Auditing Changes in SCM Not Reflected in User Manager Policies (241653)


The information in this article applies to:

  • Microsoft Windows NT Server 4.0 Terminal Server Edition
  • Microsoft Windows NT Server 4.0 SP4
  • Microsoft Windows NT Server 4.0 SP5
  • Microsoft Windows NT Server, Enterprise Edition 4.0 SP4
  • Microsoft Windows NT Server, Enterprise Edition 4.0 SP5
This article was previously published under Q241653

SYMPTOMS

When you attempt to use the Security Configuration Manager (SCM) tool to remove two auditing events that are being tracked for an attribute in User Manager for Domains (for example, auditing Success and Failure events for the Audit Object Access attribute), you can only remove one auditing event. If you are tracking two auditing events for an attribute in User Manager for Domains on your Windows NT 4.0-based computer, the SCM tool can add an auditing event successfully to the tracking that is reflected in User Manager for Domains.

CAUSE

This behavior occurs because of an incorrect flag set in the Local Security Authority (LSA) server library.

RESOLUTION

Windows NT Server or Workstation 4.0

To resolve this problem, obtain the latest service pack for Windows NT 4.0 or the individual software update. For information on obtaining the latest service pack, please go to:
For information on obtaining the individual software update, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://support.microsoft.com/directory/overview.asp


Windows NT Server 4.0, Terminal Server Edition

To resolve this problem, obtain the latest service pack for Windows NT Server 4.0, Terminal Server Edition. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

152734 How to Obtain the Latest Windows NT 4.0 Service Pack


STATUS

Microsoft has confirmed that this is a problem in Windows NT 4.0 and Windows NT Server 4.0, Terminal Server Edition.

This problem was first corrected in Windows NT Server 4.0 Service Pack 6 and Windows NT Server 4.0, Terminal Server Edition Service Pack 6.

MORE INFORMATION

For additional information about the Microsoft Security Configuration Tool Set, including Security Configuration Manager, please visit the following Microsoft Web site:

http://www.microsoft.com/TechNet/win2000/win2ksrv/technote/securcon.asp

Modification Type:MajorLast Reviewed:11/20/2002
Keywords:kbbug KB241653
©2002 Microsoft Corporation. All rights reserved.