Article ID: 195445 - Last Review: July 11, 2005 - Revision: 1.4

PRB: RAW Socket Access Denied to Non-Admin Windows NT 4.0 and Windows 2000 Users

View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.
This article was previously published under Q195445
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986  (http://support.microsoft.com/kb/256986/ ) Description of the Microsoft Windows registry
For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.

On This Page

Expand all | Collapse all

SYMPTOMS

A Socket or WSASocket call that specifies the SOCK_RAW socket type fails with the following Winsock error message (10013 WSAEACCES) if the user is a non-administrator who is logged onto a Windows NT 4.0 or Windows 2000 system:
"An attempt was made to access a socket in a way forbidden by its access permissions."
Back to the top

STATUS

This behavior is by design.
Back to the top

MORE INFORMATION

In Windows 2000, there is no way to disable this security check. Access to Raw Sockets is granted on a per-transport basis. For the address family AF_INET, only administrators have the access necessary to create Raw Sockets.
Back to the top

Workaround

To work around this problem in Windows NT 4.0, you can disable the security check on RAW sockets by creating the following registry variable and setting its value to DWORD 1: 
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Afd\Parameters\ 
   DisableRawSecurity
After you change the registry, you need to restart your computer.

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD).
Back to the top
APPLIES TO
  • Microsoft Platform Software Development Kit-January 2000 Edition, when used with:
    • Microsoft Windows NT 4.0 Service Pack 4
    • Microsoft Windows 2000 Standard Edition
Back to the top
Keywords: 
kbnetwork kbprb kbwinsock KB195445
Back to the top