Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Files automatically recreated

Status
Not open for further replies.
SelbyGlenn

SelbyGlenn

Technical User
Joined
Oct 7, 2002
Messages
444
Location
GB
Hi there,

For security reasons I am trying to rename some files within the system32 directory. The problem is every time I rename the file it is re-created by Windows. I know there is a service running that controls this (can't remember what it's called though) but I don't really want to stop it anyway. Does anyone know if there is a file somewhere in windows that contains the list of files that are being re-created so I can remove any reference to the files I'm trying to rename?

Thanks in advance,
Glenn
BEng A+ MCSE CCA
 
Sort by date Sort by votes
Hey Glenn, are you talking about Windows File Protection? I guess you're renaming DLL's?
 
Upvote 0 Downvote
Hi Brontosaurus,

I'm actually trying to rename the net.exe command. Tek-tip user vfear posted a question a few days ago asking how to prevent users from abusing the NET SEND command. I have a similar problem on my network but disabling the messenger service is not an option for me as it has been used before by administrators in states of emergency. Glenn
BEng A+ MCSE CCA
 
Upvote 0 Downvote
How about using a Group Policy which prevents users from running net.exe - guess it only works if all clients are running Windows 2000 or above but...
 
Upvote 0 Downvote
Unfortunately, as of SP2, the old easy way to disable WFP was destroyed. I copied this from a website some time ago...shows how to disable it post SP2 if you're interested:

Copy %SystemRoot%\System32\SFC.DLL to %SystemRoot%\System32\SFC_Patch.DLL.

Open %SystemRoot%\System32\SFC_Patch.DLL in a hex editor.

At offset 0x6211 and 0x6212, change 8BC6 to 9090 and save the changes.

Open a CMD prompt and type: Copy %SystemRoot%\System32\SFC_Patch.DLL %SystemRoot%\System32\dllcache\SFC.DLL /Y
Copy %SystemRoot%\System32\SFC_Patch.DLL %SystemRoot%\System32\SFC.DLL /Y

If prompted to insert the Windows CD-ROM, press Cancel.

Shutdown and restart Windows 2000.

Set HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable to 0xffffff9d.

Shutdown and restart Windows 2000.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question Question
Can not copy files to Mapped drive
Replies
0
Views
1K
microsGuy16
microsGuy16
Fabzionj
  • Locked
  • Question Question
Count record on Text files
Replies
0
Views
285
Fabzionj
Fabzionj
disturbedone
  • Locked
  • Question Question
Windows 10 Offline Files GPO
Replies
0
Views
269
disturbedone
disturbedone
gk17
  • Locked
  • Question Question
Overwrite files even when locked?
Replies
1
Views
285
markdmac
markdmac
BOUSMANBE
  • Locked
  • Question Question
Downloading Files with custom extensions not working in IE
Replies
0
Views
237
BOUSMANBE
BOUSMANBE

Part and Inventory Search

Sponsor

Back
Top