User right incorrectly configured in SCE high-security template (241489)


The information in this article applies to:

  • Microsoft Windows NT Server 4.0 Terminal Server Edition
  • Microsoft Windows NT Server 4.0
  • Microsoft Windows NT Workstation 4.0
  • Microsoft Windows NT Server, Enterprise Edition 4.0
This article was previously published under Q241489

SYMPTOMS

When you install Windows NT 4.0 on a computer configured as the primary domain controller (PDC) for a domain and then use the high-security template (Hisecdc4) in Security Configuration Editor (SCE) to predefine configurations, the "Access this computer from network" user right may not be assigned to the Account Operators, Administrators, Backup Operators, Print Operators, Server Operators, or Users groups as it should be.

SCE does not return an error message or notify you of the incomplete configuration. You may not notice that this right is unassigned unless you check User Manager for Domains. However, if you configure the template again, it may assign the user rights correctly.

CAUSE

This behavior occurs because the configuration code for SCE is not setting the user rights properly.

RESOLUTION

Windows NT Server or Workstation 4.0

To resolve this problem, obtain the latest service pack for Windows NT 4.0 or the individual software update. For information on obtaining the latest service pack, please go to:
For information on obtaining the individual software update, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://support.microsoft.com/directory/overview.asp


Windows NT Server 4.0, Terminal Server Edition

To resolve this problem, obtain the latest service pack for Windows NT Server 4.0, Terminal Server Edition. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

152734 How to obtain the latest Windows NT 4.0 service pack


STATUS

Microsoft has confirmed that this is a problem in Windows NT 4.0 and Windows NT Server 4.0, Terminal Server Edition.

This problem was first corrected in Windows NT Server 4.0 Service Pack 6 and Windows NT Server 4.0, Terminal Server Edition Service Pack 6.

MORE INFORMATION

SCE is part of the Security Configuration Tool Set. It is a stand-alone snap-in tool that you can use to define computer-independent security configurations, which are then saved as text-based .inf files.

For additional information about the Security Configuration Tool Set and the role of SCE, please see the white papers at the following Microsoft Web site:

http://www.microsoft.com/technet/archive/winntas/maintain/security/scmnt4.mspx

Modification Type:MajorLast Reviewed:7/18/2005
Keywords:kbbug kbfix KB241489
©2004 Microsoft Corporation. All rights reserved.