Encryption Pack Installation May Not Work If User GUID Is Too Long

This article was previously published under Q253540
This article has been archived. It is offered "as is" and will no longer be updated.
After you install the Windows 2000 High Encryption Pack and it appears to succeed, any program that relies on 128-bit security (such as Microsoft Internet Explorer) may still report 56-bit security in use rather than 128-bit after you reboot the computer.
This problem occurs when the administrative account being used to install the encryption pack has a Globally Unique Identifier (GUID) that is longer than 1,024 bytes. The encryption pack Setup program only allocates a 1,024-byte buffer for this value when it is attempting to verify whether or not the user has permissions to run Setup. If the GUID is too long, validation does not succeed and the encryption pack Setup is not run.

With most local administrative accounts, this is not a problem. It currently has only occurred with domain administrator accounts that have been migrated from a Microsoft Windows NT 4.0 domain to a Windows 2000 domain. In this case, the GUID may sometimes be too long.
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in theMicrosoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 1.

Article ID: 253540 - Last Review: 10/20/2013 17:15:43 - Revision: 3.2

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional Edition
  • kbnosurvey kbarchive kbhotfixserver kbqfe kbbug kbfix kbqfe kbwin2000sp1fix KB253540