This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 15%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBK%3C/text%3E%3C/svg%3E)
I first tried to repair and then reinstalled Windows 10 Home Edition twice starting from reformatting the system partition "C:" but every time after the first update I noticed that different numbers of Services have a code appended to their name indicating that something is wrong.
The service McpManagerService always generates the error code 1500. This is because of not having access to the mui language files.
On further examinations I found out that on many essential system folders and files, the System and Administrators accounts don't have any permissions, for example on the folder C:\Windows\System32\ the security tab on properties of the folder the two accounts have no rights. Furthermore, it not possible to change them either.
The situation is very much like in this case https://answers.microsoft.com/en-us/windows/forum/all/windows-11-access-permissions-problems/ccda86ac-64b4-49ae-b62b-e1ccf844fa19
The relevant difference are
I have run chkdsk on C:\ and hardware diagnostic but to no avail.
I ran Windows Update troubleshooter too. Then I used a third part tool called SetAcl Studio. The permission shown in that tool are different to those shown in folder properties and the interface allows you to change them.
The bootup and this tool must be reading the permission from different sources, but I don't know which.
I tried to run icacls command as suggested in the above link, but it failed on most files and folders. This could be because the Administrators group don't have adequate rights in the first place.
The only other solution I can think of is
I need a user that has total control. The take possession of all C:\ files and folders and then run cacls "C:" /reset. Will that reset the owner as well. This needs to be done carefully and in the right order. I certainly don't want to go through another instal.
Therefore:
1- Can someone explain to me why this is happening given that I have installed Windows from scratch several times and I get exactly the same error?
2- Will the inbuilt administrator be able to reset the permission?
3- Is this unique to Home Edition and would upgrading help?
Any other suggestion would also be welcome.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 92%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXM%3C/text%3E%3C/svg%3E)
Hi,
Are you certain that you formatted and reinstalled the operating system disk? Typically, reinstalling the OS does not lead to permission issues.
Should you face such permission problems, consider setting the ownership at the root directory level, as permissions will cascade to the subdirectories.
Yes, I am as certain as I can be.
In fact, when this first happened, I tried to repair the system, ended up corrupting the system further.
Finally, I asked Dell, who insisted there was nothing else to except reformatting the disk. They carried out the first installation remotely even deleting the partition where I had a second copy of my data backup. But the same thing happened again. The most obvious clue is error code 1500 in McpManagementService which is that System account fails to start the service and instead the administrator's account is used.
They claimed that this is because there is something wrong with my hardware even though their own diagnostic test passed all the installed hardware.
I wiped the disk off again and reinstalled the OS from scratch from the same ISO file on a USB disk. I managed to install all the drivers that Dell failed to do too but the permissions remained incorrect.
If it were a hardware issue it wouldn't result in exactly the same issue every time.
I don't understand why this keeps happening. But I suspect that it has something to do with the difference between Windows 10 Home Edition and Pro.
I would like to know why this happens and I am amazed that no one else has come across this.
Regarding your response, the problem is that some of the files are open and my account even as a member of administrators group can't override it. I tried to run icacls from the command line as administrator and it still kept stopping. I will have another go.
I have a restore point that I can go back to. Is there something that can be done through the registry that comes into effect on reboot?
I really like to understand why this happens. So, please let me know if logging in under the inbuilt administrator and then take ownership and then run icacls /reset or should I do to command line before boot is completed.
Thanks
I tried it through command line as administrator and this was the final result:
**Successfully processed 624791 files; Failed processing 378981 files.
**
This is what happened last time.
I am afraid it didn't work. See my comment to the response
Please try to perform a Clean Install or Reinstall of Windows 10 follow this guide.
After the reinstall, please get system information using the command prompt (CMD), follow these steps:
Press “Windows”, then type “cmd” and click “Run as administrator” to open CMD.
In CMD, type “systeminfo” and press Enter. It will return a full list of system information.
I was a licenced SQL and Exchange administrator. I was also a CTO of an internet company and been working on Windows for over 35 years.
So, I think I know how to install Windows and besides Dell Engineer tried it with a whole team behind him.
The system has been repaired, upgraded, initialed, reset to factory settings and before and after formatting a disk over and over again.
In fact at one stage I was thinking of suing Dell for not being able to reset their own creation back to factory.
I pointed it out in the original question that Dell even wiped the partition where I had a copy of my data saved.
As I said I am interested to know why the same thing happens over and over again. This is the same issue. I find it hard to think that it is hardware issue. Hardware issues either don't work or the errors are random. Besides Dells Diagnostics as well as other reputable third party diagnostic software have passed the system.
I honestly think this is an issue with Home Edition 22H2 version. I am sure a lot of people have it and they haven't noticed because the Home Editions usually doesn't get updated or used in an environment that requires interaction with the system. The are usually used for the most basic Office tasks or they get reinstalled after 15 minutes of troubleshooting and never check the new installation to be clean.
Even Dell didn't check the Event log or Device driver to see if the system was installed properly. This is why I gave up repairing Exchange servers. No one will pay you for troubleshooting since everyone else just reinstalls and get a service charge and no one ever checks to see if the systems has actually installed properly
This issue needs a Groupe Policy editor to reset groups to default (or correctly) or a code to prevent System accounts disappear from Service related groups. I am not sure at which stage this happens
I will send the system info later on but meanwhile I think I came across a tool that resets group belonging back.
takeown * and icacls * plus the relevant flagged didn't, not even under the inbuilt administrator in a safe minimal boot where in Home Edition is not just disabled but literally hidden.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 66%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Hi,
Let's clarify something first:
1, what's the direct impact of the problem you stated above, for example, a specific service fails to run? And this service impact our routing job
you mentioned "always generates the error code 1500", where did you see the error code? in the event viewer or just the service properties windows, for example, <Failed to Read Description. Error Code: 15100>
Are there any screenshots available? Picture may contain more information for troubleshooting.
2, you mentioned you have formatted the system partition, could you run the "systeminfo" command and post a screenshot for the output?
Regards,
Alex
One of the effects is that services can not start under the system account. These are instead started under the inbuilt Administrator account. They can be identified with the server host process ID appended to all their real names. In each reboot this ID has different value but the same to different services.
For example, the service being is loaded as AarSvc_1533432 with Activation agent Agent Activation Runtime_1533432 where the service name should be AarSvc.
Or The service MessagingService_1533432 instead of MessagingService where the is started like this C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
This is also why you get 1500 in this case the service is McpManagerService started with this command C:\WINDOWS\system32\svchost.exe -k McpManagementServiceGroup
It has no access to .mui files in folders in System32 sub folders. Since Windows\System32 can not be accessed by the System account. It is failed to access error.
I am guessing that the process has started service uses the member is the parameter to configure the service and if it can't the System account then start it with the administrator who is the member of all groups by default.
Even if you go and try to change it by the service account using the user browse box and type in System it won't be there which means it is like a virtual windows with its own virtual groups and the System account is not the member of the group in the parameter. This could be because the Home edition doesn't have active directory where in fact it is but has been disabled. This is why I want to move to pro. But I can't because the licence's 8 part of 6 figure number were verified by Microsoft on the phone.
In 35 years I have never come across this and I can't believe that no one has or maybe they never checked.
Here are a few screenshots. Please remember the once with _and alpha numerical string are the result.
Screenshot (1).png
Screenshot (2).png
Screenshot (6).png
Screenshot (3).png
Can someone escalate this because this is no ordinary problem and I have tried, repair, reset, reinstall with Dell engineers. I have spent almost three weeks on this and no one has answer or suggestion that I haven't tried.
Could this be a bug?
On my Win11 Home laptop I also see the 15100 error. But it does display the Display Name value which it also pulls from the dll. I would need to do more research on that, but I think that the explanation is that the -101 ordinal is not registered in the dll. (I believe that is the correct terminology.)
I would think that you can just ignore that. It looks to be a minor oversight.
To set a service to run as the system account, you would set it here.
The services that have "_nnnnn" appended to them are "per user" services.
https://www.askwoody.com/forums/topic/services-with-a-random-5-digit-code-attached/
https://learn.microsoft.com/en-us/windows/application-management/per-user-services-in-windows
If you used takeown and icacls to reset the permissions on the entire C: drive, then I would think that is going to cause more problems in the long run. I would recommend that you do not do that.
I already done that, as per my previous comment and not only as a member of administrators group but I even reinstalled from scratch. Then I enabled the inbuilt Administrator by adding SpecialAccounts\Userlist in the registry, two keys missing in the Home Edition in the registry and managed to login as the inbuilt Administrator and ran takeown and icacls on the "C:" drive but the error was still there. And the process kept stopping still with access denied even for the inbuilt administrator. Icacls didn't return the ownership either, therefore I wonder if that is the right solution. There should really be a fix to return the system accounts membership of the groups. Maybe in the pro division this takes place automatically.
I think the System account is not a member of the groups used in parameter. This is why if you try to change the service to run under System it won't let you and returns with wrong parameter. The parameter is the group and since System is not a member of the group it returns with wrong parameter.
I know that the number is associated with the process ID but in a clean bootup the number should not be there. This is a compensation for the error (according to Copilot). Besides how do you explain the System account not being there when you try to browse for it?
The first article says it mays be normal but is it not normal not to find the System account in local groups, is it?
At one stage non of printers software or hardware worked and the process just hung there.
The second article tell you how to configure services but will that sort out the file and folders admissions. It also doesn't tell Which services are to run under local System or NT System.
Did it work on Windows 11 or did you just notice it?
This is what I mean this is a bug.
The service description is meaningless. It doesn't affect functionality. If the service doesn't run, that's different. But some services do not run because there is nothing for them to do based on what features you have installed. If you ran takeown and icacls against the entire C drive, then I would expect you to have the proverbial "unpredictable results may occur" issue. You may need to reinstall Windows if you keep getting errors. I will test that service later today on my PC. If your account is a member of the administrators group then it has the same rights as the built-in administrator account.
I had no problem starting the McpManagementService service even with the <Failed to Read Description. Error Code: 15100 > error.
Let's start over. What is the real problem that you are trying to solve? That is; what are you trying to do that is failing and has led you to believe that starting that service will fix it?
Are you doing something with "Universal Print"?
That is what I thought until I added other languages and then the printers stopped working. But why Neither System Nor Administrators have any right on System32 or everything below in on a fresh installation. That cannot be right, can, it?
Furthermore, that is beside the point. It is not clear what is meant by user UI. Which User? Administrator, the specific svchost process? I enabled the inbuild administrator and logged in under it. Here are the screen shot of the services:
Screenshot (8).png
Screenshot (10).png
Screenshot (9).png
It is not clear which of these services should run under what account. Sometimes it is because the Windows update doesn't work properly and you get a shadow user in Users folders starting with Users\000.UsaerA along with the original folder Users\UserA.
The consequence is that from the Event log it is impossible to determine where the error originated from.
Even Dell engineers couldn't tell.
The overall point is that this should not happen on a freshly new installation of the operating system.
I thought I was making a mistake and this is why I asked Dell to do it. The engineer was consulting with their highest level experts while trying and they couldn't come up with anything. In the end they claimed that there must be something wrong hardware wise.
Your statement at least proves that is not the case.
I just want a clean basic installation to start from. Surely that is the least you can expect from an operating system.
Is your Windows a Pro or Home edition because I think with a Pro edition there is a better chance of either preventing it or correcting it.
Otherwise it is back to Linux.
ifOK, lets accept that in this case it doesn't matter. What about the fact that neither System, not Administrators have any rights on System32 folder. But in Advanced they are both listed and having full power.
Does that make sense? Bearing in mind that this is a fresh installation and nothing has been touched on it.
Then I found out that non of these groups passed on as parameter to these ghost services actually exist.
If they were service that were not needed that would be ok but no some of them are supposed to be running automatically.
The clipper service should run automatically but it doesn't and you have to turn it on after booting.
Then there are services like Bluetooth User Support Service or Agent Activation Runtime Service that are to start if an IoT device in present. These are supposed to be started by the local service. So why are they configured to run under the Localservice?
I think it is because Neither System nor Administrators have write permissions or they are not configure correctly from the start.
With all due respect you are mixing several issues together.
Just trying to address all of your questions. I am on the road at moment and will reply later today.
Thank you It is just that a fresh install over and over again results in the same thing. The system and administrators group account have no right on the most consequential folders DNS client doesn't work. Every service that requires access to files in System32 has something wrong with it.. The more you try to correct it the worse it gets. Microsoft has given me a key to upgrade to Pro where at least I have access to the inbuilt administrator but it doesn't work. There is a script using powershell that is supposed to do what icacls does but it still doesn't reset all the rights. E.g. DNS Client is supposed to have Network service permission but it is not there.. I must have installed Widows 20 times. It used to allow a minimum instal but not any longer. At least with a minimum install services can be installed as needed but it keeps installing my office applications and the most annoying one the one Drive. I called Microsoft but they just put the phone down..
I love a challenge. Please bear with me as I try to look around and figure out the issue, because what you've described sounds very strange.
On a clean install where you have not run takeown and icacls, what output do these commands produce in a PowerShell prompt? You should be able to just copy and paste. It does not require admin rights.
icacls.exe c:\Windows\system32
icacls.exe c:\Windows\system32\mmc.exe
Get-ComputerInfo | format-list -Property WindowsProductName, OsVersion,OSDisplayVersion,CsDomainRole,CsPartOfDomain, OsArchitecture,OsProductType,OsType,OsOperatingSystemSKU
I get this.
PS C:\> icacls.exe c:\Windows\system32
c:\Windows\system32 NT SERVICE\TrustedInstaller:(F)
NT SERVICE\TrustedInstaller:(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(M) NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F) BUILTIN\Administrators:(M) BUILTIN\Administrators:(OI)(CI)(IO)(F) BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(OI)(CI)(IO)(F)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE)
Successfully processed 1 files; Failed processing 0 files
PS C:\>
PS C:\> icacls.exe c:\Windows\system32\mmc.exe
c:\Windows\system32\mmc.exe NT SERVICE\TrustedInstaller:(F)
BUILTIN\Administrators:(RX)
NT AUTHORITY\SYSTEM:(RX)
BUILTIN\Users:(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(RX)
Successfully processed 1 files; Failed processing 0 files
PS C:\>
PS C:\> Get-ComputerInfo | format-list -Property WindowsProductName, OsVersion,OSDisplayVersion,CsDomainRole,CsPartOfDomain, OsArchitecture,OsProductType,OsType,OsOperatingSystemSKU
WindowsProductName : Windows 10 Home
OsVersion : 10.0.22621
OSDisplayVersion : 22H2
CsDomainRole : StandaloneWorkstation
CsPartOfDomain : False
OsArchitecture : 64-bit
OsProductType : WorkStation
OsType : WINNT
OsOperatingSystemSKU : WindowsHome
PS C:\>
PS C:\>
I don't mind a challenge myself but as long as I know why I am taking on the challenge.
I have installed the operating system every which way that I could think of, and it always ends-up the same way., Aren't, you curious to know why? The fact that happens every time must mean that somewhere along the way the same thing happens that it shouldn't.
I mean if this must have solid underlying reasons, otherwise it wouldn't happen with such consistency. It is almost as if something is designed to render the two most important accounts in the operating system impotent.
If this is not a conspiracy theory, then it must be result of some most exquisite kind of stupidity not considered at some stage of the development.
I have had a detailed look at your suggestion but I am still not sure why it should make any different to running icacls.exe from the command module under Administrators rights.
If administrators have not right on a specific folder, how can it be allowed to carry out an operation on the same folders and files?
While some argue that PowerShell has access to .net and therefore is stronger than command line it still doesn't make logical sense.
While I take your point about takeown.exe command and can see that it could have been superfluous, but it shouldn't have caused damage. The problem is that when you run icacls.exe it keeps failing and at the end you have a message reporting many failures because of denial of access.
This was not under any ordinary administrator but under the inbuilt administrator which as least in Linux is supposed to be the ultimate authority and is created with absolute rights to every object.
Unless this is a fundamental flaw in the system the only other reason that I can imagine for it existing is the fact that we are talking about a system where the Administrator has been deliberately disabled and hidden because the Home edition was supposed to be used by non-technical people and may be they went a bit too far in restricting rights just to make sure that users could not damage the integrity of the system even if they tried.
Then by some freak of circumstances a specific parameter in my kind of hardware by accident removed more rights that it was supposed to and it was left hidden until I installed additional languages and Intel gave up supporting drivers for this model and given the fact that support for this version is to end soon, I happened to be one of the unlucky ones who decided to look into this issue rather than buy a new machine. In other words, I was the idiot who took on the challenge and given the lack of support shown by Microsoft it makes my theory more believable.
This is why I have decided to upgrade to Windows 10 Pro as I think under that version it might be easier to solve the problem and restore my data.
I think I did ask you if you are using a pro version or are you too using a home Edition.
In any case, unfortunately I have even run into problem with that. I finally realised that the upgrade takes place locally rather than dependent on downloading additional stuff from a server. Staying connected to the web makes it more difficult to upgrade and runs into errors. Illogical but hardly unexpected from Microsoft.
Anyway, I finally managed to upgrade but now I am asked to activate Windows again. The final insult is that when I try to activate Windows as requested, I am asked to downgrade to Windows 10 Home Edition which seems insanity, or this particular part of the code has not been updated to recognise that upgrading to PRO no longer requires purchase of additional licence for $145.00.
If you know of how to get round this then please let me know as I am not investing in any hope of a response from Microsoft Support based in the sub-continent somewhere given the accent of the person who last spoke to me a weeks ago. I have tried calling him and he claims to have tried to call me, but I have had no indication of such attempts registered on my phone.
It appears that your comment got deleted by the forum software.
Why? I don't think so because, my last comment is still there, just before yours.
1-I am going to try your PowerShell script.
2-As soon as I figure out how to activate this upgraded Windows 10 Pro.
3-Please also bear in mind that you are using Windows 11 and not 10. So, what might work on 11 Pro is not guaranteed to work on 10 home.
As I mentioned before, I am astonished that no one else seems to have come across this situation: A fresh installation of Windows 10 home edition ending up with System and Administrators having no authorities on important System folders including System32 where the services are described as per your first uploads.
I repaired the system, then reset it to factory settings, then wiped the disk clean and installed it from ISO from Dell. Then they repeated the same process. The I created a new ISO using the media creation tool and installed from there. Then tried to install a minimum feature and then again reinstalled the default version and every time, I ended up with the same thing.
What I wrote in my previous comment is my theory but only because I haven't come across any other explanation because astonishingly no one else seems to have come across it.
I would welcome a competing explanation and I am all for forgetting about explanations and getting things working. But I am not going to downgrade to Windows Home Edition unless I know what is going on. I used the phone service and then specifically asked the man on the other side if there was anything wrong with my licence. I was assured that there wasn't, and I could upgrade.
I think anyone in my place would be irritated, especially when Dell can't provide an explanation either and Microsoft seems to be avoiding the issue all together.
Having grappled with what is supposed to be straight forward for almost a week only to find out that the upgrade doesn't like to be connected to the internet during the process, I finally managed to at least upgrade to a system that has additional features to better manage the operating system, it is now asking me to install Windows 10 Home Edition, i.e: downgrade!!!!
But I just upgraded from Home Edition with the default Key. It wouldn't have allowed be to upgrade if the initial Windows 10 key from Dell was not valid, would it.
I thought that after upgrading you need to input the original key which is Windows 10 Home Edition Key from Dell. This is what I read and Copilote confirmed. So again, I don't understand what is going on.
Your comment was showing up as deleted for a while yesterday. One of the admins must have restored it.
I have Win10 VM's that I can play with, both Pro and Home. I don't think that the Pro version is going to make a difference. It's the same code base, just some programs/features are not available in Home.
Run those 3 commands and post the output. I will compare against my 2 vm's.
Thank you for kind response. I thought you have given up. I am about to myself.
Well, it is pro now and I have secedit and gpupdate officially and activating the inbuilt administrator didn't involve messing with the registry. So, they are not quite the same.
I have prepared what I hope is everything with gpupdate and gpupdate /force from command line as administrators. Ran SFC /SCANNOW and everything is now healthy, but update troubleshoot still doesn't return error free. I think, that is because the permissions on the files and system folders are messed up.
So, why shouldn't I run icacls.exe from PowerShell as administrator on the whole drive because when I examine folder rights in via advanced button inheritance is None. So, permission must have been applied specifically to each folder rather than inheriting them from parents and since Windows and Windows\System32 both have permissions to Administrators and System accounts missing. Then Windows folder must also change.
Then assuming that the security template can be restored into C:\Windows\inf\defltbase.inf then shouldn't I run
icacls.exe "C:"/t /c /q /reset ?
which applies the permissions in the security template to all files and folders.
I did do that on Windows\System32 but from command line as administrator and I still got 20,000 failures where you got 0 failures. So, it must be PowerShell then is one of the packages that can change permissions because even in effective rights Administrator is not allowed to change permission to delete folders.
Secondly, I am sorry to sound thick but those lines in the second PowerShell frame look like more icacls.exe runs or are they output of Get-ComputerInfo command? If not, then where did you get those commands?
The problem is that while upgrading to pro is free activating it is not free. That is bizarre, isn't it? The support for Windows 10 is to end next year and the key costs $145.00 according to Microsoft Store. Is there something that everyone knows but no one talks about?
Thanks again for the feedback and I will run icacls.exe inside PowerShell as soon as you clarify the above two points and who knows my nightmare might come to an end.
Finally, I ask again, how come no one else has come across this?
but those lines in the second PowerShell frame look like more icacls.exe runs
Yes, Powershell can run executables just as easily as cmdlet's. The output of those commands will show me what ACL's have been applied and what inheritance has been set. I wanted to see all of the permissions on System32 and on one of the files in it.
I think, that is because the permissions on the files and system folders are messed up.
That's what I'm trying to determine. What exactly is "messed up"? Do you have extra permissions? Which ones are you missing? I looked at all of your images, but none of them show permissions.
how come no one else has come across this?
At this point in time, I am not convinced that you have a problem. Let's take this one step at a time. First step is to analyze the permissions and identify what is "messed up".
Again, please run those 3 commands and post the output. I will compare against my 2 vm's.
This is a test comment. I am not seeing my last reply.
OK, here is the output of the PowerShell commands:
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
Try the new cross-platfoicacls.exe c:\Windows\system32score6 >> icacls.exe c:\Windows\system32\mmc.exe >> Get-ComputerInfo | format-list -Property WindowsProductName, OsVersion,OSDisplayVersion,CsDomainRole,CsPartOfDomain, OsArchitecture,OsProductType,OsType,OsOperatingSystemSKU c:\Windows\system32 NT SERVICE\TrustedInstaller:(F)
NT SERVICE\TrustedInstaller:(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(M)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(OI)(CI)(IO)(F)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APP PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APP PACKAGES:(OI)(CI)(IO)(GR,GE)
Successfully processed 1 files; Failed processing 0 files
c:\Windows\system32\mmc.exe NT SERVICE\TrustedInstaller:(F)
BUILTIN\Administrators:(RX)
NT AUTHORITY\SYSTEM:(RX)
BUILTIN\Users:(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APP PACKAGES:(RX)
Successfully processed 1 files; Failed processing 0 files
WindowsProductName : Windows 10 Pro
OsVersion : 10.0.19045
CsDomainRole : StandaloneWorkstation
CsPartOfDomain : False
OsArchitecture : 64-bit
OsProductType : WorkStation
OsType : WINNT
OsOperatingSystemSKU : 48
I don't know why pasting out of PowerShell caused the division you see above where some parts are in a frame but that are one part from everything in the PowerShell window. These commands don't change anything. They just output the current security attributes of one folder and one file in that folder.
However, I am glad that even at this level there are differences that I hope will change your assumption that there is nothing wrong with the system because there is:
nslookup doesn't work. I would call that a problem, don't you? In fact, DNS service never returns a response because there is nothing in it. This means none of the items connected to the Workstation and none of them have been registered in DNS, hosts or LM hosts. I think, that is because they don't have access to them
DNS Client service doesn't work. Do you call that no problem either?
Windows update troubleshooter gives the same result of having fixed the same thing over and over again.
Maybe DNS is just there for decoration.
Besides Permissions don't make sense even in the effective access table
Of course, that is setting aside McpManagerSerives error that is "really" not an error really. It is Window's sense of humour, is it?
How many problems do you want me to list for you?
PS C:\Program Files (x86)\PowerShell\7> icacls.exe c:\Windows\system32
c:\Windows\system32 NT SERVICE\TrustedInstaller:(F)
NT SERVICE\TrustedInstaller:(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(M)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(OI)(CI)(IO)(F)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APP PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APP PACKAGES:(OI)(CI)(IO)(GR,GE)
Successfully processed 1 files; Failed processing 0 files
PS C:\Program Files (x86)\PowerShell\7> icacls.exe c:\Windows\system32
icacls.exe c:\Windows\system32\mmc.exe
Get-ComputerInfo | format-list -Property WindowsProductName, OsVersion,OSDisplayVersion,CsDomainRole,CsPartOfDomain, OsArchitecture,OsProductType,OsType,OsOperatingSystemSKU
c:\Windows\system32 NT SERVICE\TrustedInstaller:(F)
NT SERVICE\TrustedInstaller:(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(M)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(OI)(CI)(IO)(F)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APP PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APP PACKAGES:(OI)(CI)(IO)(GR,GE)
Successfully processed 1 files; Failed processing 0 files
c:\Windows\system32\mmc.exe NT SERVICE\TrustedInstaller:(F)
BUILTIN\Administrators:(RX)
NT AUTHORITY\SYSTEM:(RX)
BUILTIN\Users:(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APP PACKAGES:(RX)
Successfully processed 1 files; Failed processing 0 files
WindowsProductName : Windows 10 Enterprise
OsVersion : 10.0.19045
CsDomainRole : StandaloneWorkstation
CsPartOfDomain : False
OsArchitecture : 64-bit
OsProductType : WorkStation
OsType : WINNT
OsOperatingSystemSKU : 48
I installed PowerShell 7 and ran it again. I have also enabled the remote. So, if you doubt anything you can see it for yourself.
I am pasting the output as plain text to see if the multi framing can be avoided and make the result more readable.
PS C:\Program Files (x86)\PowerShell\7> icacls.exe c:\Windows\system32
c:\Windows\system32 NT SERVICE\TrustedInstaller:(F)
NT SERVICE\TrustedInstaller:(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(M)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(OI)(CI)(IO)(F)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APP PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APP PACKAGES:(OI)(CI)(IO)(GR,GE)
Successfully processed 1 files; Failed processing 0 files
PS C:\Program Files (x86)\PowerShell\7> icacls.exe c:\Windows\system32
icacls.exe c:\Windows\system32\mmc.exe
Get-ComputerInfo | format-list -Property WindowsProductName, OsVersion,OSDisplayVersion,CsDomainRole,CsPartOfDomain, OsArchitecture,OsProductType,OsType,OsOperatingSystemSKU
c:\Windows\system32 NT SERVICE\TrustedInstaller:(F)
NT SERVICE\TrustedInstaller:(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(M)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(OI)(CI)(IO)(F)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APP PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APP PACKAGES:(OI)(CI)(IO)(GR,GE)
Successfully processed 1 files; Failed processing 0 files
c:\Windows\system32\mmc.exe NT SERVICE\TrustedInstaller:(F)
BUILTIN\Administrators:(RX)
NT AUTHORITY\SYSTEM:(RX)
BUILTIN\Users:(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APP PACKAGES:(RX)
Successfully processed 1 files; Failed processing 0 files
WindowsProductName : Windows 10 Enterprise
OsVersion : 10.0.19045
CsDomainRole : StandaloneWorkstation
CsPartOfDomain : False
OsArchitecture : 64-bit
OsProductType : WorkStation
OsType : WINNT
OsOperatingSystemSKU : 48
Here are screenshots of effective access table of the administrator on System folder Windows and a .dll file in Windows\System32 as a sample, showing that it is not allowed to change permissions which makes be doubt if icacls.exe can reset them.
Unless PowerShell runs outside of Windows and doesn't operate under any Windows account except the trusted installer.
I hope you can see the logic. This is why I took owner ship but that doesn't necessarily change anything.
This is what I mean by not making rational sense. If it can't change permissions, then it can't reset the permissions either.
I don't know what comment was deleted and even if it was mine.
Because I said everything to be said about your assumption that there is nothing wrong with my system.
First of all, I am sorry that it took so long to give you the results of the script you asked for. I was wrapped up in upgrading from Home to Pro and wasn't paying attention. I didn't notice that you were asking for information. I thought you were proposing it as a solution. It sounds silly now but I was not paying attention.
As I have mentioned before I have tested the solution demonstrated in videos and tutorials across the web which is basically icacls.exe /reset with or without "takeown" command from the command line as administrator and it didn't work. Having looked at the effective access table I can see why.
Is this going to work under PowerShell? It shouldn't because PowerShell still runs under a Windows account and if it had more authority than that account then it wouldn't make sense. But if you have a solution then by all means I will still try it. I have no ego when it comes to repairing Windows.
However, if your solution didn't work then maybe you consider my proposal:
The solution that I can see working. Through another Windows installation, treating the corrupted Windows as a bunch of files stored under NT filing structure. Then a script can read the default attributes of the health Windows installation and copying it to the same file in the corrupted one. This will update the information is system volume folder of the corrupted Windows. So, the next time the Windows folder boots up it should have the corrected attributes to the file. Off course this needs understanding of low-level NT file header and making sure to that additional information like the local computer name is replaced with appropriate string containing the right local computer.
I don't have a healthy Windows 10 here but if you have access to one then please run icacls.exe on all files except those in USERS folders or if you know of a table that has that information in a table format even the better. Once I have such a document then I can ask Copilote to write a script to change the attributes of all the files in all system folders including at the drive level if different.
Maybe, there is such a script already available. If there isn't then it should as it seems a good repair tool. Maybe, it is written in C and optimised to run much faster with minimizing the writing parts.
Then if it still boots up with the wrong permissions, we know that source of that information is wrong, and it is not in drive folder. Then the solution is to correct the content of the source.
When I first started, I used a third-party tool AclSet Studio, and I was astonished that the permission in there were correct but couldn't copy them over which was not obviously why at the time. That information must come from a different source
Either way I hope this is the end of it and there can be a solution made. I still would like to know how this came about including the error 1500 that according to you is meaningless. It might well be in this context, but it needs fixing, doesn't it?
I hope you haven't abandoned the issue or at least inform me if you have.
Thank you.
BTW, I looked at a Windows 11 installation that didn't have the error 1500 on McpManagerService probably because the Administrators group has full control on the same Sytems folders at least on the folders C:\Windows and C:\Windows\System32 which is not the case on my system.
I don't know how different Windows 10 and 11 are in terms of Effective Access by Administrator group.
I know you that taking ownership doesn't help. I did that a week ago. The problem is that Administrator doesn't have petmission to change permissions including his own. Which service could be responsible for this? Besides I think we went passed this point. You asked me to send you the permissions on Windows\System32 and a file in that folder and I did. They are clearly different to your on your Win 11. So, how do you suggest I rectify it? I have tried icacls /reset but it won't work because the account, i e. Adminitrator doesn't have permission to change permisdions. So it returns with failure regardless of running it from the commandline or PowerShell. I even reintalled windows 10 22H2 without access to internet as a way of preventing the updates but the rexult was still the same. This is because the ISO I have down loaded has updates and they are run off line without access to internet. I have heard of creating a temporary account that can change Administrators permissions to reult in effective access not to exclude changing permission. Then icacls might work. The problem is that it is not clear how many folders and files are affected.
A process running with elevated privileges under an account that is a member of the Administrators group will have the SeBackupPrivilege and the SeRestorePrivilege in its token but they will be disabled. If these privileges are enabled in the token the process should then be able to act on files, folders and other system objects without limitation by security descriptors. For example, the discussion of the right to restore files and directories (i.e., SeRestorePrivilege privilege) at Restore files and directories - security policy setting says "This security setting determines which users can bypass file, directory, registry, and other persistent object permissions when they restore backed up files and directories, and it determines which users can set valid security principals as the owner of an object." So maybe you can find a powershell script to enable these token privileges and proceed from there. Of course, you do this at your own risk.
Test comment. This site has been broken for several days now.
This web site has been broken for several days now and I was not able to reply. It would either crash, or continually prompt me to sign in. This is the (modified) reply that I typed up 3 days ago.
How many problems do you want me to list for you?
One at a time.
You said that permissions on system32 were "messed up". I do not see that. Look at the icacls output that you posted versus what I posted. You have an additional ACL for system that is not in my reply. But I checked my Win10 Home VM and it matches what you posted. I do not see any reason for you to think that permissions are "messed up".
Update: I looked at your Effective Access images and they look exactly like mine on Win11.
You should not be touching the file owner or permissions on C:\Windows, subfolders and files.
I see no reason for you to think that permissions are Incorrect. MS doesn't want Administrators to be able to modify certain folders within the OS. It is not uncommon for Admins to not have full control over everything.
If you are having some problem which you think is being caused by the permissions, please explain that problem.
Please let's focus on one problem at a time.
As I mentioned services don't work properly. E.g. DNS service doesn't register anything, it is empty. Host and LMhost files don't get populated. That is because in the effective access table no one has write access to these files including network service.
This is how it all started. This how I found out about McpManagerService.
Administrator doesn't have the right to change permissions. So if you run icacls with /reset flag it should not return with fail to access and certainly not corrupt the system. If the system is perfectly fine then it shouldn't change anything. But instead on the next boot up it fails it tries to repair itself but it can't.
I was trying to setup a routing table to maintain routing between wi-fi devices and Ethernet devices. This is why I changed the IP address from DHCP to a preset value within the range. I need to use the DNS Clint service. But nothing gets registered in there, not even the local machine.
The logic I followed is what I see in the effective access table.
The permissions I sent you did not match yours. I will check them again but I even asked Copilot to compare the permissions you sent me with what I got out of the same commands and it confirmed that they did not match. Otherwise I wouldn't have sent them to you.
If something doesn't work it means there is something wrong somewhere. The way I see it is to do with permissions.
Besides those permissions are meaningless. Only the effective access matters.
Oh, I forgot: This one is another remaining problem:
Problem with BITS NET HELPMSG 2182. System.Management.Automation.RemoteException
I can't find an answer to it. So maybe, you can sort this one out as well or it doesn't matter either?
You need a Server version of Windows to run a DNS server service.
The DNS Client service is used to resolve DNS domain names, by querying locally cached information obtained from a previous query or by querying a remote DNS server.
E.g. DNS service doesn't register anything, it is empty.
Huh?
"Ipconfig /displaydns" will display the cached names and addresses.
On my home network, I have a wifi router at 192.168.1.1. It serves as the DHCP/DNS server. When any of my pc's boot they get an address from the router and their name is registered with it. The router calls external DNS servers to resolve names on the internet.
c:\ipconfig /all
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel(R) Wi-Fi 6 AX201 160MHz
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.8(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, August 22, 2024 8:22:14 PM
Lease Expires . . . . . . . . . . : Saturday, August 24, 2024 7:23:30 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
I manually edited the hosts file to override DNS to block certain names that I found my pc accessing, and also to test stuff out. Administrators have full control.
PS C:\Windows\System32\drivers\etc> icacls .\hosts
.\hosts NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Users:(I)(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(RX)
If I needed to manually create an entry, I would use the routers web interface to do that.
I would expect your router to have similar functionality.
I was trying to setup a routing table to maintain routing between wi-fi devices and Ethernet devices.
Are the ethernet devices plugged into your pc or the router? If they are plugged into your PC, then you could manually add an entry into the hosts file and use the "route add" command to define the network route over to the ethernet adapter and not use the wifi adapter.
https://www.bing.com/search?q=how%20to%20use%20the%20windows%20%22route%20add%22%20command
Well, no. I managed to get DNS working.
It would have been easier if Administrator had more access.
But I changed access to the files and added Network service to have write access.
Sorry, I have no idea what you are doing.
I am sorry for the late response.
In the end I had to use a tool to login under the NT system and give myself the rights I needed.
DNS client service is doing nothing in its default setting because it doesn't have the permission to access the files that it needs which are in System32 and since no other user can have modifying rights to anything in that folder you can't do anything.
I kept asking you how administrators' can be changed to change others' rights. I got my degree in computer science in 1982 and MPhil in communication in 89. All my working life was based in the idea that Administrator is in charge.
You kept on going about that it was not needed.
I suppose we have apposing perspectives when it comes to computing.
Windows, for the sake of security has sacrificed logic. None of it makes sense anymore.
I used the tool to do what was needed. This is what administrators are supposed to be able to do, no?
Until you have a clever enough AI to take over the job of an administrator, need to give the administrator's account it full rights. This is just logic, pure and simple.
The irony is that in taking aways Administrator's rights (even more so in the Home Editions) you have made the OS less secure.
You can close this if you want. But the lesson I learned was that Microsoft support is not about helping people. They are bent of proving that they know better.
PS: McpManagerSerice is looking for a file that is not there. Maybe you could tell me what that file is and when it should be. I am not going waste any more time on it until it starts interfering with printing which it did once. There was a time when an error free system was a source of comfort, but I guess that too has been sacrificed.
I got my degree in computer science in 1982 and MPhil in communication in 89. All my working life was based in the idea that Administrator is in charge.
I wrote my first program, in COBOL, in 1974. I have a B.S. in Computer Science, 1978. The first half of my career was spent as a systems programmer supporting MVS/CICS on IBM mainframes. In the mid/late 90's I moved to the newly formed Windows server team supporting 5 NT 3.51 Compaq servers. When I was forced into retirement, we had 3000+ Windows server instances (physical/VMWare/Azure). Our team supported the global servers for a very large electronics firm. I have programming experience in COBOL, S/370 assembler, C, C#, REXX, VB (3-6, .Net, VBS, VBA), ASP, ASPX, and nowadays mostly Powershell.
I have been doing troubleshooting and answering questions like yours for decades. I do not claim to be an expert in every technology, but I do claim to be one of the guys that everyone in my company went to for help when they had a problem with Windows. If I don't know the answer, I seemed to have a knack for finding it. This forum gives you free access to guys like me who have lots of real-world support experience.
Be it intentional or accidental, Microsoft does not want Administrators messing with certain folders. That is why you may see that TrustedInstalled has been granted full control and admins (and even system) only have read access.
I should have asked my favorite question first. What's the real problem? That is, why do you want to set permissions? Which specific files? I don't understand what you are doing with the DNS Client. You mentioned "routing between wi-fi devices and Ethernet devices", but you never explained your network setup and why you need to do that.
You may very well be doing something that I just never had a need to resolve. And while changing the permissions may fix it, I stand by my claim that in 99.9% of the cases, users should not be touching the permissions on C:\Windows.
PS: Just ignore the McpManagerSerice error. It does not affect functionality.
See RLWA32's comments here.
@MotoX80 I didn't undelete your comment but I'm glad to see it was handled promptly. These deletions have been a chronic problem for me and I have complained about them on many occasions. One particular moderator has been very helpful responding to my complaints and restoring those improper deletions. Perhaps that was the individual who noted my comment about your post and restored your comment.
Windows is for corporates. There has to be a server on the Network. I had to learn Windows, in order to get a job. Otherwise, no one sane would adopt Windows as a personal computing platform.
I did try Apple, but the Mac used to breakdown even more than Windows at the time. The other thing about apple is their control freak attitude that has now got to Windows as well. I still don't understand why mac is so popular. Once I took my sister's old model iPhone. It is terrible, you feel caged. In the end I had to jail break it but it still didn't provide any flexibility. Most of my friends use Mac. I think it is for people who when it comes to computing they have no curiosity or imagination. They never ask, I wonder if you can do this or that.
I wish Linux had come out earlier and someone would have made Windows like interface. Then you could develop and manage in Linux for Windows. But that took a long time to come about.
But, I am going back to Linux, I thought Windows 11 would be modular and make sense but no, nothing has changed from what I can see. Life is too short to keep banging your head against the wall. It must make sense logically and Windows doesn't.
< duplicate >
< duplicate >
< duplicate >
As I started this thread, I guess I have to finish it as I found the solution to the problem myself.
The fundamental problem is that in Windows the Administrator is no long an Administrator because Microsoft has decided that.
I don't agree with MotoX80 whose judgment seems to have been biased by how popular he is as a troubleshooter.
I think Windows XP was the closest Microsoft got to a descent Operating system, still manageable general computing. Now we have developers' mode that I haven't looked into.
Humans are irrational but computer need not to be. If you can't rely on logic of a computing system then you have nothing else to rely on. Administrator is called an administrator for a reason. If Microsoft thinks no one should have total access, then they should find another term and drop the Administrator account. TrustedInstaller is really the administrator now which is why it doesn't reside in the system. Network Group is no longer there either.
It is like political correctness suddenly jumping at your throat and saying you can't use words that were thought to have distinct meaning, because no they are meaningless. These LLM based AIs are the example of how language on its own is not sufficient and endup having linguistic hallucination.
I heard one of these fathers of AI saying that LLM AIs can develop understanding. I think that is linguistic hallucination as well. Language was invented and if AI's it exists in abstraction that language made possible, but it would be silly to mistake abstraction for material existence. What we share are the physical laws. Language tends to cause divergence sometimes deliberately and other times organically. We discovered rationality rather than inventing it. This is why it is far more cohesive in how we interpret out world.
Windows is for corporates. There has to be a server on the Network. I had to learn Windows, in order to get a job. Otherwise, no one sane would adopt Windows as a personal computing platform. I did try Apple, but the Mac used to breakdown even more than Windows at the time. The other thing about apple is their control freak attitude that has now got to Windows as well. I still don't understand why mac is so popular. Once I took my sister's old model iPhone. It is terrible, you feel caged. In the end I had to jail break it but it still didn't provide any flexibility. Most of my friends use Mac. I think it is for people who when it comes to computing they have no curiosity or imagination. They never ask, I wonder if you can do this or that. I wish Linux had come out earlier and someone would have made Windows like interface. Then you could develop and manage in Linux for Windows. But that took a long time to come about. But, I am going back to Linux, I thought Windows 11 would be modular and make sense but no, nothing has changed from what I can see. Life is too short to keep banging your head against the wall. It has to make sense logically and Windows doesn't.
I was just trying to help you.
I am sure you were. But that was not the point. Maybe, one day Copilote will be as good as you and even be able to tell what I am trying to do. You didn't realise how I got to the point where I had to post my question here. Yet another communication/linguistic problem, isn't it?
Copilote could have said don't waste your time trying to do it this way.
Get a third-party DNS server instead.
What I meant was that I was trained to understand the term Administrator as something that is not no longer means the same thing and it cost me a lot of wasted time
Why don't you explain what you are trying to do with DNS? Maybe provide a little background on your network. Doesn't your Wi-Fi router act as your DNS server?
You see, there you go. Concentrating on the wrong issue. You don't appreciate the philosophical point that goes beyond computing.
It is about consensus and the basis of the consensus. People mistake consensus for facts, and this is what is leading to chaos.
This is the problem of linguistic convergence too. A consensus around logic is far more resilient and stable than that over language.
Words become meaningless just as it has in the case of Administrator. TrustedInstaller has taken over the power of the Administrator. It has taken power away from the owner.
I am sure Microsoft would say but that is for users' benefit but that doesn't negate the fact that it is still a lie.
This why people allow themselves to come up with alternative facts that has no consensus behind then, just imposition of one power over another. This is what is going to make certain that these AIs are going to being about disaster. If an AI standard was based on maintaining logical and philosophical consistency, then it could be helpful.
Just to Satisfy your curiosity. My routers doesn't have dynamic routing. So while Wi-fi devices can reconnect as they change IP, since I moved my lap to Ethernet, every time a Wi-fi device moves out or changes IP for some other reason like router reset or power outages. They don't automatically reconnect to the Lap top.
This is why I need something to be able to lookup to find the IP and re-route it to the Lap top. They register with their name but I can't get their names from inside the router.
So, I thought that the best way was to set up a land wide DNS and the only place I could do it was in the Laptop. I could have paid for a dynamic IP service but I hate keeping track of subscription and god know we already have too many of them. They you always end up paying more than you expect because they can break the service in parts that don't have any use on their own anyway.
So, I checked the folders and I saw a hosts and LMHosts. So, thought well if they are there then they must get activated somehow. But they were empty except for comments telling you how they work but if you can't have access to them you can't do anything with them. You can't even enter a static IP.
So why are they there and why is the service on automatic? At least the service should be disabled by default and in one of these files should say that these files are for Windows server but none of this information is there.
So may be you can tell me how to do anything with this service to make it worth running without a windows server? You have to download a server manager link it to the local machine, in order to configure it.
But why are they there anyway. Surely if you have a DNS server on the Server there is no need for these files on the workstation is there?
BTW for all those who think Home Edition has the same code base as pro they should check out this this link:
https://www.microsoft.com/en-us/download/details.aspx?id=45520#:~:text=It%20can%20be%20installed%20on,run%2D%2Don%20Windows%2010.
"IMPORTANT: You can install Remote Server Administration Tools for Windows 10 only on the full release of Windows 10 Professional or Windows 10 Enterprise".
Try installing it on Home Edition and let me know how it is done"
My routers doesn't have dynamic routing.
Is that a typo and it should be "my router", or do you have multiple routers? What are the manufacturer names and models for your routers?
So while Wi-fi devices can reconnect
What are these devices? Are these other Windows machines? Linux PC's?
I assume that you have a "primary router" and it is connected to your ISP and provides internet access. And your laptop is plugged in via a cable to this router.
Does this router also provide Wi-Fi for your network?
Look at my reply from Aug 23, 2024, 11:01 AM where I posted the output of "ipconfig /all". What do you have set for "Default Gateway", "DHCP Server", and "DNS Servers"?
Are all of your machines connected to your "primary router" and have the same values set?
Dynamic routing protocol: https://www.catchpoint.com/dynamic-routing-protocols#:~:text=Dynamic%20routing%20protocols%2C%20as%20their,in%20spite%20of%20any%20changes.
So, no it is not a typo and there is such a thing as dynamic routing protocol which my router doesn't support.
I have two routers, one is modem router provided by my ISP and I also have what I call a LAN/VPN router. I use that to install VPN so that all devices can share the same connection. Instead of getting an IP from one country on one device like Fire stick which breaks the connection with the rest like tablet controlling the fire stick.
Yes the LAN/VPN is wi-fi router with four ethernet ports.
I used to have DNS assign by the ISP router that in turn was passed on to devices via DHCP.
But where I separated the two devices to Ethernet. Then I configure the LAN/VPN router to assign the fist DNS the static address of the Lap top an it was to behave as Lan wide DNS and the Googles DNS as secondary.
The Gateway inside the Lan is the Gateway on the LAN/VPN router, 192.168.0.1 that is routed to the ISP router and goes on to WAN.
I know how to read Ipconfig/all. Remember, communication protocols was my specialty. I know all the protocols from electrical signal processing all the way up to tcp/ip and beyond.
I know what DHCP does. The DHCP server that assigns IPs is in the LAN/VPN router where Wi-fi is broadcast. It also assigns the gateway and DNS servers unless a work station or a device with network ip4 configuration utility can overrides them. I have set up a rage of IPs from 100 to 199. The Laptop and TV use reserved static addresses, so that there won't be a conflict. I have tried both within DHCP range and outside the range. Hoping that if the IP was within range that DHCP could route them automatically as it does when every device is on Wi-fi.
On of the most annoying ones it the WhatApp weblink that I have to keep relinking when by all account the link is already there. Devices are mix, FireStick, Mobile phone, displays, printers but no other workstation.
But the DNS service that is running doesn't populate the LMHosts file. Nslookup doesn't report anything except the IP address of the local machine. Why Hosts and LMHosts are there, anyway?
You see, we are already on a tangent off the subject of Microsoft's reasons for deviating from standards and consensus, even of its own with no explanation for forewarning.
That is the issue. That is why everyone should move to Linux.
For example please explain this to me. Why Windows 10 Home edition are given a generic key to upgrade to pro for free but not allowed to activate is without paying $145.00.
Is this a way to create criminals? It sounds sinister to say the least. You can go from Windows 7 to 11 for free but from Home to Pro it is unbelievably expensive. You might as well buy an Pro that is less that $50 more expensive.
The upgrade should come with a note informing you not to upgrade unless you intend to pay $145 to make it legal. Otherwise you will be operating it illegally.
To be honest, I am amazed that there is not a class action against Microsoft for this.
Here we go. My comment didn't get uploaded. Maybe it needs to pass the moderator.
or broken again as you put it.
I hope the moderator understands the context of this correspondence. Their AI certainly wouldn't.
Linguistic is another one of my interests and as they say: Context is everything.
You see, they didn't understand the context.
Well I am not going to retype all that again because I don't know what they mean by violation of their code.
You see this is what used to happen when Czeck Republic (Czechowski) was part of the Soviet Union and Milan Kundra made a joke of it is one of his short stories.
There was always a "Directive" from above that was to be interpreted by bureaucrats and StB officers but either out of ignorance or misunderstanding it used to lead to the most farcical situations.
@Babak Kamali You can request that a moderator restore the improperly deleted comment by posting the request with the "Microsoft Q&A" tag.
I know how to read Ipconfig/all.
Yeah, but I can't see what's on your screen. That's why I asked "What do you have set for "Default Gateway", "DHCP Server", and "DNS Servers"?".
The DHCP server that assigns IPs is in the LAN/VPN router where Wi-fi is broadcast.
Then I would expect that this router would also act as your DNS server and register local names when the DHCP address is assigned. That was why I asked about manufacturer and model number. I thought that maybe I could search for that model's documentation and see what DNS options it has related to local names.
What do you get when you do an nslookup on the IP addresses?
This is a long post, but is very similar to your problem. Note the troubleshooting steps that were done. Do you have "Register this connections address in DNS" set on the NIC? Do you have anything in the "DNS suffix for this connection" field?
Now if I could install RAST admin tools then I could read a remote DHCP server and then see if I could see what I could do with it using route.exe.
But I need Pro to do that because it won't work on home edition.
Nslookup doesn't store anything. Not even the name of the local machine. All it has it the local IP.
If it worked, it would populate LMHosts and IPconfig /flushdns would write out the cache into LMHosts which is what it is supposed to do.
If it Worked in the first place, I wouldn't go through all this.
As I said to read a remote DHCP server you need RAST admin tool that can only be installed on the Pro version.
I even tried to install it anyway, but it didn't work and now RAST doesn't respond either.
Nslookup doesn't have anything in it. All it has is the IP address of the local machine without even a name. If it returned anything then I wouldn't need to try anything else.
I am not sure what you are on about. Unless you are working on a Pro with additional features installed on it.
Update #3.
Then I configure the LAN/VPN router to assign the fist DNS the static address of the Lap top
The Windows 10 DNS client service cannot act as a DNS server. It does not write anything to the hosts and lmhosts files. Those files need to be manually updated.
https://serverfault.com/questions/50386/what-is-the-difference-between-hosts-and-lmhosts-files
Open a command prompt and see if your router replies to DNS queries. Here is an example where a name lookup is done against the Google servers.
nslookup msn.com 8.8.8.8
Do the same against the router's IP address. (Using 192.168.1.1 as an example.)
nslookup msn.com 192.168.1.1
nslookup 192.168.1.1 192.168.1.1
nslookup <SomePcNameOnYourNetwork> 192.168.1.1
nslookup <Another.IP.address.onyournet> 192.168.1.1
Again, if you post the manufacturer name and model of this device, I will search to see what DNS functionality it is capable of handling and look to see if other users have found a solution.
Devices are mix, FireStick, Mobile phone, displays, printers but no other workstation.
Then enable network discovery on the laptop and see if it finds your other devices.
See the accepted answer to this question.
Launch Powershell_ISE with the "run as administrator" option. Copy and paste the Powershell statements into the code window and run them. (Assuming that you have your network profile set to "Private".)
Look, this was a long time ago.
I left Windows behind for all the reasons I explained.
I couldn't even open those files because I didn't have permission, remember.
You go and find and come back with yet another link. But if these articles were properly presented at the right time like an alert or something that could be picked on then I could understand it.
But as I said, if the client DNS is not doing anything then it shouldn't have been left on automatic by default. Maybe when you try to change it to automatic then an alert or pop up should come and point you to a section to read before setting it to automatic.
What is the point of running ipconfig /flushdns if the flushed data cannot be found anywhere?
I tried everything to find out where does the flushed data go. There is a Powershell command that is to list the content but there was nothing in there. Then I looked and ip4 setting where I remembered LMHost was, enabled tcp/ip over netbios. In my experience all this points to LMHost is the file that gets populated. Hosts is the one with static mapping.
Nowhere was any guidance that this is not the case. I even asked Copilot. Nslookup never returned anything other than the IP.
As I said, the last time I actually did any computing on Windows was with XP. I have used Windows 10 for a long time but only for sending email, writing documents, downloading, and casting and that sort of thing.
I also explained why I started on this route and even the DELL engineer didn't know why there were user specific server host processes. I had absolutely no idea that all this stuff had changed and only found out when I needed to do something about devices that kept losing contact when I changed to Ethernet.
I have worked with Linux and then found out that on top of all this pain I had to dish out $145 just to activate the professional version. That was the final straw and even the challenge of it lost its appeal.
I have a laptop with an intel i7 processor and 32gig of RAM and 500 gig SSD that couldn't upgrade to Windows 11. So, wiping off the disk and installing Linux was the most obvious and practical solution.
So, all of this is in the past and I stand by my reasoning. Windows is for corporates within a server environment with a dedicated administrator who keeps sitting exams.
If you are not working in that environment Linux is a far more practical option.
You can even get a Windows-looking interface and when you want to go back to a less granular interface. But if you want to do some serious computing then you are the master of your own fate, but everything is logical.