Stephen W. Meeley
10-Oct-2005, 09:39 AM
Garret, Jakob and Anders,
I recently got bit by the same condition (Invalid ProgID) and just
finished doing a lot of research into it. Here's what I've found:
1. The "normal" condition for the machine is that the HKCR registry has
all the rights necessary - there should never be a need to modify the
rights in the HKCR registry branch.
2. We've taken multiple machines from a freshly installed state and
applied all services packs and hot fixes, installed all kinds of
software and have not been able to reproduce a situation where the
appropriate rights to HKCR were removed.
3. There is obviously something that can remove the appropriate rights
to HKCR, but there doesn't seem to be any common knowledge on what the
base cause really is. If you search, you'll find multiple references to
setting rights to HKCR to solve problems, but never any mention as to
what caused the condition in the first place.
4. Based on the above, we feel that changing rights on a machine where
the appropriate rights for HKCR do not exist is treating a symptom, not
fixing the problem.
So, we won't be attempting to change the rights for HKCR in the
installation (because the appropriate rights should exist anyway).
Also, our strong recommendation to anyone who finds that HKCR does not
have the appropriate rights is to not simply make the specific changes
discussed in the various threads, but to get the machine back to the
natural state (in other words, fix the real problem - not just treat the
symptom).
Of course, if anyone knows more about how the rights for HKCR got
changed in the first place (either by natural or unnatural causes) we'd
love to get input and could even change our recommendation if new
information changes the landscape.
I've made mention to "appropriate rights" throughout this message and
that's because the actually settings are slightly different based on
which platform you run.
On all platforms, you should see:
Administrators will have Full Control and Read
CREATOR OWNER will have Special Permissions (Full Control for Subkeys
only)
Power Users will have Read and Special Permissions (though we can't
really tell what the Special Permissions actually do in this case - we
think they just signify if rights should be inherited or not).
SYSTEM will have Full Control and Read
Users will have Read
On Windows 2000 (the oldest system we tested) you will also see:
Everyone will have Read
You may also see other, specialized groups of user (like Terminal
Services Users) with Read rights.
The removal of Everyone on systems newer than Windows 2000 does NOT
impact the proper operation of the system (including Web Application
Server) - it's probably just one of the many security changes that were
made in XP and Server 2003.
Best regards,
-SWM-
PS. BTW, in my specific case my machine was having many other problems
(totally freezing on a regular basis) that started over a month ago and
steadily got worse. No specific viruses were found, and I'm still not
sure what caused the rights to disappear from HKCR. I've reinstalled
everyone that I had on my old machine (WinXP Pro, Office 2003, FrontPage
2003, Wise, RoboHelp X5, Beyond Compare, Acrobat 6, VSS, various Google
tools, Crystal XI, multiple revisions of Visual DataFlex, Spybot, Ghost
9, WinZip, various tools and multimedia applications from HP and others,
etc.) and have all updates for everything and nothing has altered the
rights on HKCR (I checked between every operation) from "normal".
I recently got bit by the same condition (Invalid ProgID) and just
finished doing a lot of research into it. Here's what I've found:
1. The "normal" condition for the machine is that the HKCR registry has
all the rights necessary - there should never be a need to modify the
rights in the HKCR registry branch.
2. We've taken multiple machines from a freshly installed state and
applied all services packs and hot fixes, installed all kinds of
software and have not been able to reproduce a situation where the
appropriate rights to HKCR were removed.
3. There is obviously something that can remove the appropriate rights
to HKCR, but there doesn't seem to be any common knowledge on what the
base cause really is. If you search, you'll find multiple references to
setting rights to HKCR to solve problems, but never any mention as to
what caused the condition in the first place.
4. Based on the above, we feel that changing rights on a machine where
the appropriate rights for HKCR do not exist is treating a symptom, not
fixing the problem.
So, we won't be attempting to change the rights for HKCR in the
installation (because the appropriate rights should exist anyway).
Also, our strong recommendation to anyone who finds that HKCR does not
have the appropriate rights is to not simply make the specific changes
discussed in the various threads, but to get the machine back to the
natural state (in other words, fix the real problem - not just treat the
symptom).
Of course, if anyone knows more about how the rights for HKCR got
changed in the first place (either by natural or unnatural causes) we'd
love to get input and could even change our recommendation if new
information changes the landscape.
I've made mention to "appropriate rights" throughout this message and
that's because the actually settings are slightly different based on
which platform you run.
On all platforms, you should see:
Administrators will have Full Control and Read
CREATOR OWNER will have Special Permissions (Full Control for Subkeys
only)
Power Users will have Read and Special Permissions (though we can't
really tell what the Special Permissions actually do in this case - we
think they just signify if rights should be inherited or not).
SYSTEM will have Full Control and Read
Users will have Read
On Windows 2000 (the oldest system we tested) you will also see:
Everyone will have Read
You may also see other, specialized groups of user (like Terminal
Services Users) with Read rights.
The removal of Everyone on systems newer than Windows 2000 does NOT
impact the proper operation of the system (including Web Application
Server) - it's probably just one of the many security changes that were
made in XP and Server 2003.
Best regards,
-SWM-
PS. BTW, in my specific case my machine was having many other problems
(totally freezing on a regular basis) that started over a month ago and
steadily got worse. No specific viruses were found, and I'm still not
sure what caused the rights to disappear from HKCR. I've reinstalled
everyone that I had on my old machine (WinXP Pro, Office 2003, FrontPage
2003, Wise, RoboHelp X5, Beyond Compare, Acrobat 6, VSS, various Google
tools, Crystal XI, multiple revisions of Visual DataFlex, Spybot, Ghost
9, WinZip, various tools and multimedia applications from HP and others,
etc.) and have all updates for everything and nothing has altered the
rights on HKCR (I checked between every operation) from "normal".