Microsoft KB Archive/255987

= Windows NT Service Pack Requires Logon with Local Administrative Permissions After Reboot =

Article ID: 255987

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows NT 4.0 Service Pack 4
 * Microsoft Windows NT 4.0 Service Pack 5
 * Microsoft Windows NT 4.0 Service Pack 6
 * Microsoft Windows NT 4.0 Service Pack 6a
 * Microsoft Windows NT 4.0 Service Pack 4
 * Microsoft Windows NT 4.0 Service Pack 5
 * Microsoft Windows NT 4.0 Service Pack 6
 * Microsoft Windows NT 4.0 Service Pack 6a
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition

-



This article was previously published under Q255987



SYMPTOMS
The design of the Windows NT 4.0 Service Pack update process requires an additional logon with local administrative credentials after Update.exe has restarted the computer.

If a non-administrative user logs on directly after the Service Pack Setup process is run, two Application events are logged for ProtectedStorage:

ProtectedStorage error: 5; OpenSCManager failed.

ProtectedStorage error: 203; Install Service failed.

These events are logged at every logon until a local administrator logs on.



CAUSE
Local administrative permission are necessary to successfully process and delete all registry values under the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

RunOnce values are processed with the current login credentials. A typical user does not have sufficient permissions to successfully process the "4. 'Install pstores.exe'='pstores.exe -install'" RunOnce entry, causing both of the events listed above to be logged.

Also, a typical user by default has "Everyone=read" permission on the RunOnce key, so the entries cannot be deleted.

Other Microsoft and third-party Setup procedures may be affected in a similar way if they use the RunOnce or RunOnceEx keys to complete the Setup process during next logon.



WORKAROUND
Use either of the following methods:  Have a user with local administrative rights log on to the computer. Use an administrative AutoAdminLogon and optionally disable the Mouclass and Kbdclass driver to prevent user interruption.

This method involves certain issues. The password of the local administrator is stored as plain text in the registry (plus the corresponding script file), and a problem with disabled drivers can lead to an inaccessible system. Furthermore, be aware of the information on the following article in the Microsoft Knowledge Base:

159969 AutoLogon Fails If DontDisplayLastUserName Is Also Enabled

Because of these issues, Microsoft recommends using the first method.

Keywords: kberrmsg kbenv kbsetup kbprb KB255987

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.