To resolve this problem, restore the default permissions to the COM+ catalog.
For a computer that is running Windows 2000 or Windows Server 2003 and is not running as a domain controller, follow these steps:
1. In the %windir%/registration folder, make sure that the Everyone group has Read permissions.
2. In the %windir%/registration folder, make sure that the SYSTEM account has Full Control permissions.
3. In the %windir%/registration folder, make sure that the Administrators group has Full Control permissions.
4. In the advanced security properties of the .clb files in the %windir%/registration folder, make sure that the Allow
inheritable auditing entries from the parent to propagate to this object and all objects. Include these with entries explicitly defined here option is selected.
5. Make sure that the Everyone group has one of the following permissions:
• Traverse permissions (“List Folder Contentsâ€) on all parent directories, including %systemdrive%, %windir%, and %windir%registration
• The Bypass traverse checking user right
To assign the Bypass traverse checking user right to the Everyone group, follow these steps:
1. Click Start, click Run, type gpedit.msc, and then click OK.
2. Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then expand User Rights Assignment.
3. Right-click Bypass traverse checking, and then click Properties.
4. Click Add User or Group.
5. Type Everyone, and then click OK.
Note If you receive a message that an object named "Users" cannot be found, click Object Types, click to select the Groups check box, and then click OK two times.
For a domain controller that is running Windows 2000, follow these steps:
1. In the %windir%/registration folder, make sure that the Authenticated Users group has Read & Execute permissions.
2. In the %windir%/registration folder, make sure that the Server Operators group has Modify permissions.
3. In the %windir%/registration folder, make sure that the SYSTEM account has Full Control permissions.
4. In the %windir%/registration folder, make sure that the Administrators group has Full Control permissions.
5. In the advanced security properties of the .clb files in the %windir%/registration folder, make sure that the Allow
Inheritable permissions from parent to propagate to this object option is selected.
For a domain controller that is running Windows Server 2003, follow these steps:
1. In the %windir%/registration folder, make sure that the Everyone group has Read & Execute permissions.
2. In the %windir%/registration folder, make sure that the SYSTEM account has Full Control permissions.
3. In the %windir%/registration folder, make sure that the Administrators group has Full Control permissions.
4. In the advanced security properties of the .clb files in the %windir%/registration folder, make sure that the Allow inheritable auditing entries from the parent to propagate to this object and all objects. Include these with entries explicitly defined here. option is selected.
5. Make sure that the Everyone group has one of the following permissions:
• Traverse permissions (“List Folder Contentsâ€) on all parent directories, including %systemdrive%, %windir%, and %windir%registration
• The Bypass traverse checking user right
To assign the Bypass traverse checking user right to the Everyone group, follow these steps:
1. Click Start, click Run, type gpedit.msc, and then click OK.
2. Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then expand User Rights Assignment.
3. Right-click Bypass traverse checking, and then click Properties.
4. Click Add User or Group.
5. Type Everyone, and then click OK.
Note If you receive a message that an object named "Users" cannot be found, click Object Types, click to select the Groups check box, and then click OK two times.
Note The system may later create additional .clb files in the %windir%/registration folder. To make sure that the new .clb files have the appropriate permissions, grant the Read permissions to the whole directory instead of just granting it directly to the .clb files that currently exist. You can use the Cacls.exe file to automate these permission changes on the affected computer or to easily roll out the changes to multiple computers.
For a computer that is running Windows 2000 or Windows Server 2003 and is not running as a domain controller, follow these steps:
1. In the %windir%/registration folder, make sure that the Everyone group has Read permissions.
2. In the %windir%/registration folder, make sure that the SYSTEM account has Full Control permissions.
3. In the %windir%/registration folder, make sure that the Administrators group has Full Control permissions.
4. In the advanced security properties of the .clb files in the %windir%/registration folder, make sure that the Allow
inheritable auditing entries from the parent to propagate to this object and all objects. Include these with entries explicitly defined here option is selected.
5. Make sure that the Everyone group has one of the following permissions:
• Traverse permissions (“List Folder Contentsâ€) on all parent directories, including %systemdrive%, %windir%, and %windir%registration
• The Bypass traverse checking user right
To assign the Bypass traverse checking user right to the Everyone group, follow these steps:
1. Click Start, click Run, type gpedit.msc, and then click OK.
2. Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then expand User Rights Assignment.
3. Right-click Bypass traverse checking, and then click Properties.
4. Click Add User or Group.
5. Type Everyone, and then click OK.
Note If you receive a message that an object named "Users" cannot be found, click Object Types, click to select the Groups check box, and then click OK two times.
For a domain controller that is running Windows 2000, follow these steps:
1. In the %windir%/registration folder, make sure that the Authenticated Users group has Read & Execute permissions.
2. In the %windir%/registration folder, make sure that the Server Operators group has Modify permissions.
3. In the %windir%/registration folder, make sure that the SYSTEM account has Full Control permissions.
4. In the %windir%/registration folder, make sure that the Administrators group has Full Control permissions.
5. In the advanced security properties of the .clb files in the %windir%/registration folder, make sure that the Allow
Inheritable permissions from parent to propagate to this object option is selected.
For a domain controller that is running Windows Server 2003, follow these steps:
1. In the %windir%/registration folder, make sure that the Everyone group has Read & Execute permissions.
2. In the %windir%/registration folder, make sure that the SYSTEM account has Full Control permissions.
3. In the %windir%/registration folder, make sure that the Administrators group has Full Control permissions.
4. In the advanced security properties of the .clb files in the %windir%/registration folder, make sure that the Allow inheritable auditing entries from the parent to propagate to this object and all objects. Include these with entries explicitly defined here. option is selected.
5. Make sure that the Everyone group has one of the following permissions:
• Traverse permissions (“List Folder Contentsâ€) on all parent directories, including %systemdrive%, %windir%, and %windir%registration
• The Bypass traverse checking user right
To assign the Bypass traverse checking user right to the Everyone group, follow these steps:
1. Click Start, click Run, type gpedit.msc, and then click OK.
2. Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then expand User Rights Assignment.
3. Right-click Bypass traverse checking, and then click Properties.
4. Click Add User or Group.
5. Type Everyone, and then click OK.
Note If you receive a message that an object named "Users" cannot be found, click Object Types, click to select the Groups check box, and then click OK two times.
Note The system may later create additional .clb files in the %windir%/registration folder. To make sure that the new .clb files have the appropriate permissions, grant the Read permissions to the whole directory instead of just granting it directly to the .clb files that currently exist. You can use the Cacls.exe file to automate these permission changes on the affected computer or to easily roll out the changes to multiple computers.
Tags
Windows