Remote Registry always set to disabled after startup?

Discussion in 'Windows Server' started by mlai, Feb 27, 2007.

  1. mlai

    mlai Guest

    Something is very strange on my 2003SP1 machine. The remote registry
    service is always being set to disabled after restart despite I manually set
    the service to start automatically prior to machine reset.

    The server is behind a firewall and has active anti-virus solutions (AVG)
    and came up clean.

    Any thoughts?
     
    mlai, Feb 27, 2007
    #1
    1. Advertisements

  2. mlai

    Herb Martin Guest

    Well, a GPO can do that but if you are the admin then likely you
    were know if you had set any such Group Policies.

    Computer->Windows->Security->Services
     
    Herb Martin, Feb 27, 2007
    #2
    1. Advertisements

  3. mlai

    mlai Guest

    I never setup such GPO. And to be safe, I did a GP modeling and the result
    shows nothing being applied to disable the remote reg service
     
    mlai, Feb 27, 2007
    #3
  4. mlai

    mlai Guest

    And the winlogon.log shows:

    Tuesday, February 27, 2007 4:01:45 PM
    Error 1208: An extended error has occurred.
    Error creating database.
    ----Configuration engine was initialized with one or more errors.----


    ----Un-initialize configuration engine...
     
    mlai, Feb 27, 2007
    #4
  5. Hi,

    Thank you for posting in the Microsoft newsgroup!

    From your post, my understanding on this issue is: the Remote Registry
    service is always set to disabled after startup. If I'm off base, please
    feel free to let me know.

    Thanks to Herb for his key in. It's greatly appreciated.

    Except group policy, some scripts and commands can stop services as well.
    However, I think group policy is the first thing you need to check.

    The applied group policy can be exported by the gpresult command. You can
    run the command ¡°gpresult /z¡± on the problematic machine and paste the
    output of the command to newsgroup. I'd like to assist you to analyze it.

    Have a good day!

    Sean Cai, MCSE2000
    Microsoft Online Support

    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
     
    Sean Cai [MSFT], Feb 27, 2007
    #5
  6. mlai

    mlai Guest

    I found out what the problem was. My system has Mail Enable Enterprise 2.33
    installed and on Feb 24, there was a massive attack on an unpatched critical
    vulnerability on ME, causing a leak of all encrypted passwords hashes. Be
    adviced that this is not an isolated incident and was documented on the Mail
    Enable forums.
     
    mlai, Feb 28, 2007
    #6
  7. Hi,

    Thank you for sharing the cause of this problem with us. I believe everyone
    who has this problem in the future time will benefit from your post.

    Have a nice day!

    Sean Cai, MCSE2000
    Microsoft Online Support

    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
     
    Sean Cai [MSFT], Feb 28, 2007
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.