Admin / Domain Admin rights problem

Andy Roxburgh · Jun 28, 2005

Hi,
I'm using SBS2000 as my primary DC.
I have a problem - the Administrator account cannot access 'HKLM' keys in
the registry. I've been told it is because the Administrator is not a member
of the Domain Admins group. Except, accoring to SBS Admin console, it is.
Furthermore I can't change the permissions for HKLM using the registry
editor. I need to give the account access to HKLM but don't know what else
to do - help!

Thanks

Andy

Roger Abell · Jun 28, 2005

Evidently you can view the security settings on HKLM
Who/What account/group does have full permissions?
You will need to use an account that does have the ability.

Andy Roxburgh · Jun 29, 2005

Actually I can't view the security settings - a message pops up telling me I
can change them but not view them... except when I try to change them it
won't let me do that either.

So I can't see what accounts have full permissions!

Andy

Steven L Umbach · Jun 29, 2005

Make sure that you are logging on as the administrator account and not some
renamed administrator which is sometimes used as a domain account. The
command "net user administrator" will display group membership. Also verify
that domain admins is a member of the administrators group for the domain as
it is possible for it to be removed. You should also run a full malware scan
on your server being sure to use the latest definitions from your vendor.
Also some "protection" packages can block access to the registry I am told.
You may want to boot into safe mode to see if that helps. Subinacl is a tool
that can be used to view and change file and registry permissions at the
command line if need be. However it is very powerful and I would not use it
unless you have a full image type backup of your server or you are very
confident that you are using the right command possibly from trying it on a
test computer first. Group Policy can also be used to manage registry
permissions via computer configuration/Windows settings/security settings -
registry though you need to be careful doing such and should unlink the
Group Policy when done and needs to be linked to the proper OU where the
computer accounts are. Improper use of file/registry permissions via Group
Policy can cause performance problems in the domain. --- Steve

http://www.microsoft.com/downloads/...56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en
-- subinacl
http://www.jsifaq.com/SUBR/tip8700/rh8724.htm -- Group Policy to manage
file/registry permissions.

Andy Roxburgh · Jun 30, 2005

Hi Steven,

Make sure that you are logging on as the administrator account and not some
renamed administrator which is sometimes used as a domain account. The
command "net user administrator" will display group membership.

I get (exactly as output) :
.....
Logon Script
User Profile
Home Directory
Last logon 6/30/2005 2:00pm

Logon Hours Allowed All

Local Group Memberships
*Account Operators
*Administrators
*Backup operators
*Server Operators
*Print Operators

Global Group Memberships
*Exchange Services
*Domain Admins
*Domain Users
*Enterprise Admins
*Exchange Domain Serve
*Group Policy Creator
*Backoffice Internet U
*Scheme Admins

Also verify
that domain admins is a member of the administrators group for the domain as
it is possible for it to be removed.

I checked this with the SBS Admin console and it appears to be OK.

You should also run a full malware scan
on your server being sure to use the latest definitions from your vendor.

Just tried a full AV scan and it consistently locks up half way through -
not a great sign!
Just ran MS Antyspyware beta and it's clean; will try a different AV scanner
and try again.

Also some "protection" packages can block access to the registry I am told.
You may want to boot into safe mode to see if that helps.

Will try this at the weekend - the server's in use at the moment.

Subinacl is a tool
that can be used to view and change file and registry permissions at the
command line if need be. However it is very powerful and I would not use it
unless you have a full image type backup of your server or you are very
confident that you are using the right command possibly from trying it on a
test computer first.

Thanks! Have used it to show the HKLM permissions. Typing
subinacl /key HKEY_LOCAL_MACHINE /display
I get :

===========================
+KeyReg HKEY_LOCAL_MACHINE
===========================
/control=0x0
/owner =builtin\administrators
/primary group =system
/audit ace count =0
/perm. ace count =4

/pace =system ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =builtin\administrators ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

/pace =restricted ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

and this compares to HKEY_USERS which I do have access to as follows:

===================
+KeyReg HKEY_USERS
===================
/control=0x0
/owner =builtin\administrators
/primary group =system
/audit ace count =0
/perm. ace count =4

/pace =system ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =builtin\administrators ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

/pace =restricted ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

To me it looks fine; but there's definitely something wrong somewhere
because it won't show HKLM permissions etc from regedit!

Do you think I should try

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=systems=f

?

Ironically the reason I'm going through all this is so that I can create a
ghost image - I'm using Veritas IDR and it's not playing ball.
So I can't easily ghost the server before making changes.

Group Policy can also be used to manage registry
permissions via computer configuration/Windows settings/security settings -
registry though you need to be careful doing such and should unlink the
Group Policy when done and needs to be linked to the proper OU where the
computer accounts are. Improper use of file/registry permissions via Group
Policy can cause performance problems in the domain. --- Steve

I don't appear to have the 'registry' item available under 'security
settings'....

It's not looking good is it??!

Andy

Steven L Umbach · Jun 30, 2005

Hmm. From what I can tell it looks like subinacl shows that administrators
have full control of HKLM. I am at a loss as why you can not edit it. I
always use regedt32 for Windows 2000 so you may want to try that if you have
not yet. If it was my computer I would not use subinacl until I had an image
backup. As far as Group Policy - registry you will not see that in Local
Group Policy but it should show in Domain Controller Security Policy if SBS
has such. If you can not get for antivirus to work try using the SysClean
utility from Trend Micro [see links below]. Just download Sysclean and the
pattern file [after unzipping] into a common folder to run from - no
installation is involved. --- Steve

http://www.trendmicro.com/download/dcs.asp
http://www.trendmicro.com/download/pattern.asp

Roger Abell · Jul 1, 2005

It sure is starting to sound like a malware based inhibition
of registry tool access.

--
Roger

Steven L Umbach said:
Hmm. From what I can tell it looks like subinacl shows that administrators
have full control of HKLM. I am at a loss as why you can not edit it. I
always use regedt32 for Windows 2000 so you may want to try that if you have
not yet. If it was my computer I would not use subinacl until I had an image
backup. As far as Group Policy - registry you will not see that in Local
Group Policy but it should show in Domain Controller Security Policy if SBS
has such. If you can not get for antivirus to work try using the SysClean
utility from Trend Micro [see links below]. Just download Sysclean and the
pattern file [after unzipping] into a common folder to run from - no
installation is involved. --- Steve

http://www.trendmicro.com/download/dcs.asp
http://www.trendmicro.com/download/pattern.asp

Andy Roxburgh said:

Hi Steven,

I get (exactly as output) :
....
Logon Script
User Profile
Home Directory
Last logon 6/30/2005 2:00pm

Logon Hours Allowed All

Local Group Memberships
*Account Operators
*Administrators
*Backup operators
*Server Operators
*Print Operators

Global Group Memberships
*Exchange Services
*Domain Admins
*Domain Users
*Enterprise Admins
*Exchange Domain Serve
*Group Policy Creator
*Backoffice Internet U
*Scheme Admins
domain
as

I checked this with the SBS Admin console and it appears to be OK.
vendor.

Just tried a full AV scan and it consistently locks up half way through -
not a great sign!
Just ran MS Antyspyware beta and it's clean; will try a different AV
scanner
and try again.

Will try this at the weekend - the server's in use at the moment.
use
it on
a

Thanks! Have used it to show the HKLM permissions. Typing
subinacl /key HKEY_LOCAL_MACHINE /display
I get :

===========================
+KeyReg HKEY_LOCAL_MACHINE
===========================
/control=0x0
/owner =builtin\administrators
/primary group =system
/audit ace count =0
/perm. ace count =4

/pace =system ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =builtin\administrators ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

/pace =restricted ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

and this compares to HKEY_USERS which I do have access to as follows:

===================
+KeyReg HKEY_USERS
===================
/control=0x0
/owner =builtin\administrators
/primary group =system
/audit ace count =0
/perm. ace count =4

/pace =system ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =builtin\administrators ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

/pace =restricted ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

To me it looks fine; but there's definitely something wrong somewhere
because it won't show HKLM permissions etc from regedit!

Do you think I should try

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=systems=f

?

Ironically the reason I'm going through all this is so that I can create a
ghost image - I'm using Veritas IDR and it's not playing ball.
So I can't easily ghost the server before making changes.

I don't appear to have the 'registry' item available under 'security
settings'....

It's not looking good is it??!

Andy

Click to expand...

Steven L Umbach · Jul 1, 2005

I was wondering about such. Hopefully using Sysclean and trying from safe
mode will give a clue. I also understand that some "internet protection"
packages can also block access to/protect the registry and users often do
not realize such or forget about it when they install those type programs.
I have not used such a program myself. Many of the antivirus programs are
going far beyond just malware detection and removal which I guess is a good
thing if a user understands/remembers what is being done to their
omputer. --- Steve

Roger Abell said:
It sure is starting to sound like a malware based inhibition
of registry tool access.

--
Roger

Steven L Umbach said:

Hmm. From what I can tell it looks like subinacl shows that
administrators
have full control of HKLM. I am at a loss as why you can not edit it. I
always use regedt32 for Windows 2000 so you may want to try that if you have
not yet. If it was my computer I would not use subinacl until I had an image
backup. As far as Group Policy - registry you will not see that in Local
Group Policy but it should show in Domain Controller Security Policy if SBS
has such. If you can not get for antivirus to work try using the SysClean
utility from Trend Micro [see links below]. Just download Sysclean and
the
pattern file [after unzipping] into a common folder to run from - no
installation is involved. --- Steve

http://www.trendmicro.com/download/dcs.asp
http://www.trendmicro.com/download/pattern.asp

Andy Roxburgh said:

Hi Steven,

Make sure that you are logging on as the administrator account and not
some
renamed administrator which is sometimes used as a domain account. The
command "net user administrator" will display group membership.

I get (exactly as output) :
....
Logon Script
User Profile
Home Directory
Last logon 6/30/2005 2:00pm

Logon Hours Allowed All

Local Group Memberships
*Account Operators
*Administrators
*Backup operators
*Server Operators
*Print Operators

Global Group Memberships
*Exchange Services
*Domain Admins
*Domain Users
*Enterprise Admins
*Exchange Domain Serve
*Group Policy Creator
*Backoffice Internet U
*Scheme Admins

Also verify
that domain admins is a member of the administrators group for the domain
as
it is possible for it to be removed.

I checked this with the SBS Admin console and it appears to be OK.

You should also run a full malware scan
on your server being sure to use the latest definitions from your vendor.

Just tried a full AV scan and it consistently locks up half way through -
not a great sign!
Just ran MS Antyspyware beta and it's clean; will try a different AV
scanner
and try again.

Also some "protection" packages can block access to the registry I am
told.
You may want to boot into safe mode to see if that helps.

Will try this at the weekend - the server's in use at the moment.

Subinacl is a tool
that can be used to view and change file and registry permissions at the
command line if need be. However it is very powerful and I would not use
it
unless you have a full image type backup of your server or you are
very
confident that you are using the right command possibly from trying it on
a
test computer first.

Thanks! Have used it to show the HKLM permissions. Typing
subinacl /key HKEY_LOCAL_MACHINE /display
I get :

===========================
+KeyReg HKEY_LOCAL_MACHINE
===========================
/control=0x0
/owner =builtin\administrators
/primary group =system
/audit ace count =0
/perm. ace count =4

/pace =system ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =builtin\administrators ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

/pace =restricted ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

and this compares to HKEY_USERS which I do have access to as follows:

===================
+KeyReg HKEY_USERS
===================
/control=0x0
/owner =builtin\administrators
/primary group =system
/audit ace count =0
/perm. ace count =4

/pace =system ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =builtin\administrators ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Full Control
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2
KEY_CREATE_SUB_KEY-0x4
KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20
DELETE-0x10000
READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000

/pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

/pace =restricted ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2
Key and SubKey - Type of Access:
Read
Detailed Access Flags :
KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
READ_CONTROL-0x20000

To me it looks fine; but there's definitely something wrong somewhere
because it won't show HKLM permissions etc from regedit!

Do you think I should try

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=systems=f

?

Ironically the reason I'm going through all this is so that I can
create a
ghost image - I'm using Veritas IDR and it's not playing ball.
So I can't easily ghost the server before making changes.

Group Policy can also be used to manage registry
permissions via computer configuration/Windows settings/security
settings -
registry though you need to be careful doing such and should unlink
the
Group Policy when done and needs to be linked to the proper OU where the
computer accounts are. Improper use of file/registry permissions via
Group
Policy can cause performance problems in the domain. --- Steve

I don't appear to have the 'registry' item available under 'security
settings'....

It's not looking good is it??!

Andy

Click to expand...

Click to expand...

Roger Abell · Jul 2, 2005

Steven L Umbach said:
I was wondering about such. Hopefully using Sysclean and trying from safe
mode will give a clue. I also understand that some "internet protection"
packages can also block access to/protect the registry and users often do
not realize such or forget about it when they install those type programs.
I have not used such a program myself. Many of the antivirus programs are
going far beyond just malware detection and removal which I guess is a good
thing if a user understands/remembers what is being done to their
omputer. --- Steve

Ey, brave new world now, and again coming, isn't it Steve ?
Half of the ground rules will probably have shifted by your return.
Have a great time up north Sir, an kiss the short sweet Summer once
for me, ok?

Steven L Umbach · Jul 3, 2005

I guess time waits for no one as technology marches on though sometimes it
is nice to get away from it all. I will be around for a couple of weeks
t. -- Steve

Andy Roxburgh · Aug 5, 2005

FYI, the problem eventually got fixed by using the reset.cmd script and
SubInAcl.exe.

Andy