that might be using the file and try again.">Friday, July 6, 2012 12:01 AM -
(thanks, David)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
Friday, July 6, 2012 1:00 PM