Microsoft KB Archive/241088

From BetaArchive Wiki
Knowledge Base


FIX: Registry Permission Difference When You Install OLAP Services on Windows 2000

Article ID: 241088

Article Last Modified on 3/14/2006


APPLIES TO

  • Microsoft SQL Server OLAP Services


This article was previously published under Q241088

SYMPTOMS

When you install OLAP Services version 7.0 on a Windows 2000 computer, all of the local computer users receive administrators rights to administer OLAP Services. This occurs because of behavior changes in the defaults of the registry system of Windows 2000. Windows 2000 now inherits the security permission of the parent node in the registry tree, which causes all of the local computer users to have administrators rights.

This means that the server installs and works well on Windows 2000 out of the box. However, now too many people now have too many rights.

CAUSE

The Win32 function SetNamedSecurityInfo works differently in Windows 2000 than in previous versions of Windows NT. A new flag PROTECTED_DACL_SECURITY_INFORMATION has been introduced in Windows 2000 that you need to use in order to prevent registry keys from inheriting a parent key security setting.

WORKAROUND

To work around this behavior, download the following file and run it on your Windows 2000 server:

OLAPRegFix.exe


This utility sets the correct permission for the following registry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\OLAP Server\CurrentVersion\SECURITY

- restricts it for special access (Query Value + Read Control) to OLAP Administrators.


HKEY_LOCAL_MACHINE\Software\Microsoft\OLAP Server\Server Connection Inf

- restricts it for Full Control to OLAP Administrators.


HKEY_LOCAL_MACHINE\Software\Microsoft\OLAP Server\Olap Manager Inf

- restricts it for Full Control to OLAP Administrators.


STATUS

Microsoft has confirmed this to be a problem in SQL Server 7.0. This problem has been corrected in U.S. Service Pack 2 for Microsoft SQL Server 7.0. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

254561 INF: How to Obtain Service Pack 2 for Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0


For more information, contact your primary support provider.


Additional query words: win 2k win2k w2k win2000 reg rights permissions

Keywords: kbbug kbfix KB241088



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/241088&oldid=132193
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki