Problems with 8.0.24.0 as restricted user

37 views
Skip to first unread message

clustercats

unread,
Mar 15, 2006, 1:16:29 AM3/15/06
to
Hello,

yesterday I tried to install the new 8.0.24.0 player for IE6 and Firefox on
WinXP SP2.

1. Firefox-Plugin: Installs to c:\windows\system32\macro... but not to
c:\program files\mozilla firefox\plugins. So Firefox used still the 8.0.22.0
plugin and I had to copy the files manually from system32 to Firefox plugin
folder to get it updated. Installation of previous 8.0.22.0 did copy into the
proper folder.

2. IE6-Plugin: Switched user to Admin as plugin couldn't be installed without
admin rights. New 8.0.24.0 works when I'm logged in as admin. When I switch
back to restricted user the plugin doesn't work, IE shows the bar above that a
missing plugin needs to be installed (what cannot be done as restricted user).
Again, 8.0.22.0 installed and worked fine on the same config.

Anyone else tried the new plugin as a restricted user?

wingtong

unread,
Mar 15, 2006, 6:49:05 PM3/15/06
to
I have started installing v8.0.24 on 2 xp and 1 2k stations and all 3 have the
same problem. Can install when logged in as administrator but when other
general users (power user rights) log in to the same machine and go to a flash
web page, that user/computer is asked again to install the flash program but
cannot since that user do not have admin rights. If I give that general user
admin rights, and he/she logs back in, then the flash page works fine. But
after he/she logs out and I take admin right off for that user, and that user
logs in again and again goes to a flash page, the error occurs again.

If I completely uninstall flash and delete the
c:\windows\system32\macromed\flash folder, give that general user admin rights,
log in as that general user and install flash, then the flash pages come in ok.
If after this install by the general user with admin rights logs out and I
remove admin rights from that general user and place him/her back with power
user rights; and that general user logs back in again, the flash pages now
still comes in ok!! The only difference here is that that general user
installed flash with admin rights to begin with before removing that general
user's admin rights. HOWEVER, other general users logging in with only power
user rights on the same machine will again get the same error when going to a
flash page!

clu...@gmail.com

unread,
Mar 15, 2006, 7:42:18 PM3/15/06
to
I believe that flash8.ocx is setting the wrong permissions on these
registry keys:

HKEY_CLASSES_ROOT\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}
HKEY_CLASSES_ROOT\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}

I have contacted Adobe (Macromedia) about this and wrote about it here,
with no response yet:

http://www.macromedia.com/cfusion/webforums/forum/messageview.cfm?catid=194&threadid=1130795&enterthread=y

I have also removed Adobe from my Christmas list until further notice.

-- Chris Lundie

clu...@gmail.com

unread,
Mar 15, 2006, 7:45:48 PM3/15/06
to
Sorry, it's flash8a.ocx, not flash8.ocx.

Chris Lundie

unread,
Mar 15, 2006, 11:49:15 PM3/15/06
to
I've found I can work around the issue by giving Read permissions to
the Users and Power Users groups, on this key:

HKEY_CLASSES_ROOT\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}

J1989

unread,
Mar 16, 2006, 1:07:43 AM3/16/06
to
Identical trouble. I can run as Admin, but not as Limited User. And I don't
have the same result as 'wingtong', for my Admin account -- the one used to
install the update -- will fail if I transfer Admin rights to another user and
then limit the Admin account.

Other ActiveX controls (e.g., RealPlayer) run perfectly well in these accounts
under Limited-User privileges, so I don't think this is a Windows issue despite
the fact that this occurred on Microsoft's "Update Tuesday". No major changes
were included in the latest round of their updates. What also bothers me is
that the "last-modified" date for flash8a.ocx is January 2, 2006. I wonder
just what has changed, if anything, other than the fact that Flash now is
useful just for Administrators. By the way, uninstalling Flash using the
program 'uninstall_flash_player.exe' and then reinstalling it had no effect.
The file information, and the behavior, remained the same.

As an amusing aside, I mused about killing the control until the issue was
resolved and looked at the ActiveX compatibility section. They apparently have
an incorrect Registry data type for the ActiveX Compatibility for Flash. I
show a REG_SZ entry for Flash; all of the other thousands of entries (mostly
killed controls) have DWORDs. Present entry:


"Compatibility Flags"="0"

It should be a DWORD, no? I.e.,

"Compatibility Flags"=dword:00000000

Mister J


Bentley Wolfe [Adobe]

unread,
Mar 16, 2006, 8:24:24 AM3/16/06
to
wingtong wrote:

All users must have read/write access to
c:\<winversion>\system32\macromed for Flash Player to work (doc'd in "
Common Macromedia Flash Player install issues", at
http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_19166)

Beyond that I'm checking with Engineering to see how what the facts are
about limited user installs and I'll post something as soon as I have
more info..

Bentley Wolfe
Senior Support Engineer, Flash/Flash Player
*Macromedia, now a division of Adobe Systems

clustercats

unread,
Mar 16, 2006, 9:49:47 AM3/16/06
to
Thank you for checking it. Some more facts:
- mentioned Folder "macromed" has read/write rights for power users, 8.0.22.0
worked for a power user, 8.0.24.0 doesn't
- new Shockwave plugin (also below the same macromed folder) works fine even
as limited user, only flash is affected

Got Firefox plugin installed in the proper folder by editing some registry
values with plugin paths (installed a beta nightly version of firefox by
extracting a zip rather than running an installer).

J1989

unread,
Mar 16, 2006, 11:58:14 AM3/16/06
to
Interesting development this morning. I drew inferences from two separate
sources:

Operation depending upon the user doing the installation.
Macromedia's requirement to use a special tool to uninstall.

The idea occurred that someone might be altering Registry permissions. Well,
the following two keys fit the bill:

HKCR\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000} Shockwave Flash Object
HKCR\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000} Macromedia Flash Factory
Object

For these two keys, and possibly for others that I have not discovered,
SetValue and Delete are being denied to everyone. I cannot "neutralize" these
permissions by exporting them, deleting the keys, and importing them back into
the Registry until I alter the permissions to remove the denial of SetValue and
Delete privileges. After having done just that, Flash works for all users,
even for the Guest account.

I am very reluctant to post directions on Registry modifications. Otherwise,
the first person who has non-standard privileges installed by an Administrator
will scream when I wreck their system. Mitigation instructions should come
from Adobe/Macromedia, not from forum users. I'm not sure just what motivated
Macromedia to do what they have done here, but it is not a bright idea.
Registry permissions are dangerous privileges. DON'T MESS WITH THEM.

If there are other keys that have such alterations, then I am going to request
that Macromedia kindly inform us. It is imperative that Macromedia repair the
damage done. They must also come up with a standard ActiveX control that can
be removed by the usual means. To this writer, "cementing" programs and
Registry entries is just one or two steps removed from dropping a rootkit into
the system.

Mister J
XP/SP2; IE6/SP2


J1989

unread,
Mar 16, 2006, 5:43:08 PM3/16/06
to
More Registry keys with invalid permissions:

HKEY_CLASSES_ROOT\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A} FlashProp Class
HKEY_CLASSES_ROOT\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000} Flash TypeLib

Interesting that Shockwave {166B1BCA-3F9C-11CF-8075-444553540000} has normal
permissions, but Flash needs to be "locked" into the Registry. And the control
Flash8a.ocx is locked down. Of the four files in
C:\WINDOWS\SYSTEM32\Macromed\Flash, the Flash control is read-only. Looking at
it in a CMD window, dir/s/ar WINDOWS\SYSTEM32\Macromed shows: 2006-01-02
11:13 AM 1,443,464 Flash8a.ocx. Why the stealth? Good grief; dir/s/ar
WINDOWS\SYSTEM32\*.dll shows just 25 files out of a total of 4,837. And why
January 2 for a control released on March 14? With some difficulty, I rescued
the March 14 cabinet file from the Temp files and verified that the contents
are the same as what are now in the Macromed folder. Shame on me, but I didn't
check to see what had been in Macromed before doing the update, figuring that
Macromedia would be the last operation to mess up an installation. However,
the date of January 2 would seem to indicate that the control is the old one.
Kindly correct me if mistaken.

One is forced to ask the question, "Is the meat of the March 14 update simply
the lockdown of the Flash Registry keys?" If that is indeed the case, then
unlocking the keys in an attempt to get the control to work will simply revert
the control to the alleged vulnerable state. Lacking other answers, it may be
necessary to disable the control until this issue is resolved.

Mister J
XP/SP2; IE6/SP2

Bentley Wolfe [Adobe]

unread,
Mar 16, 2006, 7:43:13 PM3/16/06
to
J1989 wrote:
> More Registry keys with invalid permissions:
>
> One is forced to ask the question, "Is the meat of the March 14 update simply
> the lockdown of the Flash Registry keys?" If that is indeed the case, then
> unlocking the keys in an attempt to get the control to work will simply revert
> the control to the alleged vulnerable state. Lacking other answers, it may be
> necessary to disable the control until this issue is resolved.
>
> Mister J

There is much more to it than that.

We are actively working on a solution for the restricted user
permissions problem. Should have more info on Friday..

graciellaj

unread,
Mar 17, 2006, 9:20:11 AM3/17/06
to
I, too, am having the same problem and am frankly floored that Macromedia did
no testing of this before releasing. Those who are somewhat security conscious
will naturrally go quickly to update Flash when a vulnerability is found, yet
they are also most likely to be taking the safety step of running as user
instead of admin while on the Net, and therefore are going to be affected by
this. Hoping that more info is released quickly to help those of us affected by
this to recover.

graciellaj

unread,
Mar 17, 2006, 9:50:53 AM3/17/06
to
Originally posted by: graciellaj giving "everyone" READ permissions for one or
two registry keys and then installing in the user account,

Just a quick update to say that giving ONE reg key "read" (not full control)
permissions for "everyone" allowed me to install Flash in the user account, and
it works perfectly. The key is
HKEY_CLASSES_ROOT\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000} .

However, I have NO idea if this increases vulnerability at all and so am still
looking forward to official word from MM. I only took this step because I am
doing the update for someone else, and will not have access to this computer
for long, and the friend is VERY computer phobic and will never (thank heaven)
go into the registry himself. So it was now or never, and he needed his Flash.


Emmy

unread,
Mar 17, 2006, 6:16:57 PM3/17/06
to
Hi,

We are actively working on isolating this issue for an appropriate fix,
but I would like to address some of the concerns raised here about
registry and file permission changes introduced in this release. Per
the release notes:
http://www.macromedia.com/support/documentation/en/flashplayer/8/releasenotes.html#24

"The update to Flash Player 7 (7.0.63.0) and Flash Player 8 (8.0.24.0)
includes security enhancements described in Security Bulletin
APSB06-03, and also introduces additional version checking to the
installation process. Because older installers and controls do not
contain the new version checking logic, the Flash Player control is
locked upon installation. Starting with this update, installers and
uninstallers from Adobe are designed to work with this change, and
there is no impact to the end-user installation experience. Flash and
Flex developers may need to make slight modifications to their normal
methods of switching between player versions during testing to account
for this change."

This release includes the new version checking logic in addition to
fixing internally discovered vulnerabilities. Right now, it appears
that when admins configure the rights for restricted user profiles,
there is some issue with propagation of rights that apparently
overrides the settings of this particular registry key to block read
access.

Gracielaj's temporary workaround is fine until we fix the issue and
will not affect the vulnerability of the player. This change gives Read
access to the GUID for Flash Player which will allow Internet Explorer
to read the key and load the player for Restricted Users. Note: do not
give Write permissions to the key, as it may introduce vulnerabilities.

Technote: http://www.macromedia.com/go/624850b5

Thanks,
Emmy Huang
Product Manager, Flash Player

wingtong

unread,
Mar 17, 2006, 6:12:24 PM3/17/06
to
If this issue with non-admin users being unable to use the flash player is a
consistent repeatable problem, then am I to deduce from the relative lack of
comments from users that a large majority of users log in with administrative
rights? I shudder to think...

Emmy

unread,
Mar 17, 2006, 8:14:28 PM3/17/06
to
Hi wingtong,

This issue it is a little sporadic, which is why we consider this issue
under investigation. We are actively working on isolating this issue
for an appropriate fix. Providing information on OS version, SP
versions, IE versions when reporting issues is extremely helpful to us
for this reason.

best,
Emmy
Product Manager, Flash Player

Chris Lundie

unread,
Mar 17, 2006, 8:39:14 PM3/17/06
to
If it helps, my system is Windows XP Professional SP2 with all updates
applied. I can reproduce the bug every time, even if the Flash Player
is completely removed with UninstFl.exe first.

Bentley Wolfe [Adobe]

unread,
Mar 17, 2006, 10:19:35 PM3/17/06
to
graciellaj wrote:

Workaround technote:
http://www.macromedia.com/go/624850b5

J1989

unread,
Mar 18, 2006, 12:26:53 AM3/18/06
to
Wingtong: Shudder more to know that ActiveX control providers do not consider
Limited Users.

Bentley Wolfe posted a workaround technote:
http://www.macromedia.com/go/624850b5 . Reading the referenced technical note
leaves me with as many questions as answers.

A check of the technote's Registry keys shows that the very last one,
HKLM\SOFTWARE\ ... \Uninstall\{436EE5F2-71F0-4738-B8E7-93741EF4828F}, is not in
my system. Neither it nor the GUID {436EE5F2-71F0-4738-B8E7-93741EF4828F} has
EVER been, according to past Registry backup files. But as a consolation
prize, HKLM\SOFTWARE\ ... \Uninstall\ShockwaveFlash is present. And the
statement, "...They will also need write access privileges to the following
directory: C:/Windows/System 32/Macromed/" also doesn't correspond with what
exists in this machine. Flash runs perfectly well here even though USER write
privileges do not exist for the directory. And what is being written? Even on
the occasions when I run as an Administrator on the Internet, visiting trusted
sites having Flash, there appears to be nothing written to any folder or
subfolder in C:/Windows/System 32/Macromed. For the entire year 2006 to date,
other than the March 15 update, only Shockwave.log has been modified -- on
January 6.

Mister J
XP/SP2; IE6/SP2

graciellaj

unread,
Mar 18, 2006, 5:34:02 AM3/18/06
to
Originally posted by: Newsgroup User
Workaround technote:
http://www.macromedia.com/go/624850b5

Bentley, thank you for officially posting the workaround we'd found already,
but just one more note: for those on Win2k machines, there is no "right click,
choose permissions" option. Any thoughts for Win2k machines?

And hopefully, from here on in, Adobe will a) seriously consider the
security-related phenomena of savvy users running as user rather than admin. on
the net and b) beta test these updates under more real-world conditions.

And please understand that it is critical for most of us that anything we
install on our own or client computers can be easily uninstalled, which is
apparently not necessarily the case with this. Would love this to be addressed
as well.

Thanks again for the response; have passed along the link to the tech note.

J1989

unread,
Mar 18, 2006, 12:42:01 PM3/18/06
to
Originally posted by: graciellaj
... for those on Win2k machines, there is no "right click, choose permissions"
option...

Gracie:

On Windows 2000, there is a difference between 'REGEDIT' and 'REGEDT32'. The
latter (regedt32) will give you more capabilities than 'regedit'. On XP, the
programs are one and the same.

Mister J
XP/SP2; IE6/SP2

Bentley Wolfe [Adobe]

unread,
Mar 18, 2006, 1:36:08 PM3/18/06
to graciellaj

Why am I posting on Saturday? I need to have my head examined....

We appreciate the concern, really. Rest assured that this situation is
being taken very, very seriously.

For Win2K, use regsvr32. As the technote mentions, our target for this
is XP, which is why we didn't mention that. If I see a lot of requests
I'll add text about Win2k...

Keep in mind this is an interim workaround while we develop a more
complete solution that won't require any manual editing. That complete
solution should handle your uninstall question.

In a perfect world there would be no errors. Then I'd be unemployed....

J1989

unread,
Mar 18, 2006, 3:43:22 PM3/18/06
to
Originally posted by:
For Win2K, use regsvr32....
Bentley:

I, and hopefully all others, appreciate your participation in this matter.
Must be a tough Saturday morning indeed. regsvr32 registers or unregisters (/u
option) an ActiveX control. You do mean regedt32, I believe?

Mister J


graciellaj

unread,
Mar 18, 2006, 4:18:51 PM3/18/06
to
Originally posted by: Newsgroup UserWhy am I posting on Saturday? I need to
have my head examined....

For Win2K, use regsvr32.

I sympathize, Bentley, as I'm posting on a Saturday too :). I'd love to know
if the fix for Win2k is the same, just using REGEDT32 (I assume you meant that
and not Regsvr...). I'll give it a try when I can get back to the client
laptop.

I DO believe y'all are taking this seriously, and appreciate the help; hope
you understand our frustration that this very obvious flaw wasn't picked up
before release. We're all in this together, and certainly don't want you out of
a job, while still hoping for bug-free software :). Have a good weekend.

AlexD77

unread,
Mar 20, 2006, 4:54:21 AM3/20/06
to
fixed the problem on my machine.

What's written in
http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=624850b5 isn't
actually enough. I had to do to the same thing with:


HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-44455354000
0},

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}
,

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}

keys

Hope, this will help someone.

Macromedia, thanks for the 2 lost hours :(

Btw, why I cannot make:
var xmlhttp = WScript.CreateObject("FlashFactory.FlashFactory");
with windows scripting host?

the same time this one work perfectly:
var xmlhttp = WScript.CreateObject("ShockwaveFlash.ShockwaveFlash");

Keefchad

unread,
Mar 20, 2006, 7:06:43 AM3/20/06
to
May not be related but on my XPsp2 machine administrator works fine - but other
users can only get some content to work. i.e.
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_man
ager02.html#118539
says I need FlashPlayer to view whilst
http://www.macromedia.com/shockwave/welcome/
tells me I have FlashPlayer installed!:Q

webfor...@macromedia.com

unread,
Mar 20, 2006, 10:02:40 AM3/20/06
to
If the concern were being taken "very, very seriously" as you suggest, you would not be complaining about posting on a Saturday.

Any idea when the "complete solution" will be made available?

Bentley Wolfe [Adobe]

unread,
Mar 20, 2006, 4:38:59 PM3/20/06
to

I was sober, honest. Of course i meant regedt32...

Bentley Wolfe [Adobe]

unread,
Mar 20, 2006, 5:13:24 PM3/20/06
to
jben...@gwrr.com wrote:

> If the concern were being taken "very, very seriously" as you suggest, you would not be complaining about posting on a Saturday.

Well, I complain a lot. Part of my nature...


> Any idea when the "complete solution" will be made available?

I do not have any further information that I can announce at this point.

Dataman72

unread,
Mar 20, 2006, 9:42:21 PM3/20/06
to
I guess add me to the list. Ever since I "updated" my system to Flash 8 and
can get no version of flash to work on the system. I have the dreaded 1904
error and cannot get an install. I tried both tech notes of giving permissions
in the registry to no avail. I even got disgusted and gave everything in each
key all the permissions I could. It appears the files for Flash 8 are in the
System32/Macromed/Flash directory but there is no plug-in in the
Windows/downloaded program files directory like there used to be. The shock 10
plug-in is there and that installed fine... I can't imagine what all the
people that have no computer savey are doing or saying.. There should have
been more testing before the release. I have a website-
Integrityvalidations.com that I cannot even access now from my system. I am so
glad I haven't "upgraded" the other systems I have yet..

wingtong

unread,
Mar 21, 2006, 1:37:26 PM3/21/06
to
J1989 or anyone else who might want to give 2 cents:

Does this "lock-down" mean that you can never delete/move/etc. the flash8a.ocx
file (without going through the registry)? Before I reinstalled flash, I moved
the existing flash folder onto my desktop so I'd have a copy of it just in
case. After reinstall, I realized that the file "flash8a.ocx" that's in my
desktop folder cannot be erased and it cannot be changed from it's current
"readonly" state (again, without going through registry). Which means now I
have a flash folder on my desktop that has no purpose being there.

I know, minor details, BUT, this just points out the obvious (dare I say
blatant) lack of real-world testing done on this seemingly critical security
update from adobe/macromedia; and I've always placed adobe/macromedia in high
regards when it comes to their products. I would think a single hour of
testing by a single person would have concluded at least half of the problems
we users are now facing. My best guest is that the program was written...and
it was released with NO testing at all. This brings the business concept of
putting beta products on the market to have users "pay" to do the testing and
then have them pay again for the upgrades to another level! Granted, this
flash update is Free, but it becomes very costly when we the users cannot get
our work done!

ps, give the Adobe's Bentley Wolfe here a break, let's not kill the messenger
who may be our only link to Adobe/Macromedia...


J1989

unread,
Mar 21, 2006, 4:45:50 PM3/21/06
to
Originally posted by: wingtong

Does this "lock-down" mean that you can never delete/move/etc. the flash8a.ocx
file (without going through the registry)? Before I reinstalled flash, I moved
the existing flash folder onto my desktop so I'd have a copy of it just in
case. After reinstall, I realized that the file "flash8a.ocx" that's in my
desktop folder cannot be erased and it cannot be changed from it's current
"readonly" state (again, without going through registry). Which means now I
have a flash folder on my desktop that has no purpose being there.

...this just points out the obvious (dare I say blatant) lack of real-world
testing...

...give the Adobe's Bentley Wolfe here a break, let's not kill the messenger

who may be our only link to Adobe/Macromedia...

Wingtong:

Regarding the first item, I used the term "lock down" loosely to describe the
read-only status given to the referenced Adobe folder. Microsoft doesn't even
do this to its own files in WINDOWS\SYSTEM32 with the exception of a few files.
You don't need to go through the Registry to delete read-only files and
folders. One can, with Administrator privileges, simply change the file or
folder properties by right-clicking its name and then left-clicking
"Properties". Under the "General" tab, the file/folder attributes will show
near the bottom of the window. Clear the "Read only" button and click OK. If
you do this to a folder, you may get a popup window asking if this is to be
applied to subfolders and files. In your case, with the unwanted folder, apply
it to all. I've seen this work and fail. For the latter, attempt to change
the attributes of individual files, deleting afterwards as you go. This should
be simple enough; the Flash folder has just 4 files in my system. If you still
have trouble, post back.

Now as for flash8a.ocx, one should not simply delete it. ActiveX controls, if
just deleted, leave broken paths in the Registry. There are several methods
used to clean them up. The preferred way is to use Add/Remove Programs if the
control does show there, and in fact Flash does have an entry in that list.
Unfortunately, Flash cannot be removed by that method per
http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_14157 . As
described there, you now need to download and run uninstall_flash_player.exe.

For the record, other ActiveX removal methods include using the right-click
and "Remove" option in the C:\Downloaded Program Files folder, using regsvr32
/u ---.dll and then Delete for dll-based controls, and, as a good last-resort,
using the capabilities in the ever-popular HijackThis program.

Regarding your other two quoted comments, this writer fully agrees with the
testing issue. I always felt that Flash was probably the finest example of an
ActiveX control -- safe, fairly lean on resource requirements (compared with
QuickTime, for example), and functional. After this blows over, it probably
will revert back to that status. But, to Adobe/Macromedia, test the darned
thing before you release it. And find a fix that requires neither a Registry
"hack" nor an uninstaller. Both are downright ugly, and potentially
troublesome as evidenced by this latest issue. And, yes, kudos to Bentley
Wolfe for standing in the line of fire and keeping us informed. Keep it up,
Bentley!

Mister J

wingtong

unread,
Mar 21, 2006, 8:56:50 PM3/21/06
to
just to clarify, originally, I removed the flash 8 program via add/remove
programs before (or was it after?) moving that flash folder to my desktop.
Now, when I try to delete that folder (and specifically the flash8a.ocx file)
(logged in with admin rights), I get the message "Cannot delete Flash8a: Access
is denied....." When I try to uncheck the Read-only attribute, I get "Error
applying Attributes....access is denied..." Not a big deal, I will live with
it, but it's just an unnecessarily messy deadend with that file/folder.

...by the way, did we scare away our Adobe contact Bentley? ...must be a
bigger more complex issue for Adobe than we may think?

J1989

unread,
Mar 21, 2006, 9:12:54 PM3/21/06
to
Originally posted by: wingtong
...when I try to delete that folder (and specifically the flash8a.ocx file)
(logged in with admin rights), I get the message "Cannot delete Flash8a: Access
is denied....." When I try to uncheck the Read-only attribute, I get "Error
applying Attributes....access is denied..." Not a big deal, I will live with
it, but it's just an unnecessarily messy deadend with that file/folder.
Wingtong:

Before you try complicated and/or desperate measures to delete the unwanted
folder, try this little trick. Just drag it from your desktop into
Macromedia's Flash folder at C:\WINDOWS\SYSTEM32\Macromed\Flash. If your
system is like mine, you then will have four files along with the unwanted
folder. The next time you uninstall Flash prior to the next update (hopefully
very soon), the uninstaller should remove everything inside the Flash folder,
including the junk subfolder. Let it clean up its own mess.

Mister J

Steve

unread,
Mar 22, 2006, 12:30:31 AM3/22/06
to

Chris Lundie wrote:
> I've found I can work around the issue by giving Read permissions to
> the Users and Power Users groups, on this key:
>
> HKEY_CLASSES_ROOT\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}

Thanks, this worked around the issue for me!!!

Specifics: Windows XP Media Center SP2 and all Microsoft Updates (6
Computer users: 2 adults and 4 kids accounts).

Nothing like working all day with computers and having this kind of
problem when you get home on your home computer. You know the wife
can't send winks any more in MSN messenger and the kids can't get into
their accounts to feed their pets "Webkinz". And of course it's my
fault for keeping the computer up to date with the latest updates and
releases. I hate to say it but this level of testing is why many large
corporations wait years to update any of their software.

Thanks also to Bentley Wolfe (Adobe), without his confirmation that
this will work around the issue without creating any new
vulnerabilities, I probably wouldn't have tried messing with the
registry to fix it.

With this change all 6 accounts now work fine.

dsrs

unread,
Mar 22, 2006, 8:46:39 AM3/22/06
to

ok i tried this. i now have three flash8a.ocx files in three different
folders. they come from attempting to REINSTALL from the flash site
[hoping to get the flash uninstaller so i could delete flash8a.ocx
without the access denied errors coming up]
firstly...you cannot actually reinstall from the flash site if the
flash8a file is in the system 32 macromed flash folder!
the adobe/macromedia site tell you that you have successfully
installed, but when you look in the folder mentioned, you will find
that none of the flash files other than preexisting flash8a have been
installed. so you have no uninstaller.

so you can MOVE the flash8a to any other folder. THEN the flash player
install works.
SHOULD you manage to remove flash8 with the uninstaller, or from
add/remove, you are still left with [at least i am] those other flash8a
files. and they are still blocked so you can never never delete them

i would be grateful to hear how i CAN delete them [tried safe mode and
even a program that purports to delete files immediately during boot
up]
and i promise never ever to install any adobe or macromedia software
again

wingtong

unread,
Mar 23, 2006, 12:14:54 PM3/23/06
to
Let's push this topic back on top of the list. We are still waiting for an
official solution from adobe that doesn't require workarounds nor regedits.
Today's dissapointing business news on Adobe's quarterly net income may not
help the cause. And by the way, has Bentley started showing up on milk cartons
yet?

J1989

unread,
Mar 23, 2006, 1:14:28 PM3/23/06
to
Wingtong said, "Let's push this topic back on top of the list." Fully agreed.
Mr. Wolfe did all of us a favor recently by keeping us informed; but, alas, the
messenger has disappeared. We would like to know that Macromedia is still
alive, well, and working on a solution.

I don't want to rush for a "fix" that merely plugs the dike. Hundreds of OLE
objects run in Windows without the need for special Registry permissions or
special file-access privileges for Limited Users, and Flash should be no
different. Whatevere the security issue is, don't hack the Registry; rather,
just fix the code. Good grief -- make Flash like any other ActiveX control.
With the exception of Flash, the thirty-some ActiveX controls that are in my
"Manage Add-ons" list run perfectly well in any account -- Admin or Limited --
without tweaking Registry permissions.

Mister J

sunviper666

unread,
Mar 24, 2006, 5:57:55 AM3/24/06
to
Can I have my IE Flash player 8 back NOW! please.
Amazing how a company that size can stall the fix so long.

Installing the flash 8 player with the .msi package as admin will not work
after correcting the killbit or any other stupid permissions. Flash is also
activated in browser. I end up with white boxes where the flash movie should be.
Right click on it and it say: movie not loaded.

If Adobe / Macromedia can't solve their own created mess someone should sue
them. its almost insane that a company got the right to disable a fully working
application. Worse is hiding this registry hack / virus as a security update.

Also, the version creating all the problems is still on their website for
download.

Fix this NOW!! amateurs.

sunviper666

unread,
Mar 24, 2006, 9:31:40 AM3/24/06
to
Installed the Flash player again.
Now it loads but somehow all flash files show up as just not loaded.
There is no white X and a red dot on mine.. and I can right click and click on
About Macromedia flash player 8.
So the plugin is loaded. But not working. It refuses download of the actual
.swf file..
The white area is the actual designated area that should hold the movie.


:brokenheart; Macromedia

mjm01010101

unread,
Mar 24, 2006, 9:17:32 AM3/24/06
to
I have the same issue. Now, after following the technote, I see a white box, where a red "x" used to be. The technote also doesn't explain if one should remove the "deny" from the everyone ACL.

Donnie76

unread,
Mar 24, 2006, 11:28:05 AM3/24/06
to
:|
This is a disgrace!

It has been over a week since the issue was posted in here and still the
problem is not solved!!!!!!!!!!!!!!!!!!!!!!!
Mr Bentley or any other Adobe employe working with this issue Im not feelling
sorry for you guys at all.
This is a major problem that Adobe and their incompetent personell is
responsible.

My highly personel point, no disrespect just my way of seeing the obvious.

Get something done already!

Irritated regards
Donnie76

J1989

unread,
Mar 24, 2006, 2:43:20 PM3/24/06
to
Easy, folks!

Several recent posts have expressed discomfort due to Macromedia's delay in
providing a solution to the Limited User issue. As a software developer myself
(embedded systems), I am certainly frustrated by the very existence of a
problem that, by my inference at least, shows a measure of na?vet? regarding
User versus System access to resources. However, allow me to say that it takes
time to develop and to TEST any patch. Hopefully, Macromedia is doing the
latter this go-around.

In this regard, please cut them some slack. Excessive pressure may force them
to release another version that lacks sufficient testing.

Mister J


Mark Loman / SurfRight

unread,
Mar 24, 2006, 4:31:09 PM3/24/06
to
I have created a possible hotfix for this issue, using hints from this thread. If you would like to try it, send me an E-mail.

sunviper666

unread,
Mar 26, 2006, 4:32:37 AM3/26/06
to
I agree it takes time.

But it should have been tested properly before the release.
More and more software developers use the general public or their customers to
test out the software for them. They save money from it. Thats why we have this
eternal patching system in place.

You can't even buy a single computer or even a Xbox game today that works from
the first version.

Its okay with a game because its only the company themselves that lose
customers from it.

But when it comes to a production environment then its another matter, Its
your company or it's customers that get the problems.

They should sack that production manager that approved this release.
That person is defenitely not up for the Job.

And support should get a overhaul for not solving the issue in time.
Maybe Mr Wolfe isn't the real Mr Wolf after all.

sunviper666

unread,
Mar 26, 2006, 6:16:12 AM3/26/06
to
Mark Loman - sorry it just don't work.
You need to unlock more keys probably.
Still get the 1904. The fix does not work for me.

J1989

unread,
Mar 27, 2006, 12:36:44 AM3/27/06
to
Originally posted by: Mark Loman
I have created a working hotfix for this issue. You can download it here:
http://members.home.nl/mloman/fphotfix.exe

Originally posted by: sunviper666

Mark Loman - sorry it just don't work.

Mark Loman: An executable hot fix -- of over 300 KB? With all due respect,
Mark, can't this be done using VBScript, and thus at least be open to scrutiny?
Company -- and personal -- policies do not allow the download of executables
except those approved after considerable research.

Sunviper666: You have more nerve than I, sir. Just what did this program do?

Mister J


mjm01010101

unread,
Mar 27, 2006, 4:32:09 PM3/27/06
to
In my limited and uninformed opinion this issue is bigger than the simple fix
of the registry key listed in the article. Else why would it take so long to
rerelease this fix as a new version on the plug-in page? Testing for this
would take hours, not weeks, as it has been. The registry fix is not working
in my environment, either, users see a white page where there used to be a red
x.

Char35

unread,
Mar 28, 2006, 2:09:54 PM3/28/06
to
Thankyou, thank you, thank you Mark! The hotfix worked for me. :)

Mike-NL

unread,
Mar 29, 2006, 4:40:30 AM3/29/06
to
Also in my case, the workarounds posted do not work in MSIE6 under the
restricted user (XP Pro). The only effect is that the "x" - indicating a
missing plugin - has disappeared. This is truly a serious and annoying issue. I
just went back to 8.0.22 (glad I made a disk image). Until Adobe releases a new
version, I stay there.

Emmy

unread,
Mar 29, 2006, 12:28:59 PM3/29/06
to
Hi,

We posted a technote for developers that want to switch between
versions during testing: http://www.macromedia.com/go/4da116d3

best,
Emmy

Bentley Wolfe [Adobe]

unread,
Mar 29, 2006, 5:49:57 PM3/29/06
to
clustercats wrote:

> Hello,
>
> yesterday I tried to install the new 8.0.24.0 player for IE6 and Firefox on
> WinXP SP2.
>
> 1. Firefox-Plugin: Installs to c:\windows\system32\macro... but not to
> c:\program files\mozilla firefox\plugins. So Firefox used still the 8.0.22.0
> plugin and I had to copy the files manually from system32 to Firefox plugin
> folder to get it updated. Installation of previous 8.0.22.0 did copy into the
> proper folder.
>
> 2. IE6-Plugin: Switched user to Admin as plugin couldn't be installed without
> admin rights. New 8.0.24.0 works when I'm logged in as admin. When I switch
> back to restricted user the plugin doesn't work, IE shows the bar above that a
> missing plugin needs to be installed (what cannot be done as restricted user).
> Again, 8.0.22.0 installed and worked fine on the same config.

I'm loooking for a few users to test a possible fix for this restricted
users issue mentioned in http://www.macromedia.com/go/624850b5.

First few people to email me at bwo...@adobe.com will be contacted later
tonight.

graciellaj

unread,
Mar 29, 2006, 7:28:40 PM3/29/06
to
For those who have difficulty accessing the KB article referenced in Bentley's
last note, he added a period to the link. Just remove it and it will work fine.

Fingers crossed re: the fix, though for me, the single registry permissions
tweak worked to allow Flash to function in user accounts. Doesn't address the
potential uninstall issue mentioned here, though.

Bentley Wolfe [Adobe]

unread,
Mar 30, 2006, 12:09:31 PM3/30/06
to
J1989 wrote:

There -is- a technote that will explain how you can unlock the control:

Installation issues with Flash Player 7.0.63.0 or 8.0.24.0 and later
http://www.macromedia.com/go/4da116d3

Bentley Wolfe [Adobe]

unread,
Mar 30, 2006, 12:10:54 PM3/30/06
to
J1989 wrote:

Actually do this instead:

Read: http://www.macromedia.com/go/4da116d3

That will tell you the correct way to unlock the control

Bentley Wolfe [Adobe]

unread,
Mar 30, 2006, 12:13:18 PM3/30/06
to
sunviper666 wrote:

> Can I have my IE Flash player 8 back NOW! please.
> Amazing how a company that size can stall the fix so long.

Do you want a quick fix? or do you want the correct fix?

ion creating all the problems is still on their website for
> download.
>
> Fix this NOW!! amateurs.

I do have to say that this kind of response does not make me feel good
about all the extra effort I've been putting in to help this
peer-to-peer forum. This issue is one of our highest priorities, and
we want to be certain that whatever we do is an improvement. Patience!

sunviper666

unread,
Mar 30, 2006, 3:00:56 PM3/30/06
to
I want a fix. I didnt know there was an option of a slow or fast one.
I want big companies to stopp messing up the registry.
I want to be able to use my computer as I see fit.

So yes maybe next time do a slow security patch so we all can rest at night.


Stormdude

unread,
Mar 31, 2006, 1:44:24 PM3/31/06
to
Any word on a fix for this yet? We still cannot run the Flash player as
non-admins. The players can be installed and run by users elevated to admin
status, but once they are returned to user or power user status, they are
prompted to install the Flash player again.

All users have full read/write permissions for the "macromed" folder.

Advice is much appreciated!

NickN4m3

unread,
Mar 31, 2006, 2:20:24 PM3/31/06
to
Originally posted by: Newsgroup User

I'm loooking for a few users to test a possible fix for this restricted
users issue mentioned in http://www.macromedia.com/go/624850b5.

First few people to email me at bwo...@adobe.com will be contacted later
tonight.

Bentley Wolfe
Senior Support Engineer, Flash/Flash Player
*Macromedia, now a division of Adobe Systems

I tried the permission change on two different affected machines, both WinXP
SP2 and users with power user rights.

First machine (freshly installed four weeks ago): Changing the one mentioned
permission solved the problem.

Second machine (install from 2002 but always updated to latest patches):
Changing the one permission didn't work, and as mentioned by others after that
the red X was gone but flash still not working. I had to change the same
permission on all the other registry keys mentioned in this long thread (didn't
count, but should be 6 or 8). After all this it worked on this machine too.

So it seems to make a difference if only the 8.0.22 was installed before or a
bunch of old flash versions starting with 7.xx

Btw, the new shockwave player worked fine on both machines without tweaking!

Bentley Wolfe [Adobe]

unread,
Mar 31, 2006, 2:29:50 PM3/31/06
to

I am still seeking a few more people to test a possible fix. Please
email me at bwo...@adobe.com if interestd (preferably entprise admins or
at least folks with a reasonalby sized network..)

Bentley Wolfe [Adobe]

unread,
Mar 31, 2006, 2:56:14 PM3/31/06
to
clustercats wrote:

> Hello,
>
> yesterday I tried to install the new 8.0.24.0 player for IE6 and Firefox on
> WinXP SP2.
>
> 1. Firefox-Plugin: Installs to c:\windows\system32\macro... but not to
> c:\program files\mozilla firefox\plugins. So Firefox used still the 8.0.22.0
> plugin and I had to copy the files manually from system32 to Firefox plugin
> folder to get it updated. Installation of previous 8.0.22.0 did copy into the
> proper folder.
>
> 2. IE6-Plugin: Switched user to Admin as plugin couldn't be installed without
> admin rights. New 8.0.24.0 works when I'm logged in as admin. When I switch
> back to restricted user the plugin doesn't work, IE shows the bar above that a
> missing plugin needs to be installed (what cannot be done as restricted user).
> Again, 8.0.22.0 installed and worked fine on the same config.

Ping: As of 3/31/06 I'm still looking for a few enterprise savvy
network admins to test a possible fix of this issue. Please contact me
at bwo...@adobe.com. The window of opportunity for testing is -very- short.

(If you've previously contacted me you might be asked to test again as
well, and thanks for your participation).

Bentley Wolfe [Adobe]

unread,
Mar 31, 2006, 3:04:28 PM3/31/06
to
Bentley Wolfe [Adobe] wrote:

> clustercats wrote:
>
>> Hello,


. Again, 8.0.22.0 installed and
>> worked fine on the same config.
>
>
> Ping: As of 3/31/06 I'm still looking for a few enterprise savvy
> network admins to test a possible fix of this issue. Please contact me
> at bwo...@adobe.com. The window of opportunity for testing is -very-
> short.
>
> (If you've previously contacted me you might be asked to test again as
> well, and thanks for your participation).

Also if you think of it please use the subject line "FP8 Restricted User
Testing". Make it easier to find in the hundreds of mails..

Bentley

jpole1

unread,
Mar 31, 2006, 4:17:09 PM3/31/06
to
:D
Your registry tweak did the trick for me. Now, all my restricted users can use the flash player.

Thanks!

Bentley Wolfe [Adobe]

unread,
Mar 31, 2006, 4:41:20 PM3/31/06
to
The workaround technote for Flash Player 8.0.24.0 restricted user
permissions problems has been updated with new keys. If you've tried
this workaround before please re-read..

"Problems running Flash Player 8.0.24.0 ActiveX control after
installation when logged in as Restricted User on Windows"
http://www.macromedia.com/go/624850b5

molitar

unread,
Apr 1, 2006, 9:27:40 AM4/1/06