How is he trying to change settings when he gets this message - through
Control Panel network connections?? Does he have any "protection"
software enabled such as for spyware or viruses that have been
configured to monitor and lock down the system? Has he tried using Safe
Mode with networking to see if it happens? Interesting that he can do it
through the registry but not with the other interface. You or he could
try running filemon and regmon [free from SysInternals] to see if you
can find any access denied entries in the logs for those programs that
happen at the time when he tries to change settings and then make
appropriate changes to access control list. When using filemon/regmon
use the filter/highlight setting under options and enter access denied
for filemon so that you can quickly spot those entries as the log can
grow very fast. Also check the logs via Event Viewer to see if anything
shows up at the time he is denied access such as a Software Restriction
Policy entry in the application log. Sometimes if nothing seems to help
I use secedit to reset file and/or registry permissions back to default
as described in the link below but be sure to append the command with
/areas filestore regkeys so that only those security settings are reset.
I would also use the command net user username using his real username
of course to check his group membership as possibly he is a member of a
group that has deny permissions somewhere. Normally a user that is also
an administrator will only be member of administrators and users. Your
suggestion of uninstalling the nic is a good one particularly if his
access seems to be normal everywhere other than to the network settings.
It may also be helpful to try and use netsh to reset tcp/ip as in netsh
int ip reset [log_file_name]. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;EN-US;313222
http://support.microsoft.com/kb/299357
Hey Steve. Thanks for the pointers. I should have mentioned in my post
that I did run rsop.msc and gpedit.msc and found nothing. I walked my
guy through both process and compared his settings to mine. They were
identical.
One of my thoughts is to remove the NIC (and the INF file
) , reboot
and re-install. I did this once before and for some reason it worked -
perhaps a GLITCHED Registry or something.
Also, I didn't mean to suggest that he was logging onto a Domain.
Indeed, it is a Local Account - sorry 'bout that.
In any case, any other ideas?
Wiley.
If he is logged on as the local administrator that is not a domain
user account then it can not be domain level Group Policy
restrictions. Anyway I would have him run rsop.msc on his computer
while logged on as that user account to see if any Group Policy
restrictions are enabled. Look under user configuration/administrative
templates/network/network connections to see if any settings are
enabled or disabled that may be giving him the problem. If not use
gpedit.msc and try enabling/disabling settings as the case may be to
try and reverse any apparent rictions. --- Steve
G'day to all.
A Client of mine all of a sudden has policies on his machine (XP)
that says "Insufficient Permissions..." when he tries to change
Network Settings.
He is logged on as ADMINISTRATOR (the real guy, not a member of admin
acount). The only way we could change the settings (IP address) was
to tweak the registry. Obviously, this is not the way to do things,
but it worked interimly.
I am suspecting that it is a policy, but noone (in the least this
fellow) would have done such a thing. The only wierd thing is that
they put a Win2K3 server on the LAN. It is is it's own domain and on
a different subnet. But I don't see how this would affect him?
Does anyone know what is happening, or why an Admin has incorrect
rights. I've scowered Google and the MS Tech sites, to no avail.
Thanks in advance.
Wiley N2K
