The Dial-In Property Sheet Does Not Honor Object Permissions (311003)
The information in this article applies to:
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
This article was previously published under Q311003 SYMPTOMS
If you deny a user Read and Write permissions to "Remote Access" for a user object, but that user is a member of a group that has Full Control permissions, the user is given Full Control permissions for gaining access to the Dial-In property sheet.
Additionally, if you deny a user only Read permission to "Remote Access," and the user is not a member of a group with Full Control permissions, the user can still read the information on the Dial-In property sheet.
CAUSE
The property sheet does not explicitly check the access rights of the user who performs the operation against the security set on the Active Directory object and the attributes that are being opened.
RESOLUTIONTo resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the
Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
The English version of this fix should have the following file attributes or later:
Date Time Version Size File name
------------------------------------------------------
13-Dec-2001 15:32 5.0.2195.4765 144,656 Rasuser.dll
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.
| Modification Type: | Minor | Last Reviewed: | 9/26/2005 |
|---|
| Keywords: | kbHotfixServer kbQFE kbbug kbfix kbnetwork kbWin2000PreSP3Fix kbWin2000sp3fix KB311003 |
|---|
|