Microsoft KB Archive/321933

= Services Are Not Listed in the Security Configuration and Analysis Snap-in =

Article ID: 321933

Article Last Modified on 2/21/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition

-



This article was previously published under Q321933



SYMPTOMS
When you use the Security Configuration and Analysis snap-in in Microsoft Management Console (MMC), the list of services in the System Services folder may be empty.



CAUSE
An interactive user does not have Full Control permissions for all services. The minimum permissions that a user requires to view the list should be Read.



Service Pack Information
To resolve this problem, obtain the latest service pack for Microsoft Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

Hotfix Information
A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem. This fix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Windows 2000 service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix should have the following file attributes or later:   Date         Time   Version        Size     File name 08-May-2002 11:33  5.0.2195.5655  123,664  Adsldp.dll 08-May-2002 11:33  5.0.2195.5655  130,832  Adsldpc.dll 08-May-2002 11:33  5.0.2195.5725   62,736  Adsmsext.dll 08-May-2002 11:33  5.0.2195.5720  357,648  Advapi32.dll 08-May-2002 11:33  5.0.2195.5595  135,952  Dnsapi.dll 08-May-2002 11:33  5.0.2195.5595   96,016  Dnsrslvr.dll 08-May-2002 11:33  5.0.2195.5722   45,328  Eventlog.dll 08-May-2002 11:33  5.0.2195.5639  146,192  Kdcsvc.dll 22-Apr-2002 13:24  5.0.2195.5640  199,952  Kerberos.dll 02-May-2002 15:44  5.0.2195.5724   71,024  Ksecdd.sys 07-May-2002 11:40  5.0.2195.5744  504,080  Lsasrv.dll 07-May-2002 11:40  5.0.2195.5744   33,552  Lsass.exe 07-Dec-2001 17:05  5.0.2195.4745  107,280  Msv1_0.dll 08-May-2002 11:33  5.0.2195.5626  306,960  Netapi32.dll 08-May-2002 11:33  5.0.2195.5723  360,208  Netlogon.dll 08-May-2002 11:33  5.0.2195.5719  916,752  Ntdsa.dll 08-May-2002 11:33  5.0.2195.5585  386,832  Samsrv.dll 08-May-2002 11:33  5.0.2195.5757  128,784  Scecli.dll 08-May-2002 11:33  5.0.2195.5757  299,792  Scesrv.dll 04-May-2002 13:34  5.0.2195.5736   62,464  Sp3res.dll 08-May-2002 11:33  5.0.2195.5677   48,912  W32time.dll 25-Apr-2002 16:15  5.0.2195.5677   57,104  W32tm.exe 08-May-2002 11:33  5.0.2195.5737  125,712  Wldap32.dll 07-May-2002 11:40  5.0.2195.5744  504,080  Lsasrv.dll



WORKAROUND
To work around this problem, select a user to be responsible for configuring security on services. Grant that user Full Control permissions for all services. Make sure that the Everyone group has Read permissions and that the System account has Full Control permissions.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft Windows 2000 Service Pack 4.



MORE INFORMATION
The list of services may still be empty after you apply this hotfix if the interactive user does not have a minimum of Read permissions to all services. This behavior is by design. When you apply permissions for services, make sure that the Everyone group has Read permissions and that the System account has Full Control permissions. You can use additional permissions to control which users can start, stop, or configure services.

To set Read permissions for all services, use the Security Templates snap-in to create a template with the correct permissions for all services, and then apply the template to the computer by using the Security Configuration and Analysis snap-in. Or, you can use the Sc.exe tool (from the Microsoft Windows 2000 Resource Kit) with the /sdset switch to manually configure permissions for each service.

For additional information about how to obtain a hotfix for Windows 2000 Datacenter Server, click the article number below to view the article in the Microsoft Knowledge Base:

265173 The Datacenter Program and Windows 2000 Datacenter Server Product

For additional information about how to install multiple hotfixes with only one reboot, click the article number below to view the article in the Microsoft Knowledge Base:

296861 Use QChain.exe to Install Multiple Hotfixes with One Reboot

Keywords: kbhotfixserver kbqfe kbsecurity kbwin2ksp4fix kbbug kbfix kbwin2000presp4fix KB321933

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.