Microsoft KB Archive/266776

= Content Deployment Registry Permissions Are Lost After Upgrading to Windows 2000 =

Article ID: 266776

Article Last Modified on 6/4/2001

-

APPLIES TO


 * Microsoft Site Server 3.0 Standard Edition

-



This article was previously published under Q266776



SYMPTOMS
When you upgrade your system from Microsoft Windows NT 4.0 to Microsoft Windows 2000, Site Server (including Content Deployment services) fails to start and does not operate properly, although it operated properly prior to the upgrade.



CAUSE
When you upgrade an existing Windows NT 4.0 Site Server 3.0 Service Pack 3 platform to Windows 2000, custom registry permissions that are set on Site Server local computer keys are not preserved. This may result in service operation problems, and projects fail to replicate.



RESOLUTION
Before you upgrade to Windows 2000, follow the steps in the following Knowledge Base article:

260242 How to Prevent Windows 2000 Upgrade from Modifying Custom Security

You must do this to prevent the loss of the registry key permissions when the system is upgraded to Windows 2000. The following instructions specifically protect the Site Server and Content Deployment (CRS) registry key permissions.

Windows 2000 uses the Dsup.inf (for Windows 2000 Server upgrades) security template to apply security settings during the upgrade process. To prevent the upgrade process from modifying custom security settings, you can modify this text-based template to ignore the specific registry keys that contain custom security settings. To do this, follow these steps:  Copy the appropriate template file (Dsup.inf) from your Windows 2000 distribution share into the %WinDir%\Security\Templates folder on your local computer. Start Microsoft Management Console. To do this, click Start, click Run, type Mmc.exe, and then click OK. On the Console menu, click Add/Remove Snap-in, click Add, click Security Templates, click Add, click Close, and then click OK. To open the template file that you want to modify, expand the Security Templates node, expand the %WinDir%\Security\Templates folder, and then expand the Dsup.inf file. Click the Registry security area. In the result pane, a list of all of the registry keys that are configured by the default upgrade template is displayed. You must add the following keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\CRS

HKEY_LOCAL_MACHINE\Software\Microsoft\Site Server

To add these keys, follow these steps:

<ol style="list-style-type: lower-alpha;"> Right-click Registry or File System, and then click Add Key.</li> Browse the dialog box to select the key that you want to protect. If the key, folder, or file does not exist on your computer, you can type the path to the object in the available text box.</li> Click OK to start the Access Control List (ACL) editor.</li> Click OK again to accept the default security provided by the ACL editor.</li> Click Do not allow permissions on this key to be replaced.</li> Click OK to add the object to the template.</li></ol> </li> In the result pane, the object you want the upgrade to ignore is now listed with the Ignore property listed under both the Permission and Audit columns. Right-click the name of the template, and then click Save.</li> Copy the modified template back to the distribution share.</li></ol>

Future upgrades from this distribution share will not configure the ignored objects with Windows 2000 default settings.

Keywords: kbprb KB266776

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.