does anyone know how to get around windows file protection in windows 2000? ive heard about the registry edit in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon on the SFCdisable string and changing it to ffffff9d, and i attempted it, but it doesnt work. I know i have not mispelled anything, and it is in the right directory. And i know the regedit works because it works for my friends computer. However, my friend has never installed sp2, while i have. Is that a possible reason? Any feedback will be greatly appreciated, thank you
windows file protection in windows 2000
- Thread starter jobberd
- Start date
Here's a link that will explain Windows File Protection...
Windows 2000 WFP Tweak Guide
Basically, I think you've got the right key - ffffff9d should be in hex.
But instead of completely turing off this function, why not set:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCScan
to a value of "2" - scan all Protected System files every time the system is booted.
RalfHutter
Diamond Member
- Dec 29, 2000
- 3,202
- 0
- 76
M$ has made it so you can't turn off WFP if you've insatlled sp2. You can hack one of the system files , however and then you'll be able to turn it off via the reg hack again. This DOES work, I have used it to change my start logo in my slipstreamed sp2 install. Here's the directions:
1. Load SFC.DLL into your favorite hex editor.
2. Go to offset 6211h and you should see '8B' and 'C6' at offsets 6211 and 6212. If the two bytes are not these values DO NOT proceed.
3. Change both bytes to 90h.
4. Save your changes.
5. Boot into Safe-mode and replace the original SFC.DLL with you hacked version.
6. Reboot into Windows.
Now the 'ffffff9d' regkey will work as it did before.
Reghack to disable SFC:
1. Open Regedit.exe and navigate to [HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon]. You should see a DWORD value named "SFCDisable" with a value of "0". Change the value data of "SFCDisable" to "ffffff9d".
2. Exit regedit and reboot the machine because this will make the registry change take effect. After the machine is rebooted, you should see Event ID 64032 in the System Event logs letting you know that Windows File Protection is no longer active.
1. Load SFC.DLL into your favorite hex editor.
2. Go to offset 6211h and you should see '8B' and 'C6' at offsets 6211 and 6212. If the two bytes are not these values DO NOT proceed.
3. Change both bytes to 90h.
4. Save your changes.
5. Boot into Safe-mode and replace the original SFC.DLL with you hacked version.
6. Reboot into Windows.
Now the 'ffffff9d' regkey will work as it did before.
Reghack to disable SFC:
1. Open Regedit.exe and navigate to [HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon]. You should see a DWORD value named "SFCDisable" with a value of "0". Change the value data of "SFCDisable" to "ffffff9d".
2. Exit regedit and reboot the machine because this will make the registry change take effect. After the machine is rebooted, you should see Event ID 64032 in the System Event logs letting you know that Windows File Protection is no longer active.
thanks for all your replies, but i figured it out and thought the post got buried. all i did was go into the folder where all the hidden files were kept (C:\winnt\system32\dllcache) and replace the file that i needed to replace. thanks for the tips though 
I'm curious about this, folks. Bear with me, please. In days of yore, all you ever heard was people whining about Windows NT (and, of course the DOS-based versions) just lying there while application and driver installations kicked the living daylights out of the OS by overwriting critical system files. I danced a jig when W2K's WFP features were announced.
Have you really run into many important apps or utilities that simply must have their way with the system file complement? W2K does have provisions for forcing an errant app to use "local" copies of system files (located in the program's own directory instead of in the usual system directory location). Of course it can be difficult to track down just which files you have to provide local copies of in order to accomplish this little trick, but IMHO it's well worth the time a trouble required to figure it out.
I was really tired of watching NT4 get hosed every time I had to add a device driver written by ATI or some other outfit that never got a clue about installation procedures, or whenever I tested some new "must-have" software seeing the system turn into a bowl of oatmeal. It's bad enough that installation procedures can still whack the registry so easily, and that's a much tougher issue for MS to deal with, too. I like my WFP. And I'd rather do without an app or a device if using means disabling WFP.
Am I missing something here? Is there a good technical reason for disabling WFP, or are our different approaches just the outcome of a difference in philosophies? (Me worship stability! Like stability! Stability good!)
Regards,
Jim
Have you really run into many important apps or utilities that simply must have their way with the system file complement? W2K does have provisions for forcing an errant app to use "local" copies of system files (located in the program's own directory instead of in the usual system directory location). Of course it can be difficult to track down just which files you have to provide local copies of in order to accomplish this little trick, but IMHO it's well worth the time a trouble required to figure it out.
I was really tired of watching NT4 get hosed every time I had to add a device driver written by ATI or some other outfit that never got a clue about installation procedures, or whenever I tested some new "must-have" software seeing the system turn into a bowl of oatmeal. It's bad enough that installation procedures can still whack the registry so easily, and that's a much tougher issue for MS to deal with, too. I like my WFP. And I'd rather do without an app or a device if using means disabling WFP.
Am I missing something here? Is there a good technical reason for disabling WFP, or are our different approaches just the outcome of a difference in philosophies? (Me worship stability! Like stability! Stability good!)
Regards,
Jim
<< are our different approaches just the outcome of a difference in philosophies >>
People who migrated from Win9x to WinNT bring their bad habits along with them. They like to have the ability to hose critical OS components randomly, without warning, often for no reason. This sort of thing introduces suspense, intrigue, and a sense of relentless adventure into the otherwise drab and boring life of a computer geek.
LOL!
Hmmm. I think I see what you mean. Actually, I have to admit that I experience a tingle of anticipation and trepidation when I consider disabling WFP -- NOT!
Regards,
Jim
Hmmm. I think I see what you mean. Actually, I have to admit that I experience a tingle of anticipation and trepidation when I consider disabling WFP -- NOT!
Regards,
Jim
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 24K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter