[newbe]

Boy, do I have a problem. First, my system: HP Pavillion 2210 AMD 64 Dual Core 1.6GHz Vista Home Premium 32-bit Basically, an uninvited guest obtained access to my PC through a wireless network. This individual also happens to be the IT...

Boy, do I have a problem.

First, my system:

HP Pavillion 2210
AMD 64 Dual Core 1.6GHz
Vista Home Premium 32-bit

Basically, an uninvited guest obtained access to my PC through a wireless network. This individual also happens to be the IT guy administering the wireless network that I was using (and for which I was similiarly uninvited).

In a punitive retaliation -- and in my opinion, much to severe of one -- he made my pc a client on his network (he used the TrustedInstaller service), and set up a GPO, configured IPSec, and other things I am assuming and which I have not even noticed yet. Bottom line was that when I booted into windows, I was literally "locked in my box". I had access to a few applications, but could not configure anything. I did manage to gain access to an elevated command prompt and I initially listed the active services using net config, and then I made a decisions that took me from bad to worse. For some reason, I thought if I stopped the RPCSS service, it would help me in some way. It didn't. After that, I could not even boot into windows--nor did Last Good Configuration work, or System Restore. Nothing.

I got my hands on the Neosmart.com Vista boot CD .iso which originally came with SP1 (and later removed) and is Windows PE based. The main benefit of this boot CD is that I now have a command prompt on drive X: which is the Windows directory the boot-disk sets up.

However, my C: drive is locked down tighter than a Supermax prison. If I go into Regedit (about the only GUI app I can run), and look around my drive through the "Import" dialog bus, I can see that my c: drive is actually labeled "Access Denied". I tried to cd to c:\windows\ but could not. I tried to set a path to c:windows, and there were no objections, however, no applications are available to me to run.

Another downside to this is that the boot disk has a limited number of command line utilities.... I can use netsh, but not DSquery, etc. I have no MMC, and I have tried all set and net commands to try and change my situation with no luck. I can go into regedit, and I have changed the owner of every key to Owner (me), as opposed to Administrator//(some domain or group of IT guy who orchestrated this).

When I look for the keys that are supposed to be related to GP, i.e. in HKLU/software/policies/microsoft, there is nothing there except an activekey called "Sytemcertificates" which expands to list 4 subkeys: "CA", "Disallowed", "trust", and "Trustedpeople". Each of these four subkeys has the same 3 subkeys: "Certificates", "CRLs", and "CTLs". This does not comport with the microsoft-provided excel spreadsheet that lists all the keys for the Group Policy Settings.

I do not have any other windows cds, and I am not too keen on wiping my drive to reinstall anyway, for I have a tremendous amount of unbacked-up data (I know, I know) which I cannot afford to lose.

Is there a way to either modify the registry so I can have my C: drive back?, or is there a utility I can download that might help in this situation? Or can I modify the registry, and then use the utilities I do have more effectively?

Please keep in mind, I only have access to a command line prompt -- and a limited one at that.

Any help to me in this situation would be immensely appreciated, and the person or persons who are able to help me solve this problem will become my new superhero group.

If you need anymore information from me, please post.... or send me an email...

Thank you,

Paul

Addendum:

I wanted to make everyone aware that while the registry keys I refer to in the MS-excel spreadsheet are not where they should be, there are keys and things which I know were added. Under HKLM\system\ there is a "ControlSet001" key and a "CurrentControlSet" key. Under "CurrentConstrolSet", there are the following keys: "Control", "Enum", "Hardware Profiles", amd "Services". Under HKLM\System\CurrentControlSet\ are various keys like Root, Storage, ACPI. And under Controlset001 (i.e. HKLM\System\ControlSet001\) there are similar keys. Could my nemesis intruder have backed up my CurrentControlSet to ControlSet001?