Article ID: 279809 - Last Review: February 21, 2007 - Revision: 2.6 User May Be Able to Change Any User Password on Windows 2000 Server Under Certain Conditions
This article was previously published under Q279809 SYMPTOMS
Active Directory on Windows 2000 Server may allow any user the ability to change another user password under certain conditions. While a "regular" user is using the Active Directory snap-in, the user can choose another user and reset that user's password. Use this hotfix to replace these individual hotfixes: 272473
(http://support.microsoft.com/kb/272473/EN-US/
)
AvoidPdcOnWan Registry Value Does Not Work
267556
(http://support.microsoft.com/kb/267556/EN-US/
)
Auditing Does Not Report Security Event for Resetting Password
268277
(http://support.microsoft.com/kb/268277/EN-US/
)
Problems Changing Nested Global Group Scope to Universal Group
263821
(http://support.microsoft.com/kb/263821/EN-US/
)
Account Lockout Because BadPasswordCount Not Reset to 0
277741
(http://support.microsoft.com/kb/277741/EN-US/
)
Internet Explorer Logon fails due to an insufficient buffer for Kerberos
263693
(http://support.microsoft.com/kb/263693/EN-US/
)
Group Policy May Not Be Applied to Users Belonging to Many Groups
263603
(http://support.microsoft.com/kb/263603/EN-US/
)
Incorrect Behavior in Winlogon for First-Time User
For best results, use this hotfix instead of the original hotfixes for fixes on servers (domain controllers).
CAUSE
This behavior occurs because dependent files are missing.
RESOLUTION A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix. Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: http://support.microsoft.com/contactus/?ws=support
(http://support.microsoft.com/contactus/?ws=support)
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.The English version of this fix should have the following file attributes or later: Date Time Size File name ----------------------------------------------- 12/08/00 04:25PM 133 KB Dnsapi.dll 12/08/00 04:25PM 89 KB Dnsrslvr.dll 12/08/00 04:25PM 137 KB Kdcsvc.dll 11/15/00 05:37PM 203 KB Kerberos.dll 11/06/00 07:10PM 68 KB Ksecdd.sys 12/08/00 04:25PM 483 KB Lsasrv.dll 11/20/00 05:14PM 33 KB Lsass.exe 12/08/00 04:25PM 886 KB Ntdsa.dll 12/08/00 04:25PM 358 KB Netlogon.dll 12/08/00 04:25PM 304 KB Netapi32.dll 12/08/00 04:25PM 370 KB Samsrv.dll STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. MORE INFORMATIONNOTE: After you install this hotfix, the original files will be
upgraded to a high encryption level (128-bit) to offer better online and local security, and bring your computer inline with the new worldwide standard of 128-bit encryption.
| Article Translations
|
| United States | Change | | | All Microsoft Sites |
Back to the top
|
