Action failed

system · April 11, 2011, 10:45pm

(imported topic written by anthonymap91)

ï»¿ï»¿ï»¿Completed download http://servername:52311/Uploads/b0a98343332a069c15375ac25b2bb59193ce1886/SetACLexe.tmp

Completed continue if {(size of it = 1023685 AND sha1 of it = “b0a98343332a069c15375ac25b2bb59193ce1886”) of file “SetACLexe.tmp” of folder “__Download”}

Completed extract SetACLexe.tmp

Failed wait __Download\SetACL.exe -on HKEY_CLASSES_ROOT\CLSID{76A64158-CB41-11D1-8B02-00600806D9B6}} -ot reg -actn ace -ace “n:administrators;p:full”

Last line fails, i think that I am missing a bracket somewhere any ideas…?

system · April 12, 2011, 4:53pm

(imported comment written by anthonymap91)

Anyone…

Thanks

system · April 12, 2011, 5:31pm

(imported comment written by MattBoyd)

I think you need to escape the first curly brace… not the last:

wait __Download\SetACL.exe -on HKEY_CLASSES_ROOT\CLSID{{76A64158-CB41-11D1-8B02-00600806D9B6} -ot reg -actn ace -ace “n:administrators;p:full”

system · April 12, 2011, 6:21pm

(imported comment written by anthonymap91)

Thanks for the response.

I made that change, it did not fail this time but did not work. All the lines of the action complete sucsefully, but when i check the registry the change was not made… Any ideas on what I am missing.

I ran the command from command line and it worked fine, should i run this from command line…?

My goal is to change the key permissions to administrators having full rights.

Relevance:

(true and exists true whose (if true then (exists (operating system) whose (it as string as lowercase contains “win2008” as lowercase)) else false) and exists true whose (if true then (x64 of operating system) else false) and exists true whose (if true then ((((exists key “HKEY_CLASSES_ROOT\CLSID{76A64158-CB41-11D1-8B02-00600806D9B6}” of registry and effective access mode for “Administrators” of dacls of security descriptors of key “HKEY_CLASSES_ROOT\CLSID{76A64158-CB41-11D1-8B02-00600806D9B6}” of registry != 983103)))) else false))

Action:

download http://servername:52311/Uploads/b0a98343332a069c15375ac25b2bb59193ce1886/SetACLexe.tmp

continue if {(size of it = 1023685 AND sha1 of it = “b0a98343332a069c15375ac25b2bb59193ce1886”) of file “SetACLexe.tmp” of folder “__Download”}

extract SetACLexe.tmp

wait __Download\SetACL.exe -on HKEY_CLASSES_ROOT\CLSID{{76A64158-CB41-11D1-8B02-00600806D9B6} -ot reg -actn ace -ace “n:administrators;p:full”

Completed

download http://servername:52311/Uploads/b0a98343332a069c15375ac25b2bb59193ce1886/SetACLexe.tmp

Completed

continue if {(size of it = 1023685 AND sha1 of it = “b0a98343332a069c15375ac25b2bb59193ce1886”) of file “SetACLexe.tmp” of folder “__Download”}

Completed extract SetACLexe.tmp

Completed wait __Download\SetACL.exe -on HKEY_CLASSES_ROOT\CLSID{{76A64158-CB41-11D1-8B02-00600806D9B6} -ot reg -actn ace -ace “n:administrators;p:full”

system · April 12, 2011, 6:33pm

(imported comment written by cstoneba)

try running ‘waithidden cmd.exe /c __Download\SetACL.exe’ …

system · April 12, 2011, 8:06pm

(imported comment written by MattBoyd)

Well… on my system (win7 x64) the permissions are set to this:

Owner: TrustedInstaller

Trusted Installer: Full Control

SYSTEM: Read

Users: Read

Administrators: Read

Since SYSTEM only has read permissions, it probably can’t make the change. You might have to take ownership of the registry key first. I’m not sure how you were able to do it from the command line… did you take ownership of that key?

system · April 12, 2011, 8:43pm

(imported comment written by anthonymap91)

I tried the command line still does not work.

Interesting about the system permissions on win 7. I looked at a 2003 server and found that the system account has full access, but i was afraid of what you brought up.

I am trying to get someone to verify the SYSTEM permissions on a win2008 server to see if that is the issue.

I have relevance to check rights for the administrator. This is how i know who to target, but cant figure out how to tell the permissions for SYSTEM?

system · April 12, 2011, 10:21pm

(imported comment written by MattBoyd)

How about these…

(For SYSTEM)

(effective write dac permissions for “NT AUTHORITY\SYSTEM” of it) of dacls of security descriptors of keys “HKCR\CLSID{76A64158-CB41-11D1-8B02-00600806D9B6}” of registry

(For TrustedInstaller)

(effective write dac permissions for “NT SERVICE\TrustedInstaller” of it) of dacls of security descriptors of keys “HKCR\CLSID{76A64158-CB41-11D1-8B02-00600806D9B6}” of registry