Microsoft KB Archive/289743

From BetaArchive Wiki
Knowledge Base


Article ID: 289743

Article Last Modified on 2/21/2007


APPLIES TO

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition


This article was previously published under Q289743

SYMPTOMS

When you use ACL Editor to set the security on an object, it inherently sets the Synchronize permission as part of every access control entry (ACE). However, when you use Security Configuration Editor (SCE) to set security, the resultant security does not set the Synchronize bit in every ACE even if you select the same permissions in the same ACL Editor.

CAUSE

This behavior occurs because the security descriptor string that is saved in Group Policy does not have the SYNCHRONIZE bit set when special access is defined. ACL Editor has this bit hard-coded with special access, but the bit is lost during Security Descriptor Definition Language (SDDL) conversion before being saved to the template.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack


The English version of this fix should have the following file attributes or later: 

   Date       Time   Version   Size     File name
   ------------------------------------------------
   3/21/2001  07:02p  1.0.0.1  542,480  Wsecedit.dll

NOTE: Apply this fix to the computers from which the policy is being modified. For example, if you are editing Group Policy from a Windows 2000 Professional workstation with the Administration Tools installed, you need to apply the fix to that workstation. Existing policies that behave as described in the "Symptoms" section of this article must be re-edited to write the correct information to the policy object.


STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.

MORE INFORMATION

For additional information about how to obtain a hotfix for Windows 2000 Datacenter Server, click the article number below to view the article in the Microsoft Knowledge Base:

265173 The Datacenter Program and Windows 2000 Datacenter Server Product


For additional information about how to install multiple hotfixes with only one reboot, click the article number below to view the article in the Microsoft Knowledge Base:

296861 Use QChain.exe to Install Multiple Hotfixes with One Reboot


For additional information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the article number below to view the article in the Microsoft Knowledge Base:

249149 Installing Microsoft Windows 2000 and Windows 2000 Hotfixes



Additional query words:

Keywords: kbhotfixserver kbqfe kbbug kbfix kbsecurity kbwin2000presp3fix kbwin2000sp3fix KB289743



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/289743&oldid=158281
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki