Disabling File Protection on W2K SP4

  • Thread starter Thread starter BertieBigBollox
  • Start date Start date
B

BertieBigBollox

I know that on Windows 2000 versions later than SP2 its not as simple
as just setting the SFC registry key....

I've got instructions on how to hexedit the sfc.dll in order to disable
it for SP2 but I've got SP4 on my system.

Is it possible to disable on SP4?

Reason is we clampdown PCs for security reasons, removing things such
as regedit.exe etc.... Unfortnately, at the moment SFC puts them back
after you delete them !!!!
 
It's not a recommended procedure and doing so will actually make your
pc's less secure! All kinds of virus and malware or rogue applications
will be able to replace system files wily-nilly! Why not control access
to these applications with GPO? Also, I think (?) you can remove the
copies of the files in the dll cache and then SFP will have no files to
replace the ones you delete in the System or System32 folders, but that
needs to be confirmed or researched further.

John
 
It's not a recommended procedure and doing so will actually make your
pc's less secure! All kinds of virus and malware or rogue applications
will be able to replace system files wily-nilly! Why not control access
to these applications with GPO? Also, I think (?) you can remove the
copies of the files in the dll cache and then SFP will have no files to
replace the ones you delete in the System or System32 folders, but that
needs to be confirmed or researched further.
Click to expand...

They actually live in a closed environment so no danger of viruses
etc...

Where is the dllcache directory located? Cant find it...
 
%systemroot%\system32\dllcache

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

|> It's not a recommended procedure and doing so will actually make your
| > pc's less secure! All kinds of virus and malware or rogue applications
| > will be able to replace system files wily-nilly! Why not control access
| > to these applications with GPO? Also, I think (?) you can remove the
| > copies of the files in the dll cache and then SFP will have no files to
| > replace the ones you delete in the System or System32 folders, but that
| > needs to be confirmed or researched further.
|
| They actually live in a closed environment so no danger of viruses
| etc...
|
| Where is the dllcache directory located? Cant find it...
|
 
C:\WINNT\system32\dllcache As I said earlier I am not 100% sure on how
Windows will handle file deletions or file renames in the dll cache, up
to you to find out.

Also, if you wish to continue with SFP disable:
http://www.winguides.com/registry/display.php/790

Consider that with SFP disabled even installing a perfectly valid
software package could result in system files being overwritten.

John
 
Maybe empty the folder and set SfcQuota to 0. As long as users don't have
access to the CD-Rom

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/91625.mspx?mfr=true

Also I don't think Windows File Protection Feature can run for non-admins.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| C:\WINNT\system32\dllcache As I said earlier I am not 100% sure on how
| Windows will handle file deletions or file renames in the dll cache, up
| to you to find out.
|
| Also, if you wish to continue with SFP disable:
| http://www.winguides.com/registry/display.php/790
|
| Consider that with SFP disabled even installing a perfectly valid
| software package could result in system files being overwritten.
|
| John
 
I know that on Windows 2000 versions later than SP2 its not as simple
as just setting the SFC registry key....

I've got instructions on how to hexedit the sfc.dll in order to disable
it for SP2 but I've got SP4 on my system.

Is it possible to disable on SP4?

Reason is we clampdown PCs for security reasons, removing things such
as regedit.exe etc.... Unfortnately, at the moment SFC puts them back
after you delete them !!!!
Click to expand...

http://www.microsoft.com/whdc/winlogo/drvsign/wfp.mspx#ENAAC

any help?
 
Back
Top