Wednesday, October 12, 2005

Patchwork

Ran into a problem with a custom Windows build today when applying MS05-051 (KB902400).

Our build had tweaked permission on stuff inside the %SYSTEMROOT%, including removing EVERYONE permissions in places.

With the patch applied this borked the "Network Connections" service. Symptoms were no network connections listed in "Network Connections". Also, when checking dependency tree for the "Network Connections" service a "Win32: access denied" popup would appear instead of the expected results.

Fix was to add "Network Service" or "EVERYONE" READ ACL on %SYSTEMROOT\Registration directory. Not sure what the security implications are yet.