WMI AccessCheck Receives Local Administrator's SID

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article was previously published under Q320678
This article has been archived. It is offered "as is" and will no longer be updated.
The IWbemEventProviderSecurity::AccessCheck method is used by WMI event providers to check access permissions. This check occurs when a consumer tries to subscribe to an event. By definition, the AccessCheck method is passed the security identifier (SID) of the user who is trying to create the event registration. The consumer is permitted to subscribe to the event only if the consumer has access permission for the event. If this permission does not exist, the subscription is prevented. With Windows XP, when a permanent WMI event consumer is registered by a member of the local administrators group, the event provider's AccessCheck method is passed the local administrators group SID instead of the individual user's SID.
To resolve this problem, obtain the latest service pack for Windows XP. For additional information, click the following article number to view the article in theMicrosoft Knowledge Base:
322389 How to Obtain the Latest Windows XP Service Pack
The English version of this fix should have the following file attributes or later:
   Date         Time      Version      Size     File name   --------------------------------------------------------   17-Apr-2002  15:27:58  5.1.2600.42  259,072  Wbemess.dll				

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows XP Service Pack 1.

Article ID: 320678 - Last Review: 01/12/2015 20:06:04 - Revision: 1.2

Microsoft Windows XP Home Edition, Microsoft Windows XP Professional

  • kbnosurvey kbarchive kbhotfixserver kbqfe kbbug kbenv kbfix kbsysadmin kbwinxpsp1fix KB320678