Slowly Windows 7 bugs are getting uncovered, recently we had provided fix for Windows 7 WMP 12 flickering issue, Windows 7 Black Screen of Death issue. Now here is yet another issue found in Windows 7. The issue is related Windows 7 activation and genuine copy.
Those users running genuine version of Windows 7 provided with their hardware platform reported that immediately after log on they were presented with following error message. "Windows is not genuine. Your computer might not be running a counterfeit copy of Windows. 0×80070005."
Some other symptoms of associated with this issue are,
The computer desktop background is black, and you receive the following error message on the bottom right corner of the screen:
"This copy of Windows is not genuine"
You receive the following error message when you view the System Properties: (Control Panel / System and Security / System)
"You must activate today. Activate Windows now"
If you try to use slmgr.vbs /dlv to view the licensing status, you receive the following message:
Error: 0×80070005 Access denied: the requested action requires elevated privileges
Microsoft is fully aware of this issue and provided following explanation for the issue,
There is a lack of permissions in the registry key HKU\S-1-5-20. The Network Service account must have full control and read permissions over that registry key.
This situation may be the result of applying a Plug and Play Group Policy object (GPO).
To resolve this issue, you can either disable the policy setting (Method A), or edit the permissions to provide the Licensing Service the required permissions (Method B).
Method A: Disable the Plug and Play Policy
1. Determine the source of the policy . To do this, follow these steps:
a. On the client experiencing the Activation error, run the Resultant Set of Policy wizard by clicking Start, Run and entering rsop.msc as the command.
b. Visit the following location:
Computer Configuration / Policies / Windows Settings /Security Settings / System Services /
If the Plug and Play service is configured through a Group Policy setting, you see it here with settings other than Not Defined. Additionally, you can see which Group Policy is applying this setting.
2. Disable the Group Policy settings and force the Group Policy to be reapplied.
a. Edit the Group Policy that is identified in Step 1 and change the setting to "Not Defined." Or, follow the section below to add the required permissions for the Network Service account.
b. Force the Group Policy setting to reapply: gpupdate /force (a restart of the client is sometimes required)
Method B: Edit the permissions of the Group Policy:
1. Open the Group Policy that is identified in Method A, Step 1 above, and open the corresponding Group Policy setting.
2. Click the Edit Security button, and then click the Advanced button.
3. In the Advanced Security Settings for Plug and Play window click Add and then add the SERVICE account. Then, click OK
4. Select the following permissions in the Allow section and then click OK:
Query template, Query status, Enumerate dependents, Interrogate, User-defined control, Read permissions
Note: The Previous rights are the minimum required permissions.
5. Run gpupdate /force after you apply the previous permissions to the Group Policy setting.
6. Verify that the appropriate permissions are applied with the following command:
sc sdshow plugplay
The following are the rights applied to the Plug and Play service in SDDL:
D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
(A;;CCLCSWLOCRRC;;;IU)
(A;;CCLCSWLOCRRC;;;SU)
S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
(A;;CC LC SW LO CR RC ;;;SU is an Access Control Entry (ACE) that allows the following rights to "SU" (SDDL_SERVICE – Service logon user)
A: Access Allowed
CC: Create Child
LC: List Children
SW: Self Write
LO: List Object
CR: Control Access
RC: Read Control
SU: Service Logon User
Note: If there are no GPO's in place, then another activity may have changed the default registry permissions. To work around this issue, perform the following steps:
1. On the computer that is out of tolerance, start Registry Editor.
2. Right-click the registry key HKEY_USERS\S-1-5-20, and select Permissions…
3. If the NETWORK SERVICE is not present, click Add…
4. In Enter the object names to select type Network Service and then click Check Names and OK.
5. Select the NETWORK SERVICE and Grant Full Control and Read permissions.
6. Restart the computer.
7. After the restart, the system may require activation. Complete the activation.
No comments:
Post a Comment