This article describes an issue that occurs when you try to display a user's "effective access" to a file in Windows 8.1, Windows Server 2012 R2, Windows 8, or Windows Server 2012. You can resolve this issue for Windows 8.1 and Windows Server 2012 R2 by using the update in this article. Before you install this update, check out the Prerequisites section. A workaround is also provided.Note This update does not apply to Windows 8 or Windows Server 2012. To provide feedback regarding a potential resolution on these systems, please contact Microsoft Support.
Symptoms
Consider the following scenario:
-
You use Windows Explorer to display a user's "effective access" to a file or a folder on a file share.
-
The file or folder is located on a non-Microsoft Server Message Block (SMB) 3.0 server product.
-
You enter a Universal Naming Convention (UNC) folder path. For example, you enter \\server\share.
In this scenario, the request fails, and you receive the following error message:
Code 0x80070057 The parameter is incorrect.
However, if the file share is first mapped to a drive letter, the "effective access" permissions are displayed, and you don't receive the error message.
Cause
This problem occurs because the SECURITY_DESCRIPTOR structure that is returned by the server contains a NULL Owner field when the NetShareGetInfo call returns to Windows Explorer.
How to obtain this update
To resolve this issue, we have released an update through Windows Update and Microsoft Download Center for Windows 8.1 and Windows Server 2012 R2. The resolution is to modify Windows Authz not to require the presence of the optional SECURITY_DESCRIPTOR structure.Important Do not install a language pack after you install this update. If you do, the language-specific changes in the update will not be applied, and you will have to reinstall the update. For more information, see Add language packs to Windows.
Method 1: Windows Update
This update is provided as an Optional update from Windows Update. For more information on how to run Windows Update, see How to get an update through Windows Update.
Method 2: Microsoft Download Center
The following files are available for download from the Microsoft Download Center.
|
Operating system |
Update |
|---|---|
|
All supported x86-based versions of Windows 8.1 |
|
|
All supported x64-based versions of Windows 8.1 |
|
|
All supported x64-based versions of Windows Server 2012 R2 |
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
Update detail information
Prerequisites
To apply this hotfix, you must have April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) installed in Windows 8.1 or Windows Server 2012 R2.
Registry information
To use the hotfix in this package, you do not have to make any changes to the registry.
Restart requirement
You may have to restart the computer after you apply this hotfix.
Hotfix replacement information
This hotfix does not replace a previously released hotfix.
The global version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.
Windows 8.1 and Windows Server 2012 R2 file information and notes
Important Windows 8.1 hotfixes and Windows Server 2012 R2 hotfixes are included in the same packages. However, hotfixes on the Hotfix Request page are listed under both operating systems. To request the hotfix package that applies to one or both operating systems, select the hotfix that is listed under "Windows 8.1/Windows Server 2012 R2" on the page. Always refer to the "Applies To" section in articles to determine the actual operating system that each hotfix applies to.
-
The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.
Version
Product
Milestone
Service branch
6.3.960 0.16 xxx
Windows 8.1 and Windows Server 2012 R2
RTM
GDR
6.3.960 0.17xxx
Windows 8.1 and Windows Server 2012 R2
RTM
GDR
-
The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately in the "Additional file information" section. MUM, MANIFEST, and the associated security catalog (.cat) files, are very important to maintain the state of the updated components. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.
For all supported x86-based versions of Windows 8.1
|
File name |
File version |
File size |
Date |
Time |
Platform |
|---|---|---|---|---|---|
|
Authz.dll |
6.3.9600.17796 |
180,224 |
13-Apr-2015 |
22:34 |
x86 |
For all supported x64-based versions of Windows 8.1 and Windows Server 2012 R2
|
File name |
File version |
File size |
Date |
Time |
Platform |
|---|---|---|---|---|---|
|
Authz.dll |
6.3.9600.17796 |
275,968 |
13-Apr-2015 |
22:37 |
x64 |
|
Authz.dll |
6.3.9600.17796 |
180,224 |
13-Apr-2015 |
22:34 |
x86 |
For all supported Windows RT 8.1
|
File name |
File version |
File size |
Date |
Time |
Platform |
|---|---|---|---|---|---|
|
Authz.dll |
6.3.9600.17796 |
161,792 |
13-Apr-2015 |
22:27 |
Not applicable |
Additional file information
Additional file information for Windows 8.1 and Windows Server 2012 R2
Additional files for all supported x86-based versions of Windows 8.1
|
File property |
Value |
|---|---|
|
File name |
X86_92e26f8aef62f02ea5afa6fa5cb29a0a_31bf3856ad364e35_6.3.9600.17796_none_b1661a7e2d169e2a.manifest |
|
File version |
Not applicable |
|
File size |
720 |
|
Date (UTC) |
14-Apr-2015 |
|
Time (UTC) |
04:36 |
|
Platform |
Not applicable |
|
File name |
X86_microsoft-windows-s..entication-usermode_31bf3856ad364e35_6.3.9600.17796_none_ceb8a9328ff45e38.manifest |
|
File version |
Not applicable |
|
File size |
2,489 |
|
Date (UTC) |
13-Apr-2015 |
|
Time (UTC) |
23:15 |
|
Platform |
Not applicable |
Additional files for all supported x64-based versions of Windows 8.1 and Windows Server 2012 R2
|
File property |
Value |
|---|---|
|
File name |
Amd64_5b0d33b5970731b635f52ec18a59bcfc_31bf3856ad364e35_6.3.9600.17796_none_b997fca4a430ab73.manifest |
|
File version |
Not applicable |
|
File size |
724 |
|
Date (UTC) |
14-Apr-2015 |
|
Time (UTC) |
04:36 |
|
Platform |
Not applicable |
|
File name |
Amd64_92e26f8aef62f02ea5afa6fa5cb29a0a_31bf3856ad364e35_6.3.9600.17796_none_0d84b601e5740f60.manifest |
|
File version |
Not applicable |
|
File size |
722 |
|
Date (UTC) |
14-Apr-2015 |
|
Time (UTC) |
04:36 |
|
Platform |
Not applicable |
|
File name |
Amd64_microsoft-windows-s..entication-usermode_31bf3856ad364e35_6.3.9600.17796_none_2ad744b64851cf6e.manifest |
|
File version |
Not applicable |
|
File size |
2,491 |
|
Date (UTC) |
13-Apr-2015 |
|
Time (UTC) |
23:23 |
|
Platform |
Not applicable |
|
File name |
X86_microsoft-windows-s..entication-usermode_31bf3856ad364e35_6.3.9600.17796_none_ceb8a9328ff45e38.manifest |
|
File version |
Not applicable |
|
File size |
2,489 |
|
Date (UTC) |
13-Apr-2015 |
|
Time (UTC) |
23:15 |
|
Platform |
Not applicable |
Additional files for all supported Windows RT 8.1
|
File name |
Arm_1c6e8729633e2881fec6fc038d7f18da_31bf3856ad364e35_6.3.9600.17796_none_81451903e1df229f.manifest |
|
File version |
Not applicable |
|
File size |
720 |
|
Date (UTC) |
14-Apr-2015 |
|
Time (UTC) |
04:36 |
|
Platform |
Not Applicable |
|
File name |
Arm_microsoft-windows-s..entication-usermode_31bf3856ad364e35_6.3.9600.17796_none_cebb1b8a8ff17cfe.manifest |
|
File version |
Not applicable |
|
File size |
2,489 |
|
Date (UTC) |
13-Apr-2015 |
|
Time (UTC) |
23:08 |
|
Platform |
Not applicable |
Workaround
To work around this issue, establish a mapped drive from the computer on which Windows Explorer is running to the shared folder. If a user selects View effective access from a resource on the mapped drive, the user's effective permissions are shown, and the issue does not occur.
More Information
When you connect to a UNC folder path, Windows Explorer calls NetrShareGetInfo with ServerName (UNC path), NetName, and Level: 502. The server than makes a response. The response includes a SECURITY_DESCRIPTOR structure that contains an Owner field. The return of a SECURITY_DESCRIPTOR structure is required, but the Owner field is optional, according to the [MS-SRVS] protocol specification. However, Windows Authz relies on the owner field being present. This causes "View effective permissions" to fail. Although Windows always returns an Owner field, some third-party file server products do not because they may not associate a security descriptor with a network share. For more information, see 2.2.4.26 SHARE_INFO_502_I.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
References
See the terminology that Microsoft uses to describe software updates.
