Microsoft KB Archive/279809

From BetaArchive Wiki
Knowledge Base


User May Be Able to Change Any User Password on Windows 2000 Server Under Certain Conditions

Article ID: 279809

Article Last Modified on 2/21/2007


APPLIES TO

  • Microsoft Windows 2000 Service Pack 1
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server


This article was previously published under Q279809

SYMPTOMS

Active Directory on Windows 2000 Server may allow any user the ability to change another user password under certain conditions. While a "regular" user is using the Active Directory snap-in, the user can choose another user and reset that user's password.

Use this hotfix to replace these individual hotfixes:

272473 AvoidPdcOnWan Registry Value Does Not Work


267556 Auditing Does Not Report Security Event for Resetting Password


268277 Problems Changing Nested Global Group Scope to Universal Group


263821 Account Lockout Because BadPasswordCount Not Reset to 0


274402 NTDS Cannot Be Initialized and Returns Error 510


277741 Internet Explorer Logon fails due to an insufficient buffer for Kerberos


263693 Group Policy May Not Be Applied to Users Belonging to Many Groups


263603 Incorrect Behavior in Winlogon for First-Time User


For best results, use this hotfix instead of the original hotfixes for fixes on servers (domain controllers).

CAUSE

This behavior occurs because dependent files are missing.

RESOLUTION

A supported fix that corrects this problem is now available from Microsoft, but has not been fully regression tested and should be applied only to systems determined to be at risk of attack. Please evaluate your system's physical accessibility, network, and Internet connectivity, and other factors to determine the degree of risk to your system. If your system is sufficiently at risk, Microsoft recommends that you apply this fix. Otherwise, wait for the next Windows 2000 service pack that contains this fix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://support.microsoft.com/directory/overview.asp


The English version of this fix should have the following file attributes or later: 

   Date      Time            Size     File name   
   -----------------------------------------------
  12/08/00  04:25PM         133 KB    Dnsapi.dll  
  12/08/00  04:25PM          89 KB    Dnsrslvr.dll
  12/08/00  04:25PM         137 KB    Kdcsvc.dll  
  11/15/00  05:37PM         203 KB    Kerberos.dll
  11/06/00  07:10PM          68 KB    Ksecdd.sys  
  12/08/00  04:25PM         483 KB    Lsasrv.dll  
  11/20/00  05:14PM          33 KB    Lsass.exe   
  12/08/00  04:25PM         886 KB    Ntdsa.dll   
  12/08/00  04:25PM         358 KB    Netlogon.dll
  12/08/00  04:25PM         304 KB    Netapi32.dll
  12/08/00  04:25PM         370 KB    Samsrv.dll



STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

NOTE: After you install this hotfix, the original files will be upgraded to a high encryption level (128-bit) to offer better online and local security, and bring your computer inline with the new worldwide standard of 128-bit encryption.

Keywords: kbbug kbfix kbqfe kbwin2000presp2fix KB279809



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/279809&oldid=153322
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki