Microsoft KB Archive/255984

From BetaArchive Wiki
Knowledge Base

Logged-on User Can Obtain System User Privileges on a Windows 2000-Based Computer Running IIS

Article ID: 255984

Article Last Modified on 2/22/2007


  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Internet Information Services 5.0

This article was previously published under Q255984


A user logged on to a Windows 2000-based computer that is running Internet Information Services (IIS) can obtain system user privileges. The user does not have to be an administrator. This can be done only when the user is either:

  • locally logged on to the computer (physically present). -or-

  • accessing the server through Windows 2000 Server with Terminal Services (Terminal Services running in Application Server mode).

In both cases the "log on locally" right is needed.


To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack


Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

This problem was first corrected in Windows 2000 Service Pack 1.

Additional query words: CLSID_IISAdmin IConnectionPointContainer LocalSystem Security

Keywords: kbhotfixserver kbqfe kbbug kbfix kbqfe kbwin2000sp1fix KB255984