Fixing Profile permissions

A friend of mine (adopted brother) accidentally infected his laptop with malware and I’ve finally made time (and was able to) to restore his setup.

He has an Acer Aspire 5500 with Windows XP Media Center 2005, but didn’t have restore discs. After calling Acer tech support I was quoted a $30 fee for replacement.

Seemed high, but there didn’t seem to be any other option. Due to funding issues at the time the restore task was put on hold.

A week later I was repairing another family member’s desktop system and had to call Dell for restore discs. They shipped me a new set free of charge and were very quick about it (no nonsense dialog and shipping both). In the future I’ll be sure to use their online chat for all trouble issues as it was a breeze.

I mention both of these situations because of the similarities and the differences.

In both cases I had a backup of their profiles and wanted to restore them with all settings intact. I did the following:

  1. Backed the systems up
  2. Restored the systems
  3. Created a user account with non-admin rights for them to use as their day-to-day tasks.
  4. Logged in with the new account
  5. Rebooted the system so the newly created account’s registry hive would be unloaded.
  6. Copied the old files over and choosing to overwrite the new files.
  7. Loaded the registry hive and granted full rights to the newly created non-admin account.

That is where the similarities ended.

My Acer owning friend has Windows XP Media Center 2005 whereas the Dell owner has Windows XP Home Edition

Both lack the Security tab that is available with XP Professional.

To resolve the issue on the XP Home system I booted into safe mode, logged into the admin account and was able to set the security there on the user profile folders.

Oddly enough I just stumbled across this tip after I used the reboot in safe mode approach.

To resolve the issue on the Acer system I used Xcacls.vbs from Microsoft.

Here are the lines I added to a file called fix.bat and ran:

cscript xcacls.vbs "C:\Program Files\Diablo II"  /F /S /T /E /G "UserName":F
cscript xcacls.vbs "C:\Program Files\EA Games"  /F /S /T /E /G "UserName":F
cscript xcacls.vbs "C:\Program Files\Razor"  /F /S /T /E /G "UserName":F
cscript xcacls.vbs "C:\Program Files\uoam"  /F /S /T /E /G "UserName":F
cscript xcacls.vbs "C:\Program Files\World of Goo Demo"  /F /S /T /E /G "UserName":F
cscript xcacls.vbs "C:\Documents and Settings\UserName"  /F /S /T /E /G "UserName":F

That grants his new user account full access to those directories, the most important being the last line. The others are debatable as to the necessity, but it will make it easier as those folders/files can now be edited by a non-admin account. This way mods can be loaded and tweaks made without all the power to shoot the system in the foot accidentally.

In the end both profiles were restored and the systems cleaned. Happy ending I’d say.