Article ID: 320211
Article Last Modified on 10/26/2006
APPLIES TO
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Server
This article was previously published under Q320211
SYMPTOMS
When you try to programmatically perform a security authorization check against the account permissions of a user, the authorization attempt may not be successful.
Note Security authorization techniques compare the access token of a logged-on user against a security descriptor.
CAUSE
This issue may occur if the user is not currently logged on to the domain.
RESOLUTION
Service Pack Information
To resolve this problem, obtain the latest service pack for Microsoft Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
Hotfix Information
A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem. This fix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Windows 2000 service pack that contains this hotfix.
To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:
NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name ----------------------------------------------------------- 16-Aug-2002 19:11 5.0.2195.5781 123,664 Adsldp.dll 16-Aug-2002 19:11 5.0.2195.5781 131,344 Adsldpc.dll 16-Aug-2002 19:11 5.0.2195.5781 62,736 Adsmsext.dll 16-Aug-2002 19:11 5.0.2195.5992 358,160 Advapi32.dll 16-Dec-2002 16:22 5.0.2195.6159 55,568 Authz.dll 16-Aug-2002 19:11 5.0.2195.5265 42,256 Basesrv.dll 16-Aug-2002 19:11 5.0.2195.5855 49,424 Browser.dll 16-Aug-2002 19:11 5.0.2195.6012 135,952 Dnsapi.dll 16-Aug-2002 19:11 5.0.2195.6012 96,016 Dnsrslvr.dll 16-Aug-2002 19:11 5.0.2195.5722 45,328 Eventlog.dll 16-Aug-2002 19:11 5.0.2195.5907 222,992 Gdi32.dll 16-Aug-2002 19:11 5.0.2195.5859 145,680 Kdcsvc.dll 04-Jun-2002 17:31 5.0.2195.5859 199,952 Kerberos.dll 16-Aug-2002 19:11 5.0.2195.6011 708,880 Kernel32.dll 15-Jul-2002 11:52 5.0.2195.5940 71,024 Ksecdd.sys 22-Jul-2002 19:54 5.0.2195.5960 507,152 Lsasrv.dll 22-Jul-2002 19:54 5.0.2195.5960 33,552 Lsass.exe 16-Aug-2002 19:11 5.0.2195.4733 332,560 Msgina.dll 12-Aug-2002 20:54 5.0.2195.6006 108,816 Msv1_0.dll 16-Aug-2002 19:11 5.0.2195.5979 307,472 Netapi32.dll 16-Aug-2002 19:11 5.0.2195.5966 360,720 Netlogon.dll 16-Aug-2002 19:11 5.0.2195.5996 476,432 Ntdll.dll 06-Sep-2002 14:40 5.0.2195.6044 917,264 Ntdsa.dll 08-Aug-2002 21:24 5.0.2195.6003 1,688,704 Ntkrnlmp.exe 08-Aug-2002 21:24 5.0.2195.6003 1,688,320 Ntkrnlpa.exe 08-Aug-2002 21:25 5.0.2195.6003 1,708,992 Ntkrpamp.exe 08-Aug-2002 21:23 5.0.2195.6003 1,666,368 Ntoskrnl.exe 16-Aug-2002 19:11 5.0.2195.6015 387,856 Samsrv.dll 16-Aug-2002 19:11 5.0.2195.5951 129,296 Scecli.dll 16-Aug-2002 19:11 5.0.2195.5951 302,864 Scesrv.dll 05-Sep-2002 14:43 5.0.2195.6048 122,880 Sp3res.dll 16-Aug-2002 19:11 5.0.2195.6000 379,664 User32.dll 16-Aug-2002 19:11 5.0.2195.5968 369,936 Userenv.dll 16-Aug-2002 19:11 5.0.2195.5859 48,912 W32time.dll 04-Jun-2002 17:32 5.0.2195.5859 57,104 W32tm.exe 15-Aug-2002 17:10 5.0.2195.6017 1,642,416 Win32k.sys 15-Aug-2002 11:30 5.0.2195.6013 179,472 Winlogon.exe 16-Aug-2002 19:11 5.0.2195.5935 243,472 Winsrv.dll 16-Aug-2002 19:11 5.0.2195.5944 125,712 Wldap32.dll 22-Jul-2002 19:54 5.0.2195.5960 507,664 Lsasrv.dll 16-Aug-2002 19:11 5.0.2195.6011 708,880 Kernel32.dll 16-Aug-2002 19:11 5.0.2195.5996 476,432 Ntdll.dll 16-Aug-2002 19:12 5.0.2195.6017 1,642,416 Win32k.sys 16-Aug-2002 19:11 5.0.2195.5935 243,472 Winsrv.dll
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft Windows 2000 Service Pack 4.
MORE INFORMATION
After you install this security patch, the Authorization Framework (Authz.dll) file permits you to perform authorization checks against the user account security identifier (SID). This permits you to use a security model that will perform authorization checks of a user who is not currently logged on to the domain.
For additional information about how to obtain a hotfix for Windows 2000 Datacenter Server, click the article number below to view the article in the Microsoft Knowledge Base:
265173 The Datacenter Program and Windows 2000 Datacenter Server Product
Keywords: kbhotfixserver kbqfe kbwin2ksp4fix kbbug kbfix kbwin2000presp4fix KB320211