Microsoft KB Archive/277743

From BetaArchive Wiki
Knowledge Base


Article ID: 277743

Article Last Modified on 1/29/2007


APPLIES TO

  • Microsoft Windows 2000 Service Pack 1
  • Microsoft Windows 2000 Service Pack 2
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Service Pack 1
  • Microsoft Windows 2000 Service Pack 2


This article was previously published under Q277743

SYMPTOMS

When you perform process auditing on a Windows 2000-based computer, the creation and exit process identifications do not match and it is difficult to match the processes corresponding events.

CAUSE

Windows 2000 reports the Audit Process ID for process creation and Process ID for process exit audit events in the security log.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack


The English-language version of this fix should have the following file attributes or later: 

 Date       Time      Version           Size        File name
------------------------------------------------------------------
5/29/2001  07:43a    5.0.2195.3649  1,685,632   Ntkrnlmp.exe
5/29/2001  07:43a    5.0.2195.3649  1,685,312   Ntkrnlpa.exe
5/29/2001  07:44a    5.0.2195.3649  1,705,984   Ntkrpamp.exe
5/29/2001  07:43a    5.0.2195.3649  1,663,424   Ntoskrnl.exe



STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.

MORE INFORMATION

The type of process identification that is displayed in an audit event depends on the version of Windows that you are using. On a Windows NT 4.0-based computer, the Audit Process ID (APID) is reported in all process tracking audit events in the Security log. On a Windows 2000-based computer, all audit events have been changed to use the actual PID when identifying a process; however, the process creation audit event still reports the APID.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

221212 INFO: Event Log Message for Security Event 592



Additional query words:

Keywords: kbbug kbfix kbapi kbqfe kbwin2000sp3fix kbkernbase kbsecurity kbhotfixserver KB277743



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/277743&oldid=152126
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki