53 replies to this topic

[u2o]

Script is referenced above in post #15 ( http://gena.cwcodes.net/Projects/Gena/Drivers/6%20Other/AccessGainDrivers.script ). Works fine for me in win7pe_se. However I never need to use it - have not found any folders that cannot be accessed using the default system user of pe.

Thanks!!!! The problem isn't access or see the files... The problem is trying to delete files in the folder System Volume Information. I want to delete them to save a few gigabytes when I make a backup.
Apparently the new NTFS permissions on Windows Vista/7 has made changed a bit. But still if I use the latest version of BartPE that I have created (with WindowsXP SP3) I can delete these files without problems... and with WIn7PE I can't do it.... and I haven't managed (the needed settings) to run the security permissions editor to change the Ownership of the files/folders.

For anyone interested here is the registry entries which worked for me.First you should mount the WIM file and load SYSTEM hive in the name 'WINPE'.Copy 'accgain.sys' to the system 32\drivers folder(if the sys file name is different,must rename it to accgain.sys).Then apply the reg entries.For some reason accessgain works better on full explorer.Micro explorer or BSexplorer is not 100% compatible with it.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\WINPE]

[HKEY_LOCAL_MACHINE\WINPE\ControlSet001]

[HKEY_LOCAL_MACHINE\WINPE\ControlSet001\Control]

[HKEY_LOCAL_MACHINE\WINPE\ControlSet001\Control\GroupOrderList]

"FSFilter Activity Monitor"=hex:02,00,00,00,01,00,00,00,02,00,00,00

[HKEY_LOCAL_MACHINE\WINPE\ControlSet001\services]

[HKEY_LOCAL_MACHINE\WINPE\ControlSet001\services\AccessGainDriver]

"Type"=dword:00000002

"Start"=dword:00000001

"ErrorControl"=dword:00000001

"Tag"=dword:00000002

"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,58,00,3a,00,5c,00,57,00,69,00,6e,00,\

  64,00,6f,00,77,00,73,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\

  00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,63,00,\

  67,00,61,00,69,00,6e,00,2e,00,73,00,79,00,73,00,00,00

"DisplayName"="AccessGainDriver"

"Group"="FSFilter Activity Monitor"

"DependOnService"=hex(7):46,00,6c,00,74,00,4d,00,67,00,72,00,00,00,00,00

"Description"="File system access gain mini-filter driver"

[HKEY_LOCAL_MACHINE\WINPE\ControlSet001\services\AccessGainDriver\Instances]

"DefaultInstance"="AccessGain Instance"

[HKEY_LOCAL_MACHINE\WINPE\ControlSet001\services\AccessGainDriver\Instances\AccessGain Instance]

"Altitude"="370020"

"Flags"=dword:00000000

After booting in to win7pe open CMD window and type 'fltmc'.If everything is ok,you can see accessgain driver in the list.

Thanks too!!!

I'll try both settings and warn all you if it worked!

[paraglider]

I had no problems deleting files from win7pe_se in 'System Volume Information'. Did not need to load accessgain. In my win7 x64 only system user has permissions on the folder.

[u2o]

I had no problems deleting files from win7pe_se in 'System Volume Information'. Did not need to load accessgain. In my win7 x64 only system user has permissions on the folder.

I can't delete files with my build... on System Volume Information. I use WinBuilder v82.0.1.0, Win7PE_SE_Small_2012-02-16.7z, and as source Windows 7 x86 SP1 Spanish. I need try... build with x64. (And also, I just found out that a new version of Win7PE_SE. I'll try it urgently)

Could you tell me... which versions you are using?

But building Win7PE_SE, with Source x86 or x64, the user is always System or not? Or you managed to give more permissions to the user?


------------ Edit ---------

My problem to delete files on System Volume Information, is only... on hard disks with Windows Vista or WIndows 7. On hard disks with Windows XP works fine with Total Commander. MSExplorer fails in all.

[u2o]

I can't delete files with my build... on System Volume Information. I use WinBuilder v82.0.1.0, Win7PE_SE_Small_2012-02-16.7z, and as source Windows 7 x86 SP1 Spanish. I need try... build with x64. (And also, I just found out that a new version of Win7PE_SE. I'll try it urgently)

I have tested the new version of Win7PE_SE (Win7PE_SE_20120416.7z). It is exactly the same.

In XP --> MSExplorer does not fail but not delete ... Total Commander it works.
In Windows 7 --> MSExplorer does not fail but not delete ... Total Commander shows error (no permissions).

------------------------

Trying to change the Ownership does not work in this new version. Gives the same error trying to open the form to make the change.

But I found something ... Missing files required for the proper functioning of the Permissions Editor.

Some lines (34 of 2191) -- CCleaner Registry Clean Report.

ActiveX/COM Issue InProcServer32%systemroot%system32wbemdsprov.dll HKCRCLSID{1EF94880-01A8-11D2-A90B-00AA00BF3363}

ActiveX/COM Issue InProcServer32%systemroot%system32wbemwmipiprt.dll HKCRCLSID{23B77E99-5C2D-482D-A795-62CA3AE5B673}

ActiveX/COM Issue InProcServer32%systemroot%system32wbemdsprov.dll HKCRCLSID{33831ED4-42B8-11D2-93AD-00805F853771}

ActiveX/COM Issue InProcServer32%systemroot%system32wbemWMIPJOBJ.dll HKCRCLSID{6515834D-6125-4878-A3A3-6B0A73B809A2}

ActiveX/COM Issue InProcServer32X:Windowssystem32wbemWmiPerfClass.dll HKCRCLSID{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}

ActiveX/COM Issue InProcServer32%systemroot%system32wbemwmipiprt.dll HKCRCLSID{6D7A4B0E-66D5-4AC3-A7ED-0189E8CF5E77}

ActiveX/COM Issue InProcServer32%systemroot%system32wbemvsswmi.dll HKCRCLSID{72970BEB-81F8-46D4-B220-D743F4E49C95}

ActiveX/COM Issue InProcServer32%systemroot%system32wbemWMIPJOBJ.dll HKCRCLSID{7FB1D98A-F895-4761-8DC2-774969C84D10}

ActiveX/COM Issue InProcServer32%SystemRoot%system32wbemservdeps.dll HKCRCLSID{A1B9E04A-3226-11D2-883E-00104B2AFB46}

ActiveX/COM Issue InProcServer32%systemroot%system32wbemdsprov.dll HKCRCLSID{AA527A40-4D9A-11D2-93AD-00805F853771}

ActiveX/COM Issue InProcServer32%SystemRoot%system32wbemviewprov.dll HKCRCLSID{AA70DDF4-E11C-11D1-ABB0-00C04FD9159E}

ActiveX/COM Issue InProcServer32%systemroot%system32wbemWMIPJOBJ.dll HKCRCLSID{AB40A5C1-804B-40BD-9DFE-A640691C6956}

ActiveX/COM Issue InProcServer32%SystemRoot%system32wbemservdeps.dll HKCRCLSID{BD95BA60-2E26-AAD1-AD99-00AA00B8E05A}

ActiveX/COM Issue InProcServer32%systemroot%system32wbemWMIPJOBJ.dll HKCRCLSID{C0AA9D93-2EF5-47FB-960C-F90FC644B48E}

ActiveX/COM Issue InProcServer32%systemroot%system32wbemwmitimep.dll HKCRCLSID{C4819C8D-9AB8-4B2F-B8AE-C77DABF553D5}

ActiveX/COM Issue InProcServer32X:Windowssystem32wbemWmiPerfInst.dll HKCRCLSID{CA2AF3B4-C15E-412b-B453-557746675FB7}

ActiveX/COM Issue InProcServer32X:Windowssystem32wbemRacWmiProv.dll HKCRCLSID{D7C3453E-1F1C-48CD-AFE6-CFF2A937D337}

ActiveX/COM Issue InProcServer32%systemroot%system32wbemntevt.dll HKCRCLSID{F55C5B4C-517D-11D1-AB57-00C04FD9159E}

ActiveX/COM Issue InProcServer32X:Windowssystem32wbemWmiPerfInst.dll HKCRCLSID{FCF7A6F2-3300-4386-9A4F-0DD4E3226507}

ActiveX/COM Issue InProcServer32%systemroot%system32wbemntevt.dll HKCRCLSID{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}



ActiveX/COM Issue InProcServer32X:Windowssystem32AuthFWGP.dll HKCRCLSID{023A36FC-E9D5-419E-824A-CDC66A116E84}



ActiveX/COM Issue InProcServer32%systemroot%system32wsecedit.dll HKCRCLSID{011BE22D-E453-11D1-945A-00C04FB984F9}

ActiveX/COM Issue InProcServer32%systemroot%system32wsecedit.dll HKCRCLSID{1B6FC61A-648A-4493-A303-A1A22B543F01}

ActiveX/COM Issue InProcServer32%systemroot%system32wsecedit.dll HKCRCLSID{2AABFCD0-1797-11D2-ABA2-00C04FB6C6FA}

ActiveX/COM Issue InProcServer32%systemroot%system32wsecedit.dll HKCRCLSID{2E8EA1E5-F406-46F5-AF10-661FD6539F28}

ActiveX/COM Issue InProcServer32%systemroot%system32wsecedit.dll HKCRCLSID{5ADF5BF6-E452-11D1-945A-00C04FB984F9}

ActiveX/COM Issue InProcServer32%systemroot%system32wsecedit.dll HKCRCLSID{5C0786ED-1847-11D2-ABA2-00C04FB6C6FA}

ActiveX/COM Issue InProcServer32%systemroot%system32wsecedit.dll HKCRCLSID{5C0786EE-1847-11D2-ABA2-00C04FB6C6FA}

ActiveX/COM Issue InProcServer32%systemroot%system32wsecedit.dll HKCRCLSID{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}

ActiveX/COM Issue InProcServer32%systemroot%system32wsecedit.dll HKCRCLSID{CFF49D53-EE51-49F2-A807-7E3DF4EA36E3}

ActiveX/COM Issue InProcServer32%systemroot%system32wsecedit.dll HKCRCLSID{FE883157-CEBD-4570-B7A2-E4FE06ABE626}



ActiveX/COM Issue InProcServer32%systemroot%system32wincredprovider.dll HKCRCLSID{ff8a71c2-7eb8-418b-950d-3b49f43f024f}



ActiveX/COM Issue InProcServer32%SystemRoot%System32GPEdit.dll HKCRCLSID{7E37D5E7-263D-45CF-842B-96A95C63E46C}

ActiveX/COM Issue InProcServer32%SystemRoot%System32GPEdit.dll HKCRCLSID{EA502722-A23D-11D1-A7D3-0000F87571E3}

Windows 7 DLL File Information - gpedit.dll --> http://www.win7dll.i...gpedit_dll.html
Windows 7 DLL File Information - wincredprovider.dll --> http://www.win7dll.i...ovider_dll.html
Windows 7 DLL File Information - wsecedit.dll --> http://www.win7dll.i...ecedit_dll.html
--------------------
I don't know why, but I have the idea that wbem is required for editing policies.
--------------------

Complete Report has 2191 errors found and I think this should be reviewed. there are many files that I see here that should not be registered if it not includes the executables ... for example: registering of the Windows Media Player but that's another topic, so I didn't include all lines.



------------- Edit ------------------------

Wbem is needed. see WMI http://technet.micro...9(v=WS.10).aspx

[Agent47]

Did you tried accessgain with full explorer in Win7PE?

[u2o]

Did you tried accessgain with full explorer in Win7PE?

Not yet, sorry. But I will try it this day.

[u2o]

Not yet, sorry. But I will try it this day.

Tested for now only on XP with MSExplorer

Added the script http://gena.cwcodes.net/Projects/Gena/Drivers/6%20Other/AccessGainDrivers.script RightClick on Drive --> Bypass NTFS permisions --> and don't work. Also fails SetACL http://helgeklein.com/setacl/

if fails to delete subfolders or files on subfolders (on C:System Volume Information) on a Windows XP volume... although I have not tried it yet, I think as with previous tests, will fail too.

I have a BartPE builded 2 years ago. And it's fully functional in XP and Windows 7 files/folders for delete and change OwnerShip. I think I'll have to search plugin by plugin and file by file until find the solution.

--- edited for bad translation ---

[Agent47]

U2o is right.I tested Win7pe on my machine but deleting 'system volume information' is not possible.

[Mikka]

Just out of curiosity, although I did this using a BartPE compilation without problems in Windows Explorer, did you think of including Unlocker 1.9.1 (not tested for Win7PE yet) and trying to get rid of this folder with it?

[u2o]

Hi Mikka!

No, I haven't tried unlocker. But this feature should be available. If available, SetAcl will work well and would not require anything more than a command line through SetAcl to obtain ownership of files and folders.

I'm being so heavy with this topic, but I'm currently working on an application that can clean up certain directories and files before creating a backup (to save space)... with open database to allow expansion.

See the picture



In my WindowsXP installation (that occupies 12GB) I can save almost 4GB, on the resultant backup.

On some machines, especially those with GB and GB of games, we could save up more to 100GB
My free space isn't enough for so much trash

and this issue is stopping this idea

[Mikka]

u2o, this looks quite interesting. I also hate remnants like System Volume Information, RECYCLER, RECYCLER.BIN (Content.MSO and so forth...) on NTFS partitions (of external harddrives) and unfortunately I don't know an easy workaround to prevent their creation.

You're right, it should be possible to remove stuff like System Volume Information even on the Windows partition, with XP it's not that difficult.

Well, keep us in the loop about this promising project of yours!

[kr0m]

In windows iI use this "WinOwnership_v1.1", never test it in winpe.

[DarkPhoeniX]

Try This:

@Echo off

echo -------------------------------------------------------------------------------

Echo AccsessEveryone									 KGB Systems By DarkPhoeniX

echo -------------------------------------------------------------------------------

Echo.

Echo.

echo y| cacls *.*

echo.

Echo.

Echo Press Any Key To Change File Premitions To Allow Everyone Full-Control

pause > nul

cls

echo y| cacls %cd% /t /g everyone:f

echo.

Echo.

Echo Done Changing File Premitions

echo Press Any Key To Exit

pause > nul

Make a bat file and copy the code in
then drop the file into the derectory you want to have accsess,and run it

[SIW2]

Accessgain works great for me in 64 bit pe.

[u2o]

Thanks for all responses.

u2o, this looks quite interesting. I also hate remnants like System Volume Information, RECYCLER, RECYCLER.BIN (Content.MSO and so forth...) on NTFS partitions (of external harddrives) and unfortunately I don't know an easy workaround to prevent their creation.

You're right, it should be possible to remove stuff like System Volume Information even on the Windows partition, with XP it's not that difficult.

Well, keep us in the loop about this promising project of yours!

Hi Mikka, I'll make a tutorial to explain how to block the creation of restore points in external drives, and block too Recycler. Give me some time. But it is possible, I have succeeded.

In windows iI use this "WinOwnership_v1.1", never test it in winpe.

Hi kr0m, I'll try it!

Try This:

@Echo off

echo -------------------------------------------------------------------------------

Echo AccsessEveryone									 KGB Systems By DarkPhoeniX

echo -------------------------------------------------------------------------------

Echo.

Echo.

echo y| cacls *.*

echo.

Echo.

Echo Press Any Key To Change File Premitions To Allow Everyone Full-Control

pause > nul

cls

echo y| cacls %cd% /t /g everyone:f

echo.

Echo.

Echo Done Changing File Premitions

echo Press Any Key To Exit

pause > nul

Make a bat file and copy the code in
then drop the file into the derectory you want to have accsess,and run it

Hi DarkPhoeniX, your commands don't work, says CACLS is a deprecated command (or something)...

But I tried something else and it works, tested on a XP System from WIN7PE_SE... I need try it on a Win7 system.

reset.cmd

@ECHO OFF

Echo. Press Any Key To RESET File Permitions

pause > nul

cls

icacls "%1" /Reset

echo.

Echo.

echo. Press Any Key To Exit

pause > nul

Drag the folder into the cmd and the magic appear!!!

After applying this cmd from Win7PE_SE ... see the permissions for users in my XP C:\System Volume Information

The screenshots were made from XP (after reboot Win7PE_SE)





The owner of the folder is Administrators

[u2o]

Accessgain works great for me in 64 bit pe.

Hi SIW2, sorry I forgot to answer you.. On Win7PE_SE 32 bit, AccessGain don't work in any of my tests.

[SIW2]

Hi U2o,

My builds are not exactly the same as win7 pe se of course.

I don't know what I did to them to make accessgain work - works fine in 64 bit too.

If I get time, I will run the newest win7pese to make build with that and see if I can spot what the differences might be.

[u2o]

Hi DarkPhoeniX, your commands don't work, says CACLS is a deprecated command (or something)...

But I tried something else and it works, tested on a XP System from WIN7PE_SE... I need try it on a Win7 system.

reset.cmd

@ECHO OFF

Echo. Press Any Key To RESET File Permitions

pause > nul

cls

icacls "%1" /Reset

echo.

Echo.

echo. Press Any Key To Exit

pause > nul

Drag the folder into the cmd and the magic appear!!!

After applying this cmd from Win7PE_SE ... see the permissions for users in my XP C:System Volume Information

The screenshots were made from XP (after reboot Win7PE_SE)

The owner of the folder is Administrators

Confirmed, it works on a Volume with WindowsXP installed, but no in Windows 7. Nothing works with the System Volume Information folder (on a WIndows 7 installed), all commands for icacls, says access denied.

I'm thinking that I have not included VolumeShadowCopy in my WIN7PE, would it necessary? Or we will need enable System Restore (with manual start) on the PE?

Hi U2o,

My builds are not exactly the same as win7 pe se of course.

I don't know what I did to them to make accessgain work - works fine in 64 bit too.

If I get time, I will run the newest win7pese to make build with that and see if I can spot what the differences might be.

Thanks you for the help!

Edited by u2o, 06 June 2012 - 05:10 PM.

[Agent47]

Deleting "system volume information" is also not working in "Make PE3" by Wimb.

[racerx]

Well i see this post is almost one year old but i have to ask.

Has any one found a way to "take ownership" and/or delete "system volume information"

I have tryed everything in this thead.

I am useing a stock build of 7PE_SE. I have tryed it default and i have changed and added other stuff but no difference

I have tryed SP0 and SP1 builds, all x86 and Wb 80 and 82. I have also used the safe download utility in winbulder also to

update to see if that would fix anything.

Cannot take ownership in the PE of any file and cannot delete the system volume information.

A have noticed that antivirus programs cannot delete from the system volume either.

 

I have tryed the 8PE and it can take ownership but it cannot delete system volume informatiom.

I hate win8 and it does not solve the whole problem anyway.

I think it uses explorer 7 in the 8PE build also.

 

Looks like Paraglider and SIW2 are the only ones that have it working.

 

Thanks in advance for you help.

[wimb]

Use ExplorerXP in XP environment http://www.explorerxp.com/

 

Try LiveXP_WIM.ISO made with amalux project LX.061412 http://reboot.pro/to...-15#entry162656

 

It can remove System Volume Information

 

[al_jo]

Just tried deleting files in “System Volume Information” from my win7PE using:

Lockhunter, Unlocker, UnlockIT, Fileassassin & LockedFilesWizard.

Only the last 2 tools succeeded.

Scripts for all 5 tools are here:

http://al-jo.zxq.net/ulockers.zip

Tested in this project:

http://al-jo.net46.net/7pe_ulock.zip

using Windows7 x86 sp0 as source.

[racerx]

Thank you al-jo and wimb for your fast response.

 

wimb - I have an Xp-Pe that works was but wanting to get away from the Xp_Pe because of boot issues with new PCs

and lack of Xp drivers to make them boot in PE and lack of Bios support to turn off AHCI, amongst other things.

 

al-jo - Thank you. I will build with these after work and post back and let you know.

Side note:  First link is good but the second one does not work.

 

Thanks again!

[al_jo]

@racerx

Second link is working ok here, but try with this alternative ftp link.

[racerx]

Thanks al-jo. That link worked.

I will give that a go here in a little while as i just got home from work and need food.

 

Off topic..I have ben trying to download you "Sas" script from here (http://al-jo.net46.net/sas.7z) and that link doesn't work for me either.

 

Thanks again!!!