System Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Value Name: SFCDisable Data Type: REG_DWORD (DWORD Value) Value Data: 0 = enabled (default), ffffff9d = disabled
Change the value of "SFCDisable" to equal "ffffff9d" to disable WFS or "0" to enable it. The other valid hexadecimal values are:
1 - disabled, prompt at boot to re-enable 2 - disabled at next boot only, no prompt to re-enable 4 - enabled, with popups disabled ffffff9d - for completely disabled
Restart Windows for the change to take effect.
Additional Steps for Windows 2000 Service Pack 2 and Windows XP
This setting is disabled in Windows 2000 SP2+ and Windows XP, and needs to re-enabled using a hex editor and changing SFC.DLL (or SFC_OS.DLL for Windows XP) following these instructions: (alternatively you can just replace the existing dll with the one from SP1 via boot disk or whatever.. then use the reg key.. but thats no fun is it? )
Windows 2000 SP2 +
Make a backup the SFC.DLL in the C:\WINNT\SYSTEM32 directory. Make an additional copy of SFC.DLL called SFC1.DLL and open it in a hex editor. At offset 00006211 (6211h) you should find the values "8B" and "C6". Do not continue if you are unable to find these values. Change the values "8B C6" to read "90 90" and save the changes. Run these commands to update the system files: copy c:\winnt\system32\sfc1.dll c:\winnt\system32\sfc.dll /y copy c:\winnt\system32\sfc1.dll c:\winnt\system32\dllcache\sfc.dll /y
If you are prompted to insert the Windows CD, click Cancel. Restart Windows for the change to take effect.
Windows XP
Make a backup the SFC_OS.DLL in the C:\WINDOWS\SYSTEM32 directory. Make an additional copy of SFC_OS.DLL called SFC_OS1.DLL and open it in a hex editor. Windows XP (no Service Pack) At offset 0000E2B8 (0E2B8h) you should find the values "8B" and "C6". Windows XP (Service Pack 1) At offset 0000E3BB (0E3BBh) you should find the values "8B" and "C6". Do not continue if you are unable to find these values. Change the values "8B C6" to read "90 90" and save the changes. Run these commands to update the system files: copy c:\windows\system32\sfc_os1.dll c:\windows\system32\sfc_os.dll /y copy c:\windows\system32\sfc_os1.dll c:\windows\system32\dllcache\sfc_os.dll /y
If you are prompted to insert the Windows CD, click Cancel. Restart Windows for the change to take effect. Once these files have been updated apply the registry setting above.
Alternatively you can also just start the machine with a debugger attached running the kernel with /DEBUG I do this all the time for various reasons but I wouldnt advise this option unless you really know what your doing.
GSecur
Jan 7 2004, 07:16 PM
Good Post Archived
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
