Registrations are now open. Join us today!
There is still a lot of work to do on the wiki yet! More information about editing can be found here.
Already have an account?

Microsoft KB Archive/172518

From BetaArchive Wiki
Knowledge Base


Security Is Not Available for Host Security Commands in SNACFG

Article ID: 172518

Article Last Modified on 6/29/2004



APPLIES TO

  • Microsoft SNA Server 3.0 Service Pack 4
  • Microsoft SNA Server 4.0



This article was previously published under Q172518


SYMPTOMS

When using the SNACFG command-line utility to modify Host Security settings on a computer running SNA Server using an "update cache" or "modify cache" request, the user issuing the command is not validated in the Windows NT domain of the user whose account is being modified.

You are using the SNACFG command-line utility to modify Host Security settings on an SNA Server computer. When you use an "update cache" or "modify cache" request, your login is not validated in the Windows NT domain of the user whose account is being modified. Although your login may have been validated in your own domain, if you modify a user's account in another domain with either of these two requests, your login is not validated in the second domain.

CAUSE

Snacfg.exe is not coded to validate the user issuing the command against the Domain User Account Database.

STATUS

Microsoft has confirmed this to be a problem in SNA Server version 3.0 and 3.0 Service Pack 1 (SP1). This problem was corrected in the latest SNA Server version 3.0 U.S. Service Pack. For information on obtaining this Service Pack, query on the following word in the Microsoft Knowledge Base (without the spaces):

S E R V P A C K


MORE INFORMATION

With the fix applied, your privilege level is tested when you issue an "update cache" or "modify cache" request. When issuing such a request, you must either have Administrator privileges, or must be modifying your own account.

The test is based on a comparison of the issuing user and the Windows NT account in the update cache request. The user record is first tested for privilege in the Windows NT domain in which the to-be-modified Windows NT account is defined. If the user does not have sufficient privilege, a check is done to verify that the issuing user matches the to-be-modified Windows NT account and the correct Windows NT password is included in the request.

Keywords: kbbug kbfix kbnetwork KB172518