The only issue I see is with restoring file permissions. Everything else should work fine for
dee_can.
By the way, the .bat file needs to be
run as administrator to work. Running it normally just causes CBS.txt to be made and skips the other steps, so we would end up with the same CBS.txt that has already been uploaded. You may want to fix step 4. in
this post.
Alright, figured out the restore issue. The lines
icacls C:\Windows\PolicyDefinitions\en-US\InetRes.adml /restore %SYSTEMDRIVE%\tom982\admlaclfile
icacls C:\Windows\PolicyDefinitions\inetres.admx /restore %SYSTEMDRIVE%\tom982\admxaclfile
should read
icacls C:\Windows\PolicyDefinitions\en-US\ /restore %SYSTEMDRIVE%\tom982\admlaclfile
icacls C:\Windows\PolicyDefinitions\ /restore %SYSTEMDRIVE%\tom982\admxaclfile
since you are restoring to the files in that location. Here is the reference I used:
Security Watch
The first page actually has an example where the same thing was done that you did that caused restore to fail. Very helpful resource for icacls commands.
Read More:
C:\Users\Mike\Desktop>icacls C:\Windows\PolicyDefinitions\en-US\InetRes.adml /restore C:\tom982\admlaclfile Successfully processed 0 files; Failed processing 1 files
C:\Users\Mike\Desktop>icacls C:\Windows\PolicyDefinitions\inetres.admx /restore C:\tom982\admxaclfile
Successfully processed 0 files; Failed processing 1 files
It appears it was not able to restore the permissions.
I do see this message within the sfc scan; I am not sure if it is the result of the batch file being run or was an issue prior. More testing is needed before I would recommend others run the .bat file:
2012-08-22 06:32:58, Info CSI 000002e1 [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2012-08-22 06:32:58, Info CSI 000002e2 [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
Resolved by using the correct restore location.
Strange coincidence that the files that are corrupted are the same ones the .bat accesses... This was due to restoring from the wrong location. If I use the location given in my CBG.log file, it works fine. SFC comes up clean afterward.
dee_can: If you read this, the location given by Tom is correct for your system. He found that from your CBS.log file.
Full output of the fix.bat:
Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>cd c:\users\mike\Desktop
c:\Users\Mike\Desktop>fix.bat
c:\Users\Mike\Desktop>taskkill /f /im iexplore.exe
ERROR: The process "iexplore.exe" not found.
c:\Users\Mike\Desktop>if not exist C:\tom982 mkdir C:\tom982
c:\Users\Mike\Desktop>icacls C:\Windows\PolicyDefinitions\en-US\InetRes.adml /sa
ve C:\tom982\admlaclfile
processed file: C:\Windows\PolicyDefinitions\en-US\InetRes.adml
Successfully processed 1 files; Failed processing 0 files
c:\Users\Mike\Desktop>icacls C:\Windows\PolicyDefinitions\inetres.admx /save C:\
tom982\admxaclfile
processed file: C:\Windows\PolicyDefinitions\inetres.admx
Successfully processed 1 files; Failed processing 0 files
c:\Users\Mike\Desktop>takeown /f C:\Windows\PolicyDefinitions\en-US\InetRes.adml
SUCCESS: The file (or folder): "C:\Windows\PolicyDefinitions\en-US\InetRes.adml"
now owned by user "DEMO\Mike".
c:\Users\Mike\Desktop>takeown /f C:\Windows\PolicyDefinitions\inetres.admx
SUCCESS: The file (or folder): "C:\Windows\PolicyDefinitions\inetres.admx" now o
wned by user "DEMO\Mike".
c:\Users\Mike\Desktop>icacls C:\Windows\PolicyDefinitions\en-US\InetRes.adml /gr
ant administrators:F
processed file: C:\Windows\PolicyDefinitions\en-US\InetRes.adml
Successfully processed 1 files; Failed processing 0 files
c:\Users\Mike\Desktop>icacls C:\Windows\PolicyDefinitions\inetres.admx /grant ad
ministrators:F
processed file: C:\Windows\PolicyDefinitions\inetres.admx
Successfully processed 1 files; Failed processing 0 files
c:\Users\Mike\Desktop>ren C:\Windows\PolicyDefinitions\en-US\InetRes.adml *.bak
c:\Users\Mike\Desktop>ren C:\Windows\PolicyDefinitions\inetres.admx *.bak
c:\Users\Mike\Desktop>copy C:\Windows\WinSxS\x86_microsoft-windows-inetres-adm.r
esources_31bf3856ad364e35_8.0.6001.18702_en-us_528904d6934778fd\InetRes.adml C
:\Windows\PolicyDefinitions\en-US\InetRes.adml
The system cannot find the path specified.
c:\Users\Mike\Desktop>copy C:\Windows\WinSxS\x86_microsoft-windows-inetres-adm_3
1bf3856ad364e35_8.0.6001.18702_none_d17a7cb2ad9eeb9c\inetres.admx C:\Windows\Po
licyDefinitions\inetres.admx
The system cannot find the path specified.
c:\Users\Mike\Desktop>icacls C:\Windows\PolicyDefinitions\en-US\InetRes.adml /re
store C:\tom982\admlaclfile
C:\Windows\PolicyDefinitions\en-US\InetRes.adml\InetRes.adml: The system cannot
find the path specified.
Successfully processed 0 files; Failed processing 1 files
c:\Users\Mike\Desktop>icacls C:\Windows\PolicyDefinitions\inetres.admx /restore
C:\tom982\admxaclfile
C:\Windows\PolicyDefinitions\inetres.admx\inetres.admx: The system cannot find t
he path specified.
Successfully processed 0 files; Failed processing 1 files
c:\Users\Mike\Desktop>sfc /scannow
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files and successfully repaired
them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log
c:\Users\Mike\Desktop>copy C:\Windows\Logs\CBS\CBS.log C:\Users\Mike\Desktop\C
BS.txt
1 file(s) copied.
c:\Users\Mike\Desktop>start notepad.exe C:\Users\Mike\Desktop\CBS.txt
c:\Users\Mike\Desktop>
Output after using the correct restore location for
my system:
Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>cd \users\mike\Desktop
C:\Users\Mike\Desktop>fix.bat
C:\Users\Mike\Desktop>taskkill /f /im iexplore.exe
ERROR: The process "iexplore.exe" not found.
C:\Users\Mike\Desktop>if not exist C:\tom982 mkdir C:\tom982
C:\Users\Mike\Desktop>icacls C:\Windows\PolicyDefinitions\en-US\InetRes.adml /sa
ve C:\tom982\admlaclfile
processed file: C:\Windows\PolicyDefinitions\en-US\InetRes.adml
Successfully processed 1 files; Failed processing 0 files
C:\Users\Mike\Desktop>icacls C:\Windows\PolicyDefinitions\inetres.admx /save C:\
tom982\admxaclfile
processed file: C:\Windows\PolicyDefinitions\inetres.admx
Successfully processed 1 files; Failed processing 0 files
C:\Users\Mike\Desktop>takeown /f C:\Windows\PolicyDefinitions\en-US\InetRes.adml
SUCCESS: The file (or folder): "C:\Windows\PolicyDefinitions\en-US\InetRes.adml"
now owned by user "DEMO\Mike".
C:\Users\Mike\Desktop>takeown /f C:\Windows\PolicyDefinitions\inetres.admx
SUCCESS: The file (or folder): "C:\Windows\PolicyDefinitions\inetres.admx" now o
wned by user "DEMO\Mike".
C:\Users\Mike\Desktop>icacls C:\Windows\PolicyDefinitions\en-US\InetRes.adml /gr
ant administrators:F
processed file: C:\Windows\PolicyDefinitions\en-US\InetRes.adml
Successfully processed 1 files; Failed processing 0 files
C:\Users\Mike\Desktop>icacls C:\Windows\PolicyDefinitions\inetres.admx /grant ad
ministrators:F
processed file: C:\Windows\PolicyDefinitions\inetres.admx
Successfully processed 1 files; Failed processing 0 files
C:\Users\Mike\Desktop>ren C:\Windows\PolicyDefinitions\en-US\InetRes.adml *.bak
A duplicate file name exists, or the file
cannot be found.
C:\Users\Mike\Desktop>ren C:\Windows\PolicyDefinitions\inetres.admx *.bak
A duplicate file name exists, or the file
cannot be found.
C:\Users\Mike\Desktop>copy "C:\Windows\WinSxS\amd64_microsoft-windows-inetres-ad
m.resources_31bf3856ad364e35_9.4.8112.16421_en-us_e43c20be501fcb4b\InetRes.adml"
C:\Windows\PolicyDefinitions\en-US\InetRes.adml
1 file(s) copied.
C:\Users\Mike\Desktop>copy "C:\Windows\WinSxS\amd64_microsoft-windows-inetres-ad
m_31bf3856ad364e35_9.4.8112.16421_none_632d989a6a773dea\inetres.admx" C:\Window
s\PolicyDefinitions\inetres.admx
1 file(s) copied.
C:\Users\Mike\Desktop>icacls C:\Windows\PolicyDefinitions\en-US\InetRes.adml /re
store C:\tom982\admlaclfile
C:\Windows\PolicyDefinitions\en-US\InetRes.adml\InetRes.adml: The system cannot
find the path specified.
Successfully processed 0 files; Failed processing 1 files
C:\Users\Mike\Desktop>icacls C:\Windows\PolicyDefinitions\inetres.admx /restore
C:\tom982\admxaclfile
C:\Windows\PolicyDefinitions\inetres.admx\inetres.admx: The system cannot find t
he path specified.
Successfully processed 0 files; Failed processing 1 files
C:\Users\Mike\Desktop>sfc /scannow
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection did not find any integrity violations.
C:\Users\Mike\Desktop>copy C:\Windows\Logs\CBS\CBS.log C:\Users\Mike\Desktop\C
BS.txt
1 file(s) copied.
C:\Users\Mike\Desktop>start notepad.exe C:\Users\Mike\Desktop\CBS.txt
C:\Users\Mike\Desktop>
Full CBS.txt:
View attachment 1515