Services Are Not Listed in the Security Configuration and Analysis Snap-in (321933)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
This article was previously published under Q321933

SYMPTOMS

When you use the Security Configuration and Analysis snap-in in Microsoft Management Console (MMC), the list of services in the System Services folder may be empty.

CAUSE

An interactive user does not have Full Control permissions for all services. The minimum permissions that a user requires to view the list should be Read.

RESOLUTION

Service Pack Information

To resolve this problem, obtain the latest service pack for Microsoft Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

Hotfix Information

A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem. This fix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Windows 2000 service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix should have the following file attributes or later: 
   Date         Time   Version        Size     File name
   --------------------------------------------------------
   08-May-2002  11:33  5.0.2195.5655  123,664  Adsldp.dll
   08-May-2002  11:33  5.0.2195.5655  130,832  Adsldpc.dll
   08-May-2002  11:33  5.0.2195.5725   62,736  Adsmsext.dll
   08-May-2002  11:33  5.0.2195.5720  357,648  Advapi32.dll
   08-May-2002  11:33  5.0.2195.5595  135,952  Dnsapi.dll
   08-May-2002  11:33  5.0.2195.5595   96,016  Dnsrslvr.dll
   08-May-2002  11:33  5.0.2195.5722   45,328  Eventlog.dll
   08-May-2002  11:33  5.0.2195.5639  146,192  Kdcsvc.dll
   22-Apr-2002  13:24  5.0.2195.5640  199,952  Kerberos.dll
   02-May-2002  15:44  5.0.2195.5724   71,024  Ksecdd.sys
   07-May-2002  11:40  5.0.2195.5744  504,080  Lsasrv.dll
   07-May-2002  11:40  5.0.2195.5744   33,552  Lsass.exe
   07-Dec-2001  17:05  5.0.2195.4745  107,280  Msv1_0.dll
   08-May-2002  11:33  5.0.2195.5626  306,960  Netapi32.dll
   08-May-2002  11:33  5.0.2195.5723  360,208  Netlogon.dll
   08-May-2002  11:33  5.0.2195.5719  916,752  Ntdsa.dll
   08-May-2002  11:33  5.0.2195.5585  386,832  Samsrv.dll
   08-May-2002  11:33  5.0.2195.5757  128,784  Scecli.dll
   08-May-2002  11:33  5.0.2195.5757  299,792  Scesrv.dll
   04-May-2002  13:34  5.0.2195.5736   62,464  Sp3res.dll
   08-May-2002  11:33  5.0.2195.5677   48,912  W32time.dll
   25-Apr-2002  16:15  5.0.2195.5677   57,104  W32tm.exe
   08-May-2002  11:33  5.0.2195.5737  125,712  Wldap32.dll
   07-May-2002  11:40  5.0.2195.5744  504,080  Lsasrv.dll

WORKAROUND

To work around this problem, select a user to be responsible for configuring security on services. Grant that user Full Control permissions for all services. Make sure that the Everyone group has Read permissions and that the System account has Full Control permissions.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft Windows 2000 Service Pack 4.

MORE INFORMATION

The list of services may still be empty after you apply this hotfix if the interactive user does not have a minimum of Read permissions to all services. This behavior is by design. When you apply permissions for services, make sure that the Everyone group has Read permissions and that the System account has Full Control permissions. You can use additional permissions to control which users can start, stop, or configure services.

To set Read permissions for all services, use the Security Templates snap-in to create a template with the correct permissions for all services, and then apply the template to the computer by using the Security Configuration and Analysis snap-in. Or, you can use the Sc.exe tool (from the Microsoft Windows 2000 Resource Kit) with the /sdset switch to manually configure permissions for each service.

For additional information about how to obtain a hotfix for Windows 2000 Datacenter Server, click the article number below to view the article in the Microsoft Knowledge Base:

265173 The Datacenter Program and Windows 2000 Datacenter Server Product

For additional information about how to install multiple hotfixes with only one reboot, click the article number below to view the article in the Microsoft Knowledge Base:

296861 Use QChain.exe to Install Multiple Hotfixes with One Reboot

Modification Type:MinorLast Reviewed:10/11/2005
Keywords:kbHotfixServer kbQFE kbSecurity kbWin2kSP4fix kbbug kbfix kbWin2000preSP4Fix KB321933
©2004 Microsoft Corporation. All rights reserved.