Win7: "You don't have permission to shut-down this computer"!!!

DSperber
DSperber ✭✭✭
edited February 2020 in Protection


There is a  brand new worldwide symptom affecting MANY MANY Win7 users, involving as its primary symptom the inability to shut down or restart Win7 due to requiring "administrator permission".


If you do a google search for "Error - You don't have permission to shut-down this computer " you will discover that many people (but not everybody) using win7 have suddenly been struck by the symptom.


The "fix" (at least for the main symptom of not being able to shut down or restart) involves a very simple GPEDIT tweak, has now been published on all of the big main web sites, and was originally provided on this site.


I have replied on this related thread over on SevenForums, where discusion of the topic has now also begun. I mentioned that I thought it might be something newly pushed out by BitDefender which could be responsible (since it suddenly yesterday affected BOTH of my own Win7 machines, both of which run BitDefender), but I'm not sure. The original poster of the SevenForums thread mentioned that he, too, runs BitDefender... hence my elevated suspicion now  that it might be from BitDefender and not from Microsoft, that this new symprom has arisen.


In addition to the inability to shutdown (at least until you apply the "fix" through that GPEDIT recipe) there are some new non-fatal non-critical (but very annoying) new symptoms, regarding progams no longer able to run properly, or access or save data, or access the Registry, etc., all of which depend on UAC or administrator authority which no longer seems to be behaving as it used to.


For example, now even with UAC level set to "zero" it looks like it might now be "partially alive", preventing things from behaving as they always have been before... now seeming to require adminstrator authority to complete.  I now get prompts when doing MOVE or DELETE for files (advising that permission is needed from administrator) which I can simply reply OK to (since I AM the administrator, and I HAVE APPLIED THE GPEDIT FIX) and the operation completes. I never got this prompt or had to reply OK before now.


Also, some programs (like Clockwise from Inbit) now require to be "run as administrator" in order to run properly, otherwise they fail or produce mystical errors. This was never true over the past 20 years of my using Clockwise... but now is, in order for it to access the Registry where it saves its settings.


So I ask... has something from BitDefender been pushed out in the past day or two, which could affect UAC in Win7??? Sure looks suspicious.  That "partially alive UAC" description seems very very suspiciously similar to "partially active BitDefender Firewall", even when you SWITCH OFF FIREWALL in Protection. The only way you can be sure about problems that might be caused by BitDefender Firewall is to COMPLETELY UNINSTALL BITDEFENDER and re-test. There is no "turn off Firewall completely" that is accomplished even when you un-check that switch (although obviously there should be), and temporarily uninstalling the product is the only way to investigate whether or not Firewall is causing a symptom (and then reinstalling after the test is complete).


I may uninstall BitDefender on one machine to see if the new "UAC partially alive" symptom is still present or not. Note that I have UAC set to "zero", and have never been bothered with prompts about needing administrator permission... until this new worldwide symptom. So it's either something from Microsoft, or something from BitDefender, which is responsible.


Anybody else see this?

Comments

  • DSperber
    DSperber ✭✭✭
    edited February 2020


    Well, I'm afraid it looks like BitDefender is responsible for this WORLDWIDE CRISIS!!!


    I've now restored a Macrium Reflect system image backup from 2/4, which is several days before the Feb 6-7 first global appearance of this symptom. So the GP settings in effect for UAC behavior are exactly what they've always been by default, since I never have toucned them. Yes, I have UAC set to "zero" (I know, supposedly not recommended, but that's what I want), and the behavior of Win7 for the past 10 years has always been perfect.  It's only since Feb 6-7 that the "new worldwide behavior" ONLY FOR BITDEFENDER USERS, APPARENTLY has occurred.


    After restoring the 2/4 image, I then booted to "safe mode" (without networking) and UNINSTALLED BITDEFENDER. This was to guarantee that when I booted to real Win7 I would be operating in a pure Win7 environment as of 2/4, when everything was still working perfectly.  Note that after the LIKELY 2/6 push-out of the damaging update from BitDefender, I had several anomalous symptoms:


    (1) After 2/7 I was receiving the "Error - You don't have permission to shut-down this computer"symptom, and could not shut down or restart.  NOTE that this was "fixed" by running the GPEDIT tweak, but this fix didn't solve the following symptoms.


    (2) The Clockwise.exe program I've been running for 20 years no longer worked properly. But after 2/7 it apparently no longer had the authority to access the Registry where it keeps its settings. And of course it couldn't close properly, because it wants to save its settings and didn't have authority.  If I would "run as Administrator", now the program would once again work, because it had administrator permissions.


    (3) Clockwise has a setting so that it auto-starts with Windows, and goes off to the internet to get the "atomic clock time", and then sets the Windows date/time. This has always worked for the past 20 years.  After 2/7, either the program would not auto-start on one Win7 machine. Or if it would auto-start on a second Win7 machine but would not update the Windows date/time. These symptoms were not solved by "run as Administrator".


    (4) Normally I don't get popups when MOVE or DELETE files, asking for administrator permission.  I have UAC set to "zero". Well, after 2/7 I now was presented with a popup stating that administrator permission was required to perform the operation.  I would reply OK and it would work, but it was annoying to now be seeing these prompts.


     


    Now for the news.  After restoring the 2/4 image and uninstalling BitDefender, NOW EVERYTHING ONCE AGAIN WORKS PERFECTLY!!!


    Every single one of the above anomalies NO LONGER HAPPENS!!!


    It appears it is BitDefender that has "broken all the world's Win7 computers" which run BitDefender.


     


    I am now going to reinstall BitDefender on this very machine I'm now running on, which has the back-restored 2/4 system with the GPEDIT item still sitting at its default "disabled". So there is once again no "override fix" for the shutdown problem in particular.  


    I will now experiment to see if the above FOUR SYMPTOMS RETURN.  If they don't, then BitDefender is off the hook and there must be some other explanation.


    But if all four symptoms return, then IT ABSOLUTELY IS BITDEFENDER THAT HAS BROKEN THE WORLD!!


    More in a bit, when the experiment is complete.

    GPEDIT-initial-default-value.jpg


  • Well, I'm afraid I was absolutely correct.  IT IS BITDEFENDER WHICH IS RESPONSIBLE!



    I reinstalled BitDefender, and during that current instance of Win7 I still had no problem either closing Clockwise or restarting Windows. Perhaps all of the relevant recent updates updates to BitDefender had not yet been downloaded/installed with that initial reinstall.



    But after a restart (and perhaps further updates now applied to BitDefender), now the symptoms returned.



    First, Clockwise would no longer close (because it could not update the Registry with its settings):



    Second, it was no longer possible to shut down or restart Windows:



    I have not yet had a chance to apply the GPEDIT "fix", so I can't yet restart, so I can't yet determine if Clockwise will start properly at Windows startup. But given that it now will not close properly because it lacks administrator authority (although that has never ever been a problem before, probably due to the fact that I have UAC set to "zero" which is still the case) I expect that when I next do restart it will not start correctly, until I change it to "run as Administrator".



    I have also not yet been able to duplicate the administrator permission prompt for MOVE or DELETE, but that may simply be because of how I'm attempting to test that, or the file I'm using.  So for the moment this issue has not been replicated.  But this is a minor symptom anyway.



    What is most important is that with BitDefender now reinstalled and one restart performed (in order to get all current updates to BitDefender applied), the two MOST CRUSHING MAJOR SYMPTOMS have returned. Can't shut down or restart Windows, and programs no longer have authority to access/update Registry without "run as Administrator".



    Sure looks like BitDefender is GUILTY AS CHARGED.  This is really really urgent, that Development address this immediately if not sooner.


    THE WHOLE WORLD OF WIN7 RUNNING BITDEFENDER IS AFFECTED!!

    Clockwise-cannot-exit.jpg

    Cannot-restart.jpg




  • I have also not yet been able to duplicate the administrator permission prompt for MOVE or DELETE, but that may simply be because of how I'm attempting to test that, or the file I'm using. So for the moment this issue has not been replicated. But this is a minor symptom anyway.


    I have now run the GPEDIT "fix" for UAC so that I could restart.



    As part of my experimentation with Clockwise, I uninstalled it and reinstalled it. And then, consistent with my normal procedure for collection software product Start Menu folders in higher-level folders (to minimize what I see when I click on the Start button) I attempted to MOVE the Start Menu folder created for Clockwise into a target super-folder (of my own creation). Perfectly normal, and it normally works silently.



    This time it reproduced that "permission required" prompt I mentioned earlier, but that I couldn't reproduce on-demand earlier. Apparently this particular MOVE (within the \Appdata\Roaming\ Start Menu folder triggered the prompt I was looking for but couldn't seem to duplicate. I have now duplicated it:



    So, again, this prompt never has been presented before a few days ago. And it didn't appear when I uninstalled BitDefender. But now that I've reinstalled BitDefender it's once again re-appeared.



    This confirms that ALL of the original symptoms have reappeared, now that i've reinstalled BitDefender.



    NOTE: I am aware of MS's statement that MSE will still be usable with security updates through 2023. But obviously BitDefender needs to fix their product's sudden major defect so that UAC and Win7 behavior are returned to normal.

    Move-permission-request.jpg


  • Note that I've already submitted an email to itsy, hopefully to get a ticket number assigned.


    But it's the weekend, and I still have not received a confirmation email. I will post the ticket number when I do receive an email, perhaps tomorrow.


    But this is URGENT!!!  Whole world affected, based on Google search.


  • This is caused worldwide on Win7 machines running BitDefender.


    CRISIS WORLDWIDE.


    See/index.php?/topic/81953-has-something-recently-changed-affected-uac-in-win7/" rel=""> my other thread with details.


  • So, just an update, including some new observations from others around the interweb. And there is also mention of anomalies in Win10 (but it's not clear if this is really related to the Win7 story).



    Doesn't seem like there is an accepted answer yet. NOTE: one of the quoted posts below "blames" a very recent Microsoft update to Framework 4.8 (KB4503575) but I don't have that update installed on either of my Win7 systems and I still have the problem. Just shows how widespread this issue is, and that it seems to perhaps be not just one cause but maybe an interaction of many things.



    (1) From a recent post in the thread on BleepingComputer:



    while bitdefender may be affected, it's most certainly NOT caused by it. I'm in a domain environment, no bit defender at all (sophos), annnndddddd it's hitting windows 10 1903 machines as well. It's doing something very weird with the user security as well: sysinternals proc mon wouldn't run at all-says you have to be a member of the admin group (I'm not only admin on machine, but in the domain as well!!), sysinternals procexp was acting like it was run as limited user (with access denied on some paths). 1102w printers acting up. Profx Engagement and office 365 having issues/crashes. what a show. I've seen UAC settings, I've seen adobe get blamed. does anyone have the definite answer yet?



    (2) From recent posts in the thread on Answers.Microsoft Community:



    (a) In "msconfig" I disabled all adobe programs on the "Startup" tab & "Services" tab then rebooted by logging off first then using the button at bottom right of the login screen to restart the PC. All the issues then went away. You can try turning them back on one by one to see which program/service is causing the problem. Changing the UAC or enabling LUA just caused other problems for me. Hope this helps someone.



    (b)Yes, this worked for me. It seems like Adobe services are the culprit. I deliberately don't update my Windows7 machine (rarely used, legacy apps, small hard drive, I switch it on once a blue moon) and my last Microsoft update is 2016. I don't use Bit Defender as my anti-virus.



    Not only was shutdown a problem, but Search didn't work properly and Windows Explorer was malfunctioning when I tried to upload files to web. The folders would appear, but I couldn't drill down to file level.



    I did try the UAC workaround, but then you have to click an extra permissions window to move files etc so I turned UAC off again.



    (c)This is not a bug. This was sent out by Microsoft on 01/15/2020.



    Microsoft announced End Of Life (EOL) for Windows 7 on 01/14/2020. "Coincidentally" they sent out a Framework update on 01/15/2020.



    There is a command embedded into the update that would cause the server to malfunction, so as to have people upgrade to Windows 10.



    after about 3 hours of troubleshooting, i figured out that the update was the problem.please double check your recently installed updates.KB4503575 - Microsoft 4.8 Framework (installed 01/15/20) - i UNINSTALLED



    also uninstalled 2/3 security updates from that same day just to be safe (in case they became corrupt when i uninstalled the Framework update). there is one that doesn't give you the option to uninstall.



    once all were off my computer, i was able to restart and shut down normally.



    there is also another fix that is going around that involves manual commands using GPUPDATE, but it did not work for me ( i tried that first)

  • DSperber
    DSperber ✭✭✭
    edited February 2020

    Yet another major tech news site discussing this subject, with {of course} the expected assortment of user replies and opinions.



     



    Seems to say that users other than BitDefender also being affected, so there does seem to be more to the story.



     





     



  • Hello /index.php?/profile/216340-dsperber/&do=hovercard" data-mentionid="216340" href="<___base_url___>/index.php?/profile/216340-dsperber/" rel="">@DSperber,


    Thanks for the extensive info, it will certainly be useful to the community, yet, it is confirmed that an update released for Windows 7 created this incident. Persons that are not actively using a security solution have reported this situation as well, so it is out of question that an antivirus could be causing this issue.


    The claim regarding Microsoft breaking their own operating system on purpose is speculative in my opinion, based on the information already present on the web. Still, I'm looking forward to finding out how this matter will be resolved. Based on their previous approach regarding Update KB4534310, it's pretty likely that they will keep on fixing the bugs that are affecting the remaining Windows 7 users:


    https://www.theverge.com/2020/1/27/21082228/microsoft-windows-7-black-wallpaper-fix-update-support-patch


  • For me, anyway, it is not clear that any MS updates are responsible for this. For example, on my own two Win7 machines that last MS update applied was all the way back on January 15!! Nothing since then!  So it couldn't have been a recent post-EOL update from MS which was responsible.



    And yet, on Feb 6 when I went to reboot both of them, the shut down permission error first showed its ugly head. I must have rebooted one machine at least 10 times since Jan 15 and the other one at least 20 times, and never saw an issue of any kind (and there were now several, not just the shut down issue) until Feb 6.  So it must have been (for me, anyway, on both machines absolutely simultaneously) some other software update which was responsible. I only get updates (multiple times per day) from BitDefender (and Malwarebytes once a day), thus almost certainly pointing to BitDefender as the most likely culprit. 



    Also, my own experience was that I could eliminate ALL of my multiple symptoms by uninstalling BitDefender. And reinstalling BitDefender made the symptoms return.



    Also, I didn't need to try one of the other suggested remedies, namely to disable the two Adobe "genuine" services which ARE defnitely running on my machine (as I have several Adobe products installed) in order to made the symptoms disappear. I only needed to uninstall BitDefender. And the two Adobe services continue to run... and yet I have no symptoms, once BitDefender is gone. This all again led me to believe that at least for me it was being caused by some update pushed out by BitDefender around Feb 6 or just a bit earlier (since I'd re-booted earlier that day, with no problem).



    The use of GPEDIT to change that UAC variable is just a workaround (but necessary if I want to continue to leave BitDefender installed), for that one shutdown symptom. But it seems to produce other new UAC-related "permission" prompts I never saw before, although simply pushing OK or NEXT or CONTINUE is all that is needed to complete the MOVE or DELETE. So it's really just an annoyance now, but a benign one. Nevertheless it never happened before changing that UAC variable, which let me continue running BitDefender and also be able to shutdown/restart normally.



    But even with the GPEDIT/UAC tweak applied I also did need to change Clockwise.exe to "run as administrator", in order to allow that program to run normally again, with BitDefender installed. I don't need this "run as Administrator" if I uninstall BitDefender.



    All of this points me to thinking it's BitDefender which is somehow responsible. And yet, others around the world report the issues and they don't use BitDefender. Perhaps other anti-virus products and BitDefender are somehow all suddenly incorporating some protection as of Feb 6. Seems impossible to believe. But it also seems hard to believe it's something recent from MS, since I haven't had an MS update installed for three weeks!



    Perhaps something "latent", tied to Win7 EOL, but that suddenly appeared on Feb 6?? Does that really make sense? I think not.



    I believe lots of smart organizations must by now be working on figuring it out. I imagine we will eventually learn what's going on.


  • According to a recent post on Microsoft Answers Community:


    PaulSey...






    “We’ve identified and resolved the issue, which was related to a recent Adobe Genuine update that impacted a small number of Windows 7 users. Adobe has fully rolled back the update automatically for all impacted customers. No action is needed by customers. If you are still experiencing the issue, it will be resolved shortly via an automatic update.”


     


    We shall see if this is truly the fix. This suggests that NOTHING IS NEEDED FOR USERS TO DO (other than perhaps roll back any temporary "fixes" they might have applied, e.g. the GPEDIT change for the UAC adminstrative approval item), changing programs to "run as Administrator", etc.  In other words just return to the way things looked on about Feb 5.


    I wasn't aware that Adobe was quietly pushing out their own software updates (e.g. to Adobe Genuine services running in the background and now accused of being responsible for this worldwide debacle) without us users knowing about it, but I guess we now know this is going on.  Perhaps I shouldn't be totally surprised??  I mean at least updates to Flash Player require our acknowledging and permission to apply, and thus the ability to prevent these updates.


    So, is it only Win7 users who were affected? What about Win10? Did it impact anything else, e.g. Macrium Reflect image backups and VSS malfunctions strangely occurring around Feb 7, but not on Feb 6??


    We shall see what settles out over the next few days.



  • DSperber
    DSperber ✭✭✭
    edited February 2020


    Just to report my own experience...



    Just returned the UAC administator approval handling setting back to the way it originally was (i.e. DISABLED), with GPEDIT.



    Just un-checked "run as Administrator" for Clockwise.exe, to the way it originally was (i.e. un-checked).



    Re-booted. (I was allowed to restart without any prompts or issues).



    Startup was "normal", and Clockwise was once auto-launched and behaved normally to set the Windows clock (as it always has been doing for the past 20 years, until this past week).



    I then re-booted, and was once again not bothered with any prompts or complaints.



    Once again, startup was totally "normal with Clockwise still behaving properly.



    Certainly looks like everything has been restored to normal.



    NOTE: As of this moment my Adobe Genuine service programs currently have a date of 10/9/2019. This is the same date as much of the content of that folder.


    I then looked at a Macrium Reflect system image backup from 2/10, and examined the same folder. Sure enough the dates on these files and most of the content of that folder was dated 2/3/2020, clearly when the defective updates got pushed out to the world.



    Looks like this is a true story, and "the fix is now installed".



    Could be case closed! Happy ending.

    Adobe-after-backout.jpg

    Adobe-before-backout.jpg


  • Unfortunately my Adobe Genuine Software Programs are dated 10/9/2019 and I still have the start/restart problem so there may be more to this issue.


  • After spending some more time on Microsoft Community I did a restart from the run command and now everything works. Not only can I shutdown/restart from the start button but several other issues have disappeared. So perhaps Adobe did provide a fix but it required a restart to take effect.


  • Glad to hear the situation was solved promptly!