Article ID: 279809
Article Last Modified on 2/21/2007
APPLIES TO
- Microsoft Windows 2000 Service Pack 1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
This article was previously published under Q279809
SYMPTOMS
Active Directory on Windows 2000 Server may allow any user the ability to change another user password under certain conditions. While a "regular" user is using the Active Directory snap-in, the user can choose another user and reset that user's password.
Use this hotfix to replace these individual hotfixes:
272473 AvoidPdcOnWan Registry Value Does Not Work
267556 Auditing Does Not Report Security Event for Resetting Password
268277 Problems Changing Nested Global Group Scope to Universal Group
263821 Account Lockout Because BadPasswordCount Not Reset to 0
274402 NTDS Cannot Be Initialized and Returns Error 510
277741 Internet Explorer Logon fails due to an insufficient buffer for Kerberos
263693 Group Policy May Not Be Applied to Users Belonging to Many Groups
263603 Incorrect Behavior in Winlogon for First-Time User
For best results, use this hotfix instead of the original hotfixes for fixes on servers (domain controllers).
CAUSE
This behavior occurs because dependent files are missing.
RESOLUTION
A supported fix that corrects this problem is now available from Microsoft, but has not been fully regression tested and should be applied only to systems determined to be at risk of attack. Please evaluate your system's physical accessibility, network, and Internet connectivity, and other factors to determine the degree of risk to your system. If your system is sufficiently at risk, Microsoft recommends that you apply this fix. Otherwise, wait for the next Windows 2000 service pack that contains this fix.
To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:
The English version of this fix should have the following file attributes or later:
Date Time Size File name ----------------------------------------------- 12/08/00 04:25PM 133 KB Dnsapi.dll 12/08/00 04:25PM 89 KB Dnsrslvr.dll 12/08/00 04:25PM 137 KB Kdcsvc.dll 11/15/00 05:37PM 203 KB Kerberos.dll 11/06/00 07:10PM 68 KB Ksecdd.sys 12/08/00 04:25PM 483 KB Lsasrv.dll 11/20/00 05:14PM 33 KB Lsass.exe 12/08/00 04:25PM 886 KB Ntdsa.dll 12/08/00 04:25PM 358 KB Netlogon.dll 12/08/00 04:25PM 304 KB Netapi32.dll 12/08/00 04:25PM 370 KB Samsrv.dll
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
MORE INFORMATION
NOTE: After you install this hotfix, the original files will be upgraded to a high encryption level (128-bit) to offer better online and local security, and bring your computer inline with the new worldwide standard of 128-bit encryption.
Keywords: kbbug kbfix kbqfe kbwin2000presp2fix KB279809