"Code 0x80070057 The parameter is incorrect" error when you try to display a user's "effective access" to a file

Applies to: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 StandardWindows 8 Enterprise

This article describes an issue that occurs when you try to display a user's "effective access" to a file in Windows 8.1, Windows Server 2012 R2, Windows 8, or Windows Server 2012. You can resolve this issue for Windows 8.1 and Windows Server 2012 R2 by using the update in this article. Before you install this update, check out the Prerequisites section. A workaround is also provided.

Note This update does not apply to Windows 8 or Windows Server 2012. To provide feedback regarding a potential resolution on these systems, please contact Microsoft Support.


Consider the following scenario:
  • You use Windows Explorer to display a user's "effective access" to a file or a folder on a file share.
  • The file or folder is located on a non-Microsoft Server Message Block (SMB) 3.0 server product.
  • You enter a Universal Naming Convention (UNC) folder path. For example, you enter \\server\share.
In this scenario, the request fails, and you receive the following error message:
Code 0x80070057 The parameter is incorrect.
However, if the file share is first mapped to a drive letter, the "effective access" permissions are displayed, and you don't receive the error message.


This problem occurs because the SECURITY_DESCRIPTOR structure that is returned by the server contains a NULL Owner field when the NetShareGetInfo call returns to Windows Explorer.

How to obtain this update

To resolve this issue, we have released an update through Windows Update and Microsoft Download Center for Windows 8.1 and Windows Server 2012 R2. The resolution is to modify Windows Authz not to require the presence of the optional SECURITY_DESCRIPTOR structure.

Important Do not install a language pack after you install this update. If you do, the language-specific changes in the update will not be applied, and you will have to reinstall the update. For more information, see Add language packs to Windows.

Method 1: Windows Update

This update is provided as an Optional update from Windows Update. For more information on how to run Windows Update, see How to get an update through Windows Update.

Method 2: Microsoft Download Center

The following files are available for download from the Microsoft Download Center.
Operating systemUpdate
All supported x86-based versions of Windows 8.1Download Download the package now.
All supported x64-based versions of Windows 8.1Download Download the package now.
All supported x64-based versions of Windows Server 2012 R2Download Download the package now.
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Update detail information


To apply this hotfix, you must have April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) installed in Windows 8.1 or Windows Server 2012 R2.

Registry information

To use the hotfix in this package, you do not have to make any changes to the registry.

Restart requirement

You may have to restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.


To work around this issue, establish a mapped drive from the computer on which Windows Explorer is running to the shared folder. If a user selects View effective access from a resource on the mapped drive, the user's effective permissions are shown, and the issue does not occur.

More Information

When you connect to a UNC folder path, Windows Explorer calls NetrShareGetInfo with ServerName (UNC path), NetName, and Level: 502. The server than makes a response. The response includes a SECURITY_DESCRIPTOR structure that contains an Owner field. The return of a SECURITY_DESCRIPTOR structure is required, but the Owner field is optional, according to the [MS-SRVS] protocol specification. However, Windows Authz relies on the owner field being present. This causes "View effective permissions" to fail. Although Windows always returns an Owner field, some third-party file server products do not because they may not associate a security descriptor with a network share. For more information, see SHARE_INFO_502_I.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


See the terminology that Microsoft uses to describe software updates.