Permission problem after installing MSDTC update 902400

[frank]

Permission problem after installing MSDTC update 902400

With a 2000 SP4 DC, 2000 SP4 & XP SP2 workstations

users are no longer able to run a logon script after installing this
update:

Microsoft Security Bulletin MS05-051
Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution
(902400)
Published: October 11, 2005

however, if I add the user to local admins, everything works fine.

also, on a XP SP2 workstation with Visual Studio 2003, users are
denied access to the debugger eventhough they are members of debugger
users.

I'm not too sure about this. Does anyone know how MSDTC or COM+
interact with authentication?

What should I be looking for here?

Regards

 

[pmastrovito]

Have you tried running FileMon from SysInternals
(http://www.sysinternals.com/Utilities/Filemon.html)??

Remove the user from the administrators group, start fileMon, run the
script and watch for "Access Denied" entries in FileMon.

Sometimes, this will show you where you need to apply additional
rights.

Post back here to let us know what you find...

 

[Roger Abell [MVP]]

see
http://support.microsoft.com/?kbid=909444

 

[frank]

Thank you, Sir.

IMHO in a case like this, the update description should carry a
warning.

I learned some interesting new stuff though.

Best regards.

 

[Roger Abell [MVP]]

You are right, but the KB and its need were discovered after
the update release.