This is the Windows Server Update Services support team blog. We cover all things relating to WSUS and Windows Update.
I had an interesting case last week and since it was caused by applying a workaround for another issue I thought I’d mention it here in case anyone else ran into it. What can happen is that when you try to install Windows XP Service Pack 3 (SP3) using WSUS, it may fail with a 0x8007f00d or 0x8007f02b error.
This can happen if the workaround for MS09-010 was applied to the client machines adding deny permission to file C:\program files\windows nt\accessories\mswrd8.wpc. This causes the WSUS installation to fail because we’re unable to access the file and update it. When trying to install SP3 manually (not using the Quiet switch), it causes an error reading the file above, prompting for a source to update the file or to skip the file. Since WSUS installs SP3 in quiet mode, the installation fails because it never prompts the user for file it's trying to update.
The resolution of course is to grant permission to the file. The easiest way to do this is via a batch file, which is what we did, containing the following line:
Echo y| cacls %programfiles%\windows nt\accessories\ /T /P Everyone:C
Once this batch file runs on the target, it changes the permissions of the file in question, thus allowing SP3 to install successfully.
Hope this helps,
Joao Madureira | WSUS Support Engineer
I tried to run the command stated but it does not do anything, this is what i got:
C:\Documents and Settings\userid>Echo y| cacls %programfiles%\windows nt\accessories\ /T /P Everyone:C
Displays or modifies access control lists (ACLs) of files
CACLS filename [/T] [/E] [/C] [/G user:perm] [/R user [...]]
[/P user:perm [...]] [/D user [...]]
filename Displays ACLs.
/T Changes ACLs of specified files in
the current directory and all subdirectories.
/E Edit ACL instead of replacing it.
/C Continue on access denied errors.
/G user:perm Grant specified user access rights.
Perm can be: R Read
C Change (write)
F Full control
/R user Revoke specified user's access rights (only valid with /E).
/P user:perm Replace specified user's access rights.
Perm can be: N None
/D user Deny specified user access.
Wildcards can be used to specify more that one file in a command.
You can specify more than one user in a command.
CI - Container Inherit.
The ACE will be inherited by directories.
OI - Object Inherit.
The ACE will be inherited by files.
IO - Inherit Only.
The ACE does not apply to the current file/directory.