Following the trend of Windows 10, Microsoft has released security update KB3086255 for Windows 7, Windows 8.1 & Windows Vista.
Due to "security concerns", this intentionally disables the service which runs the secdrv.sys driver -- a component of the SafeDisk protection which SC4 uses.
As a result, this prevents the disk-based (CD) version of SimCity 4 from running, and you may receive an "Access Denied - Please login with administrator privileges and try again" or similar permissions error. Many other legacy games are also affected.
It would seem the update simply disables the service, rather than removing secdrv.sys completely (like Windows 10 has).
NOTE: This shouldn't impact users of the digital game, such as from Amazon, Steam or Origin, as this doesn't rely on the same copy protection.
Full details of the update are as follows:
Security update for the graphics component in Windows
September 8, 2015 (KB3086255)
1) Purchase SC4 digitally
Online retailers such as Amazon, GOG, Steam, Origin or GamersGate offer a digital version of SC4 Deluxe.
This comes as a download without the need for the CD to start. It's also fully patched and doesn't use the same method of copy protection, so you can install KB3086255 without issue and play the game as normal. In the case of Amazon & GOG, the game is currently sold DRM free, meaning it starts by itself without a client service (e.g. Origin, Steam).
During seasonal sales, you can often purchase the game for as little as $5.
2) Redeem your SC4 Serial Number
You may be able to redeem your original Serial Number (product key), found at the back at the CD's manual. This may entitle you to a free digital copy of the game, with the same benefits of not needing other workarounds.
With Origin you can try contacting customer support, who can usually assist with this. As well as the serial number, you may need to provide physical evidence that you own the boxed copy, such as screenshots of the game's case & disks.
Other online retailers may also offer a similar option, so it's best to contact them directly.
NOTE: Use at your own risk!
The following suggestions will allow SimCity 4 to run, although they could potentially expose your system to security vulnerabilities (which the update intends to bypass). Therefore it's your own responsibility should any issues arise from not installing KB3086255, however the risk level of security flaws being exploited.
3) Uninstall KB3086255
If updates are set to install automatically, you may have this update already installed.
In which case, to allow the CD game to start again, without the need for any workarounds, you'll need to uninstall the update:
A quick way to check if it's installed:
Enter KB3086255 in the "Search Installed Updates" box at the top right.
Note: To reduce the risk, it might be worth disconnecting from the internet whilst the game is running. Also it's recommended to ensure your anti-virus has the latest protection definitions.
4) Hide KB3086255
If you haven't installed KB3086255, it might be worth hiding it from the list of updates:
5) Enable secdrv.sys on demand
However if you wish to retain the update, the below instructions (from the knowledge base article) describe how to start the service on demand, which should allow SC4 to run from the CD when you require:
In addition to the changes that are listed for the vulnerabilities that are described in Microsoft Security Bulletin MS15-097, this security bulletin addresses a defense-in-depth update for the secdrv.sys driver, a third-party driver. The update turns off the service for the secdrv.sys driver. This may affect the ability to run some older games.
Known issues in this security update
- After you install this security update, some programs may not run. (For example, some video games may not run.)
To work around this issue, you can temporarily turn on the service for the secdrv.sys driver by running certain commands, or by editing the registry.
Note: When you no longer require the service to be running, we recommend that you turn off the service again.
Warning: This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
To do this, type the following commands at an elevated command prompt. You should press "Enter" after you type each command:
- To disable the driver's service, type the following command:
sc config secdrv start= disabled
- To set the driver's service to manual, type the following command:
sc config secdrv start= demand
- To enable the driver's service (and to set it to automatic), type the following command:
sc config secdrv start= auto
Note: As per the proper syntax shown above, a space is required after the equals sign (=). This is omitted in error on the official knowledge base article.
- To manually start the driver's service, type the following command:
sc start secdrv
- To manually stop the driver's service, type the following command:
sc stop secdrv
Editing the registry
Important: This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs.
For more information about how to back up and restore the registry, click the following article to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
To edit the registry directly, follow these steps:
- Click Start, click Run, type regedit in the Open box, and then click OK.
- Locate and then click the following subkey in the registry:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\secdrv
- Right-click Start, and then click Modify.
- In the Value data box, do one of the following:
- Type 4 to disable the driver's service, and then click OK.
- Type 3 to set the driver's service to manual, and then click OK.
- Type 2 to set the driver's service to automatic, and then click OK.
- Exit Registry Editor.
Using a script
Alternatively, see the following link for a way to start the service using a batch file:
List of systems the update is offered to:
- Windows 7 Service Pack 1
- Windows 8 Enterprise
- Windows 8 Pro
- Windows 8
- Windows 8.1 Enterprise
- Windows 8.1 Pro
- Windows 8.1
- Windows Vista Service Pack 2
- Windows Server 2012 R2 Datacenter
- Windows Server 2012 R2 Standard
- Windows Server 2012 R2 Essentials
- Windows Server 2012 R2 Foundation
- Windows RT 8.1
- Windows Server 2012 Datacenter
- Windows Server 2012 Standard
- Windows Server 2012 Essentials
- Windows Server 2012 Foundation
- Windows RT
- Windows Server 2008 R2 Service Pack 1
- Windows Server 2008 Service Pack 2
- Microsoft Windows Server 2003 Service Pack 2
Feel free to post any comments, questions or suggestions below, or in the dedicated support thread.