Microsoft KB Archive/255987

From BetaArchive Wiki
Knowledge Base


Windows NT Service Pack Requires Logon with Local Administrative Permissions After Reboot

Article ID: 255987

Article Last Modified on 11/1/2006


APPLIES TO

  • Microsoft Windows NT 4.0 Service Pack 4
  • Microsoft Windows NT 4.0 Service Pack 5
  • Microsoft Windows NT 4.0 Service Pack 6
  • Microsoft Windows NT 4.0 Service Pack 6a
  • Microsoft Windows NT 4.0 Service Pack 4
  • Microsoft Windows NT 4.0 Service Pack 5
  • Microsoft Windows NT 4.0 Service Pack 6
  • Microsoft Windows NT 4.0 Service Pack 6a
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Workstation 4.0
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Workstation 4.0 Developer Edition


This article was previously published under Q255987

SYMPTOMS

The design of the Windows NT 4.0 Service Pack update process requires an additional logon with local administrative credentials after Update.exe has restarted the computer.

If a non-administrative user logs on directly after the Service Pack Setup process is run, two Application events are logged for ProtectedStorage:

ProtectedStorage error: 5; OpenSCManager failed.

ProtectedStorage error: 203; Install Service failed.

These events are logged at every logon until a local administrator logs on.

CAUSE

Local administrative permission are necessary to successfully process and delete all registry values under the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce


RunOnce values are processed with the current login credentials. A typical user does not have sufficient permissions to successfully process the "4. 'Install pstores.exe'='pstores.exe -install'" RunOnce entry, causing both of the events listed above to be logged.

Also, a typical user by default has "Everyone=read" permission on the RunOnce key, so the entries cannot be deleted.

Other Microsoft and third-party Setup procedures may be affected in a similar way if they use the RunOnce or RunOnceEx keys to complete the Setup process during next logon.

WORKAROUND

Use either of the following methods:

  • Have a user with local administrative rights log on to the computer.
  • Use an administrative AutoAdminLogon and optionally disable the Mouclass and Kbdclass driver to prevent user interruption.

    This method involves certain issues. The password of the local administrator is stored as plain text in the registry (plus the corresponding script file), and a problem with disabled drivers can lead to an inaccessible system. Furthermore, be aware of the information on the following article in the Microsoft Knowledge Base:

    159969 AutoLogon Fails If DontDisplayLastUserName Is Also Enabled

    Because of these issues, Microsoft recommends using the first method.


Keywords: kberrmsg kbenv kbsetup kbprb KB255987



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/255987&oldid=377899
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki