Drop Rights must be turned off in 4.01.09 (XP)
Drop Rights must be turned off in 4.01.09 (XP)
I realize that Drop Rights is probably on it's way out, but in the meantime 4.01.09 won't work for me if the configuration file contains a "DropAdminRights=y" setting (at least on XP).
2013-05-25 14:39:46 SBIE2337 Failed to start program: [33 / 5]
2013-05-25 14:39:46 SBIE2204 Cannot start sandboxed service RpcSs (5)
Turn off Drop Rights (UNcheck it) at:
Sandbox Settings > Restrictions > Drop Rights
2013-05-25 14:39:46 SBIE2337 Failed to start program: [33 / 5]
2013-05-25 14:39:46 SBIE2204 Cannot start sandboxed service RpcSs (5)
Turn off Drop Rights (UNcheck it) at:
Sandbox Settings > Restrictions > Drop Rights
Last edited by Guest10 on Sat May 25, 2013 4:16 pm, edited 2 times in total.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
-
- Posts: 10
- Joined: Wed May 22, 2013 12:05 pm
-
- Posts: 10
- Joined: Wed May 22, 2013 12:05 pm
-
- Posts: 291
- Joined: Wed Jul 04, 2012 6:40 pm
- Location: St. Louis area
tzuk, as a result of checking stuff on the laptop (haven't in awhile, it still had .07), I'm now seeing SBIE2204 Cannot start sandboxed service RpcSs for the first time with .11 (with Drop Rights, otherwise default sandbox). Except the error code is 1309 (ERROR_NO_IMPERSONATION_TOKEN?).
Can't reproduce on main system. Will try to check back with previous versions (.08-.10). Can't think of anything else there, except it hasn't had any Windows updates since Feb. install...
Can't reproduce on main system. Will try to check back with previous versions (.08-.10). Can't think of anything else there, except it hasn't had any Windows updates since Feb. install...
Why do you say that...?Guest10 wrote:I realize that Drop Rights is probably on it's way out
XP Home-as-Pro SP3 (Admin) w/ continued updates (Embedded/POSReady 2009)
> Permissions + "2-level" SRP, latest Sandboxie (Pro/registered), EMET 4, no anti-anything (ever)
Did I make tzuk crazed... in his last days?
> Permissions + "2-level" SRP, latest Sandboxie (Pro/registered), EMET 4, no anti-anything (ever)
Did I make tzuk crazed... in his last days?
-
- Posts: 291
- Joined: Wed Jul 04, 2012 6:40 pm
- Location: St. Louis area
OK, it looks like .09, .10, and .11 are the same on the laptop -- just that RpcSs message (1309), not what Guest10 posted. (I haven't used .09 or .10 on main system.)
Yeah, the laptop had .07 on it before today, and that was fine. .08 broke with the same RpcSs message, with an additional SBIE2321 Cannot manage device map: [C0000022 / 88] when using Run Sandboxed.
All fine without Drop Rights.
And if there was a problem with Drop Rights on XP in .08 (or any version) I probably wouldn't notice on the main system, since all my "entry point" programs have rights dropped with SRP before forced sandboxing. I simply leave Drop Rights enabled "just in case" or for other occasional stuff...
Yeah, the laptop had .07 on it before today, and that was fine. .08 broke with the same RpcSs message, with an additional SBIE2321 Cannot manage device map: [C0000022 / 88] when using Run Sandboxed.
All fine without Drop Rights.
And if there was a problem with Drop Rights on XP in .08 (or any version) I probably wouldn't notice on the main system, since all my "entry point" programs have rights dropped with SRP before forced sandboxing. I simply leave Drop Rights enabled "just in case" or for other occasional stuff...
-
- Posts: 291
- Joined: Wed Jul 04, 2012 6:40 pm
- Location: St. Louis area
Just found it! Same thing was happening on fresh VirtualBox install, even after I applied latest updates (yet I can't reproduce on main system). It was pretty well untouched I figured, except checking over my stuff again quickly, I saw one of the things I DO change initially, just until after I'm done installing everything on a new install:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\nodefaultadminowner = 0 (instead of default 1)
So if owner of stuff (objects) tries to be Admin, Sandboxie fails since .08 with Drop Rights. You probably might want to fix this, since it IS a real, legitimate thing people can set (it's a Group Policy option, I believe).
Extra info (unrelated to Sandboxie): I was going to use that setting full-time back when I first discovered dropping rights (before Sandboxie ), but found that it caused some really, really random/weird things to happen for IE 6 with dropped rights. And on the laptop, it nearly killed me trying to figure out why the Dell wireless thing wouldn't work (running full Admin!), until I discovered it was failing because nodefaultadminowner=0, but ONLY because I hadn't yet set a password for the account!? Strange, strange stuff. I only use it now, temporarily, to make sure installed system stuff/programs is not owned by the user (to protect with dropped rights).
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\nodefaultadminowner = 0 (instead of default 1)
So if owner of stuff (objects) tries to be Admin, Sandboxie fails since .08 with Drop Rights. You probably might want to fix this, since it IS a real, legitimate thing people can set (it's a Group Policy option, I believe).
Extra info (unrelated to Sandboxie): I was going to use that setting full-time back when I first discovered dropping rights (before Sandboxie ), but found that it caused some really, really random/weird things to happen for IE 6 with dropped rights. And on the laptop, it nearly killed me trying to figure out why the Dell wireless thing wouldn't work (running full Admin!), until I discovered it was failing because nodefaultadminowner=0, but ONLY because I hadn't yet set a password for the account!? Strange, strange stuff. I only use it now, temporarily, to make sure installed system stuff/programs is not owned by the user (to protect with dropped rights).
-
- Posts: 291
- Joined: Wed Jul 04, 2012 6:40 pm
- Location: St. Louis area
I went from .11 to .13 update. Don't know if this is related to the dropped rights but in .13 with Firefox, I get the following....
SBIE2214 Request to start service 'wuauserv' was denied due to dropped rights
SBIE2219 Request was issued by program SandboxieDcomLaunch.exe [Firefox]
SBIE2220 To permit use of Administrator privileges, please double-click on this message line
SBIE2214 Request to start service 'bits' was denied due to dropped rights
SBIE2219 Request was issued by program SandboxieDcomLaunch.exe [Firefox]
SBIE2220 To permit use of Administrator privileges, please double-click on this message line
SBIE2214 Request to start service 'wuauserv' was denied due to dropped rights
SBIE2219 Request was issued by program SandboxieDcomLaunch.exe [Firefox]
SBIE2220 To permit use of Administrator privileges, please double-click on this message line
I don't get why wuauserv (a windows update service) is trying to run inside Firefox.
dja2k
SBIE2214 Request to start service 'wuauserv' was denied due to dropped rights
SBIE2219 Request was issued by program SandboxieDcomLaunch.exe [Firefox]
SBIE2220 To permit use of Administrator privileges, please double-click on this message line
SBIE2214 Request to start service 'bits' was denied due to dropped rights
SBIE2219 Request was issued by program SandboxieDcomLaunch.exe [Firefox]
SBIE2220 To permit use of Administrator privileges, please double-click on this message line
SBIE2214 Request to start service 'wuauserv' was denied due to dropped rights
SBIE2219 Request was issued by program SandboxieDcomLaunch.exe [Firefox]
SBIE2220 To permit use of Administrator privileges, please double-click on this message line
I don't get why wuauserv (a windows update service) is trying to run inside Firefox.
dja2k
No, these errors were always there don't have to do with recent changes to Drop Rights.
You can't run services in the sandbox when Drop Rights is enabled.
Maybe you're trying to run some Microsoft software which is trying to check
for updates through the Automatic Updates service (wuauserv) ?
Try to delete the contents of your sandbox.
You can't run services in the sandbox when Drop Rights is enabled.
Maybe you're trying to run some Microsoft software which is trying to check
for updates through the Automatic Updates service (wuauserv) ?
Try to delete the contents of your sandbox.
tzuk
I have always had the "delete function" enabled. I had never seen those before and I haven't change my configuration since v3.76 or before. Drop Rights has always been enabled in prior versions since it became available. I did notice that "silverlight configuration" tried to run so I allowed as I am running with restrictions. Still don't understand why a Windows Update service is trying to run inside my Firefox sandbox.
dja2k
dja2k
Who is online
Users browsing this forum: No registered users and 0 guests