# Solved: can't install IE7



## GlenB (Oct 1, 2006)

Does anyone know what could be causing IE7 installation to fail? I've tried disabling all security software (nod32 and BOClean) but it still fails, here is the IE7 log if this helps?

[ie7.log]
0.844: ================================================================================
0.844: 2006/11/04 13:19:17.953 (local)
0.844: c:\a62e67f12e3e9c8a434d1dc45e0fb9\update\update.exe (version 6.2.29.0)
0.969: Failed To Enable SE_SHUTDOWN_PRIVILEGE
0.969: Hotfix started with following command line: /quiet /norestart /er /log:C:\WINDOWS 
3.140: IECUSTOM: Scanning for proper registry permissions...
4.125: IECUSTOM: Scanning for proper registry permissions...
4.453: IECUSTOM: Scanning for proper registry permissions...
4.844: IECUSTOM: Unwriteable key HKCR\mailto
4.844: IECUSTOM: Unwriteable key HKCR\news
4.875: IECUSTOM: Unwriteable key HKLM\SOFTWARE\Classes\mailto
4.875: IECUSTOM: Unwriteable key HKLM\SOFTWARE\Classes\news
4.906: IECUSTOM: Backing up registry permissions...
4.906: IECUSTOM: Unable to backup DACLs HKLM\SOFTWARE\Classes\news
4.906: IECUSTOM: Finished backing up registry permissions...
4.906: IECUSTOM: An error occured verifying registry permissions. ERROR: 0x80070005
4.906: DoInstallation: CustomizeCall Failed: 0x3f5 
4.922: IECUSTOM: Restoring registry permissions...
4.922: IECUSTOM: Unable to restore DACLs HKLM\SOFTWARE\Classes\news
4.922: IECUSTOM: Unable to restore DACLs HKLM\SOFTWARE\Classes\mailto
4.922: IECUSTOM: Unable to restore DACLs HKCR\news
4.922: IECUSTOM: Unable to restore DACLs HKCR\mailto
4.922: IECUSTOM: Finished restoring registry permissions...
4.922: The configuration registry key could not be written.
4.937: Internet Explorer 7 installation did not complete.
4.937: Update.exe extended error code = 0x3f5
0.703: ================================================================================
0.703: 2006/11/04 13:24:37.546 (local)
0.703: c:\075fe4a0150bb90bab5e477b765f4406\update\update.exe (version 6.2.29.0)
0.719: Failed To Enable SE_SHUTDOWN_PRIVILEGE
0.719: Hotfix started with following command line: /quiet /norestart /er /log:C:\WINDOWS 
1.719: IECUSTOM: Scanning for proper registry permissions...
2.688: IECUSTOM: Scanning for proper registry permissions...
3.016: IECUSTOM: Scanning for proper registry permissions...
3.391: IECUSTOM: Unwriteable key HKCR\mailto
3.406: IECUSTOM: Unwriteable key HKCR\news
3.422: IECUSTOM: Unwriteable key HKLM\SOFTWARE\Classes\mailto
3.422: IECUSTOM: Unwriteable key HKLM\SOFTWARE\Classes\news
3.453: IECUSTOM: Backing up registry permissions...
3.453: IECUSTOM: Unable to backup DACLs HKLM\SOFTWARE\Classes\news
3.453: IECUSTOM: Finished backing up registry permissions...
3.453: IECUSTOM: An error occured verifying registry permissions. ERROR: 0x80070005
3.453: DoInstallation: CustomizeCall Failed: 0x3f5 
3.453: IECUSTOM: Restoring registry permissions...
3.453: IECUSTOM: Unable to restore DACLs HKLM\SOFTWARE\Classes\news
3.453: IECUSTOM: Unable to restore DACLs HKLM\SOFTWARE\Classes\mailto
3.453: IECUSTOM: Unable to restore DACLs HKCR\news
3.453: IECUSTOM: Unable to restore DACLs HKCR\mailto
3.453: IECUSTOM: Finished restoring registry permissions...
3.453: The configuration registry key could not be written.
3.469: Internet Explorer 7 installation did not complete.
3.469: Update.exe extended error code = 0x3f5
0.344: ================================================================================
0.360: 2006/11/04 14:02:03.109 (local)
0.360: c:\49097b413661df1b7c05\update\update.exe (version 6.2.29.0)
0.375: Failed To Enable SE_SHUTDOWN_PRIVILEGE
0.375: Hotfix started with following command line: /quiet /norestart /er /log:C:\WINDOWS 
1.329: IECUSTOM: Scanning for proper registry permissions...
2.297: IECUSTOM: Scanning for proper registry permissions...
2.610: IECUSTOM: Scanning for proper registry permissions...
3.000: IECUSTOM: Unwriteable key HKCR\mailto
3.000: IECUSTOM: Unwriteable key HKCR\news
3.032: IECUSTOM: Unwriteable key HKLM\SOFTWARE\Classes\mailto
3.032: IECUSTOM: Unwriteable key HKLM\SOFTWARE\Classes\news
3.063: IECUSTOM: Backing up registry permissions...
3.063: IECUSTOM: Unable to backup DACLs HKLM\SOFTWARE\Classes\news
3.063: IECUSTOM: Finished backing up registry permissions...
3.063: IECUSTOM: An error occured verifying registry permissions. ERROR: 0x80070005
3.063: DoInstallation: CustomizeCall Failed: 0x3f5 
3.063: IECUSTOM: Restoring registry permissions...
3.063: IECUSTOM: Unable to restore DACLs HKLM\SOFTWARE\Classes\news
3.063: IECUSTOM: Unable to restore DACLs HKLM\SOFTWARE\Classes\mailto
3.063: IECUSTOM: Unable to restore DACLs HKCR\news
3.063: IECUSTOM: Unable to restore DACLs HKCR\mailto
3.063: IECUSTOM: Finished restoring registry permissions...
3.063: The configuration registry key could not be written.
3.063: Internet Explorer 7 installation did not complete.
3.063: Update.exe extended error code = 0x3f5

Thanks


----------



## daz1 (Nov 4, 2006)

is it genuine windows installation does msoft say validation successfull?


----------



## GlenB (Oct 1, 2006)

daz1 said:


> is it genuine windows installation does msoft say validation successfull?


Yes, it is genuine and it does say validation successful, then it starts to download IE7 updates and also the Microsoft malicious software removal tool, after a minute or two the scrolling download/installing bar dissapears and it says failed to install IE7. I also get an "Internet explorer troubleshooting" icon added to desktop.
When I visit windows update and look at my update history it shows all the failed IE7 installs as having error "0x3f5", I've read the info about this but it just recommends disabling security software which I've already done.

Glenb


----------



## GlenB (Oct 1, 2006)

Anyone any ideas? I'm at a loss how to sort this out.

GlenB


----------



## daz1 (Nov 4, 2006)

have you tried checking firewall exceptions to allow it through, maybe restore defaults on internet options


----------



## daz1 (Nov 4, 2006)

come to think of it i had same issue some time ago there is article on http://support.microsoft.com/KB/906011 i ended up emailing msoft and they sent me internet files to reinstall


----------



## GlenB (Oct 1, 2006)

daz1 said:


> have you tried checking firewall exceptions to allow it through, maybe restore defaults on internet options


I've tried disabling the firewall but it still doesn't work.



daz1 said:


> come to think of it i had same issue some time ago there is article on http://support.microsoft.com/KB/906011 i ended up emailing msoft and they sent me internet files to reinstall


Do you know the address or webpage for msoft tech help with IE7, I've had a look but can't find anything specific?

GlenB


----------



## miket1024 (Nov 6, 2006)

I struggled with this for a couple of hours before resolving it. Apparently my daughter had installed something at google to make gmail her default mailto program and her account took control of the mailto entries in the registry. From my account, which has admin privileges, I couldn't read HKLM\Software\Classes\mailto nor could I take ownership or change privileges. I finally rebooted - hit F8 while booting and went into safe mode. I logged in as Administrator ("the" Administrator account vs. an account with Admin privileges). I went to the registry entry above; right click and checked privileges and saw that my daugter owned everything and that all others, including admins were given no rights. I changed her password. Logged in as her and ran regedit. I right clicked first on the registry entry above and added Administrators with full control, then removed her; did the same for all sub entries. I then went to HKCR\mailto and did the same. IE7 installed fine after that. My daughter is not particularly computer literate, so I'm guessing this was the work of Google.


----------



## GlenB (Oct 1, 2006)

miket1024 said:


> I struggled with this for a couple of hours before resolving it. Apparently my daughter had installed something at google to make gmail her default mailto program and her account took control of the mailto entries in the registry. From my account, which has admin privileges, I couldn't read HKLM\Software\Classes\mailto nor could I take ownership or change privileges. I finally rebooted - hit F8 while booting and went into safe mode. I logged in as Administrator ("the" Administrator account vs. an account with Admin privileges). I went to the registry entry above; right click and checked privileges and saw that my daugter owned everything and that all others, including admins were given no rights. I changed her password. Logged in as her and ran regedit. I right clicked first on the registry entry above and added Administrators with full control, then removed her; did the same for all sub entries. I then went to HKCR\mailto and did the same. IE7 installed fine after that. My daughter is not particularly computer literate, so I'm guessing this was the work of Google.


Thanks for the suggestion, I don't have much experience dealing with the registry, I've ran regedit and searched for HKLM\Software\Classes\mailto but couldn't find it anywhere, am I searching for the wrong thing?

Thanks
GlenB


----------



## miket1024 (Nov 6, 2006)

HKLM = HKEY_LOCAL_MACHINE
HKCR = HKEY_CLASSES_ROOT

In regedit go to the two keys (one at a time of course):
HKLM\Software\Classes\mailto (do this one first)
and
HKCR\mailto

Right click on mailto and select "Permissions"
See who current owner is; you may have to login with that account, but first try to change them. Click Add. In the window that opens type Administrators. You may see your machine name appended to the word. Select "Full Control". Select Advanced. Unselect "Inherit from parent the permission entries ..." and select "Replace permission entries on all child objects ..." and select OK. Select Apply. If you get an error, you'll have to login as the person who current had rights. 

Just a reminder, you may not be able to do this from a standard account with Admin privileges (I could not). You need to use the Administrator account from a safe mode boot.

Hope this helps!


----------



## GlenB (Oct 1, 2006)

miket1024 said:


> HKLM = HKEY_LOCAL_MACHINE
> HKCR = HKEY_CLASSES_ROOT
> 
> In regedit go to the two keys (one at a time of course):
> ...


Thanks, I've found the right registry entries but I get an access denied, I've went into my admin account and the administrator account (both in safe mode) but I when I try to change the "Replace permission entries on all child objects..." it doesn't let me save changes, I get the attached access denied messages. Also the users listed for having access to those keys appears to be blank and the options are locked so i cannot change them (i.e. I cant select "full control")


----------



## miket1024 (Nov 6, 2006)

Try changing them one at at time, with selecting to change child entries. When I logged in as Administrator while in safe mode I could be able to see who has current ownership, but not with my own account with administrator privileges. I was able to change permissions on HKLM\Software\Classes\mailto, but could not change privileges on the child keys. Strange thing is that when I changed HKLM\Software\Classes\mailto then when to HKCR\mailto it had also changed. If this does not work, I'm afraid I'm out of ideas.


----------



## GlenB (Oct 1, 2006)

miket1024 said:


> Try changing them one at at time, with selecting to change child entries. When I logged in as Administrator while in safe mode I could be able to see who has current ownership, but not with my own account with administrator privileges. I was able to change permissions on HKLM\Software\Classes\mailto, but could not change privileges on the child keys. Strange thing is that when I changed HKLM\Software\Classes\mailto then when to HKCR\mailto it had also changed. If this does not work, I'm afraid I'm out of ideas.


Thanks for your help, but unfortunately it won't let me change any permissions, even when logged in as the Administrator safemode account.

Anyone have any other ideas, or know if there is a microsoft email address for IE7 support, Ive had a look but can't find anything specific other than forums, which so far can't help, or will reformatting solve this??

Thanks
GlenB


----------



## twashing (Dec 16, 2006)

I could not find the answer anywhere else.

Thanks!
Tim


----------



## TOGG (Apr 2, 2002)

Have you seen this?; http://www.ie-vista.com/known_issues.html There may be something useful in the 'Tips for if you have trouble installing IE7' section.


----------



## GlenB (Oct 1, 2006)

Thanks for all the help/replies. :up:

For anyone that's interested; I did eventually get this sorted - my SID's (Security Identifiers) were corrupted, I found someone else with a similar problem here:
http://www.windowsbbs.com/showthread.php?t=59082

I used the _SubInACL _tool as described to reset all the permissions and configurations and managed to install IE7 fine afterwards.

GlenB


----------



## sandie2 (Dec 5, 2006)

I had a problem since it did not appear in the Add/Remove Programs window. I found the answer on Microsoft. Using START - RUN -typing appwiz.cpl and then clicking Ok. Voila! It showed up on the Add/Remove window


----------



## kelzipan.web (Jul 7, 2007)

I had the same issue of not able to install IE 7. I was able to successfully use miket1024's suggestion but had to try a few different administrators on the computer to find which one had access to the mailto keys. Thanks!


----------



## InfinityRD-com (Jul 28, 2007)

I had the same issue, when trying to change the aforementioned registry entries.

The resolve is:
1. Boot into SAFE MORE and then log into the PC as the administrator (local or domain).

2. Open the registry editor and locate HKLM/software/classes/mailto
When you right-click on the "mailto", don't be concerned over the insufficient permissions warning.

3. After right-click, choose PERMISSIONS.
In my case, there were no entries in under Group / User names.

4. Click ADVANCED and, on the next window, UNCHECK "inherit from parent", then click APPLY (not OK; we want to stay on that window).

5. Now, on that same window, click ADD.

6. Type "administrator" (without the quotes, obviously) and ENSURE the "from this location" is set to you PC's NetBIOS name.

7. Click OK. If all goes well, you should be prompted to define permissions for the administrator account.

8. ENSURE "apply onto" is "This key and subkeys" and then select FULL (under "allow" column).

9. Click OK to return to the Advanced Security Settings window but DON'T apply it yet.

10. CHECKMARK "replace permissions entries on all child objects..."

11. Now click APPLY. Answer YES to the warning regarding "this will remove explicit..." since that is precisely what we want to do.

12. You may receive an informational message regarding not being able to completely set security. Let's ignore that for the time being.

13. Click the OWNER tab and then select (single-click) "administrators" from the list.

14. CHECKMARK "replace owner on subcontainers".

15. Click APPLY/

16. Ignore the informational message.

17. Click OK on remaining windows, until you are back in the main editor window.

18. You should now find that HKCR/mailto is no longer restricted as well.

Mind you, I have not yet tried reinstalling IE7 at this point ... but I did want to share what I did to (hopefully) resolve this permissions issue which is preventing IE7 to install.

Kind Regards,
Paul DeBrino
www.InfinityRD.com


----------

