Article ID: 173752
Article Last Modified on 10/31/2006
APPLIES TO
- Microsoft Windows NT Workstation 4.0 Developer Edition
- Microsoft Windows NT Server 4.0 Standard Edition
This article was previously published under Q173752
SYMPTOMS
When an account operator tries to use User Manager for Domains from a computer other than the primary domain controller (PDC), they receive Access Denied error messages. Regular users will also receive this error when they try to start User Manager for Domains to view the list of accounts.
CAUSE
This problem occurs when the following subkey is missing from the registry on the PDC:
HKLM\System\CurrentControlSet\Control\SecurePipeServer \Winreg\AllowedPaths
NOTE: The above registry key is one path; it has been wrapped for readability.
RESOLUTION
If the AllowedPaths key is missing, you will experience the above error and be unable to administer the user accounts from any computer other than the PDC.
The specific information required to restore this key is located in the MACHINE:Reg_Multi_SZ value in the following subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control \ProductOptions\AllowedPaths
NOTE: The above registry key is one path; it has been wrapped for readability.
Also, even though you will receive an Access Denied error message, this will not generate a failure if you have enabled Security Auditing, unless you are specifically auditing the registry. This is because the Account Operator has not been granted access to the OBJECT that you have chosen to audit.
This value and the key are generated by default when Windows NT is installed.
Additional query words: access denied winreg
Keywords: kbprb KB173752