Windows NT Error: Account Operators Get Access Denied Error Messages with User Manager for DomainsID: Q173752
|
When an account operator tries to use User Manager for Domains from a computer other than the primary domain controller (PDC), they receive Access Denied error messages. Regular users will also receive this error when they try to start User Manager for Domains to view the list of accounts.
This problem occurs when the following subkey is missing from the registry
on the PDC:
HKLM\System\CurrentControlSet\Control\SecurePipeServer
\Winreg\AllowedPaths
NOTE: The above registry key is one path; it has been wrapped for
readability.
If the AllowedPaths key is missing, you will experience the above error and
be unable to administer the user accounts from any computer other than the
PDC.
The specific information required to restore this key is located in the
MACHINE:Reg_Multi_SZ value in the following subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control
\ProductOptions\AllowedPaths
NOTE: The above registry key is one path; it has been wrapped for
readability.
Also, even though you will receive an Access Denied error message, this
will not generate a failure if you have enabled Security Auditing, unless
you are specifically auditing the registry. This is because the Account
Operator has not been granted access to the OBJECT that you have chosen to
audit.
This value and the key are generated by default when Windows NT is
installed.
Additional query words: access denied winreg
Keywords : ntdomain ntregistry NTSrvWkst
Version : WinNT:4.0
Platform : winnt
Issue type : kbprb Last Reviewed: January 16, 1999