Administrative Login Required

(imported topic written by bc6591)

I keep running into situations needing an Administrative Login. I assume it is because we run most of our machine as lowly domain users. The latest seems to be the result of installing the XP sp3 fixlet (id# 13501). It generates the “Administrative Login Needed” and when I check the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce key I find about 31 entries related to Windows Media Player (I believe) as follows.

C:\WINDOWS\System32\regsvr32 /s “C:\WINDOWS\System32\wmnetmgr.dll”

C:\WINDOWS\System32\regsvr32 /s /u “C:\WINDOWS\System32\wmv8dmod.dll”

C:\WINDOWS\System32\regsvr32 /s “C:\WINDOWS\System32\wmvdmod.dll”

C:\WINDOWS\System32\regsvr32 /s “C:\WINDOWS\System32\wmvdmoe2.dll”

C:\WINDOWS\System32\regsvr32 /s “C:\WINDOWS\System32\wmadmoe.dll”

C:\WINDOWS\System32\regsvr32 /s “C:\WINDOWS\System32\wmspdmod.dll”

C:\WINDOWS\System32\regsvr32 /s “C:\WINDOWS\System32\wmspdmoe.dll”

C:\WINDOWS\System32\regsvr32 /s “C:\WINDOWS\System32\wmsdmoe.dll”

C:\WINDOWS\System32\regsvr32 /s “C:\WINDOWS\System32\wmsdmoe2.dll”

C:\WINDOWS\System32\regsvr32 /s “C:\WINDOWS\System32\wmadmod.dll”

C:\WINDOWS\System32\regsvr32 /s “C:\WINDOWS\System32\mpg4dmod.dll”

C:\WINDOWS\System32\regsvr32 /s “C:\WINDOWS\System32\mp43dmod.dll”

C:\WINDOWS\System32\regsvr32 /s “C:\WINDOWS\System32\mp4sdmod.dll”

C:\WINDOWS\System32\regsvr32 /s “C:\WINDOWS\System32\wmsdmod.dll”

C:\WINDOWS\System32\regsvr32 /s “C:\WINDOWS\System32\laprxy.dll”

“C:\WINDOWS\System32\logagent.exe” /RegServer

C:\WINDOWS\System32\regsvr32 /s “C:\WINDOWS\System32\wmvcore.dll”

C:\WINDOWS\system32\regsvr32 /s “C:\WINDOWS\system32\drmstor.dll”

C:\WINDOWS\system32\regsvr32 /s “C:\WINDOWS\system32\drmclien.dll”

C:\WINDOWS\system32\regsvr32 /s “C:\WINDOWS\system32\drmv2clt.dll”

C:\WINDOWS\system32\regsvr32 /s “C:\WINDOWS\system32\blackbox.dll”

C:\WINDOWS\system32\regsvr32 /s “C:\WINDOWS\system32\msnetobj.dll”

C:\WINDOWS\INF\unregmp2.exe /MigrateLibrary

“C:\Program Files\Windows Media Player\migrate.exe” /s

C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmp.dll

C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpshell.dll

C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpasf.dll

C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpdxm.dll

C:\WINDOWS\system32\regsvr32 /s “C:\Program Files\Windows Media Player\mpvis.dll”

C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\mspmsnsv.dll

C:\WINDOWS\INF\unregmp2.exe /Shortcuts /RegExts

I was wondering if I could just create a fixlet that would check the runonce key and if there are entries there, execute them one by one or in a batch file. This would give me more of a generic way to execute what shows up in the RunOnce key (assuming they will run under the System login and as a batch file). I have tried using the following to extract the key into appendfile

appendfile {values of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce” of registry}

appendfile {substrings separated by “%00” of (values of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce” of registry as string)}

They both create the file ok, but they dont seem to separate the individual lines. I would like to have the file separate each line so that it could execute as a batch file unless there is a better way. The lines are as follows:

Any ideas ?

Thanks, bc

(imported comment written by BenKus)

Hi bc,

I am not sure if your overall approach will work… but you can try this:

appendfile {concatenation “%0d%0a” of substrings separated by “%00” of (values of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce” of registry as string)}

(imported comment written by bc6591)

Ben:

Thanks, I believe that at least gives me a file I can work with. I tried a few combinations like that but could not get any of them to work.

You seem a bit unsure of my approach. Is there a better approach? For me I wish I could get to the root of why it keeps generating “Administrative Login Needed” fixlets, but for now that is beyond my time and ability. If you have any better suggestions let me know.

Thanks again,

bc

(imported comment written by BenKus)

Hey bc,

“Login Needed” in BigFix reflects the fact that information is put into the “RunOnce” keys in the registry. Patches and software installations commonly can’t complete their installation until a restart…

If the patch/application only needs to replace/delete files, there is a special place in the Windows registry that the patch/app can use… we call this “Pending Restart” (see http://support.bigfix.com/cgi-bin/kbdirect.pl?id=159 for more info). Upon startup, the files are replaced (no login needed).

But… If the patch/application needs to actually run an application the computer restarts (rather than just replacing files), then a common technique is to use the “RunOnce” keys in the registry (see http://msdn.microsoft.com/en-us/library/aa376977(VS.85).aspx for more details). However, the RunOnce keys are only active when a user logs in… and if the user isn’t an admin, there isn’t a good way to know if the app will fail or not (you would need to check each app/patch out to be sure).

So back to your question: will running the values in the RunOnce keys as the SYSTEM account work? I would guess that it would often work just fine, but you will almost certainly find a case eventually where something would fail because the installer authors wouldn’t necessarily expect the RunOnce values to be run as SYSTEM…

Hope that is helpful,

Ben

(imported comment written by bc6591)

Ben:

Thanks, that was good info to learn. It helped me resolve another issue. The dos batch file did work in this instance at least.

bc

(imported comment written by chezzar91)

Has anyone found a definitely fix for administrative Login Needed? If so, please tell me. I need to apply the fix on over 2400 computers.

Thanks!

(imported comment written by JackCoates91)

back in the upgrade to MSIE 6 days (yech) the solution was to disable explorer as the shell, script a login as admin, reboot, and put everything back to normal. Serious PITA to put together and the login as admin part is inherently insecure, it’s much better to try Ben’s approach first.

(imported comment written by bc6591)

chezzar:

I ended up using Ben’s recommendation as follows for XP. It seemed to work for the most part. I also pretest more. Whatever you do test this code well in your environment first. I am no expert by any stretch.

// This batch file will try to execute whatever is in

// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

delete __appendfile

delete mybatch.bat

appendfile @ECHO OFF

appendfile {concatenation “%0d%0a” of substrings separated by “%00” of (values of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce” of registry as string)}

move __appendfile mybatch.bat

run mybatch.bat

delete mybatch.bat

Then at this point I called delRO.reg. All the delRO.reg does is delete the registry entry and recreate it so it is clean like this:

REGEDIT4

-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Hope maybe that helps,

bc

(imported comment written by chezzar91)

BC:

I will give it a go.

Thanks!