APID Is Reported in Process Tracking Audit Events (277743)
The information in this article applies to:
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
This article was previously published under Q277743 SYMPTOMS
When you perform process auditing on a Windows 2000-based computer, the creation and exit process identifications do not match and it is difficult to match the processes corresponding events.
CAUSE
Windows 2000 reports the Audit Process ID for process creation and Process ID for process exit audit events in the security log.
RESOLUTIONTo resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the
Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
The English-language version of this fix should have the following file attributes or later:
Date Time Version Size File name
------------------------------------------------------------------
5/29/2001 07:43a 5.0.2195.3649 1,685,632 Ntkrnlmp.exe
5/29/2001 07:43a 5.0.2195.3649 1,685,312 Ntkrnlpa.exe
5/29/2001 07:44a 5.0.2195.3649 1,705,984 Ntkrpamp.exe
5/29/2001 07:43a 5.0.2195.3649 1,663,424 Ntoskrnl.exe
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.
| Modification Type: | Minor | Last Reviewed: | 9/26/2005 |
|---|
| Keywords: | kbHotfixServer kbQFE kbAPI kbBug kbfix kbKernBase kbSecurity kbWin2000sp3fix KB277743 |
|---|
|