Sign in with
Sign up | Sign in
Your question

Unable to display the user selection dialog (null)

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
July 26, 2004 10:01:14 PM

Archived from groups: comp.os.ms-windows.nt.admin.security,microsoft.public.platformsdk.security,microsoft.public.security,microsoft.public.security.baseline_analyzer,microsoft.public.win2000.security (More info?)

Yes, I know it looks familiar :) 

Windows 2000 Professional
IIS 5
MSBSA 1.2
IIS Lockdown

After running IIS Lockdown and following the suggestions of the BSA, I can
no longer add accounts to the security dialog for any object. I've done my
homework and found several suggestions for curing this problem, but none
work. I've reversed the suggestions of the BSA and that didn't work. I
uninstalled and reinstalled IIS and that didn't work. I followed all the
directions I could find about this problem (even MS's instructions in the KB
article about this problem) all to no avail.

My problem is that I have a CGI application that uses MAPI, and in order for
that to happen I have to give the IIS login account access to
HKEY_CURRENT_USER. I can't do that. The CGI app is mine. In the mean time,
can I use CreateProcessAsUser from it?

Please, somebody, throw me a bone.
-SHAWN-
shawn@testech-ltd.com
Anonymous
a b 8 Security
July 31, 2004 5:53:29 PM

Archived from groups: microsoft.public.platformsdk.security,microsoft.public.security,microsoft.public.security.baseline_analyzer,microsoft.public.win2000.security (More info?)

SOLVED!

> David Dickinson

David, thank you for your help - your prompt for more information led me to
search the net again, and I found a fix.

I have no idea why it makes a difference or what messed things up, but the
HKEY_CLASSES_ROOT\LDAP key was missing. I was led to this key by a posting
to whatismyipaddress.com:
http://www.whatismyipaddress.com/forums/post.asp?method...

User "cleverett" posted the crucial clue. This article also references KB
article:

http://support.microsoft.com/default.aspx?scid=kb;en-us;269489

entitled "Missing HKEY_CLASSES_ROOT\LDAP\Clsid Registry Key Causes Numerous
Errors. I then found that the whole LDAP key was missing. I checked another
of my Windows 2000 computers and found the following:

HKEY_CLASSES_ROOT\LDAP:
(Default), REG_SZ, URL:LDAP Protocol
EditFlags, REG_BINARY, 02 00 00 00
URL Protocol, REG_SZ, ""

HKEY_CLASSES_ROOT\LDAP\Clsid
(Default), REG_SZ, {228D9A81-C302-11df=9AA4-00AA004A5691}

HKEY_CLASSES_ROOT\LDAP\shell
(Default}, REG_SZ, (value not set)

HKEY_CLASSES_ROOT\LDAP\shell\open
(Default), REG_SZ, (value not set)

HKEY_CLASSES_ROOT\LDAP\shell\open\command
(Default), REG_SZ, "C:\Program Files\Outlook Express\wab.exe" /ldap:%1

For those who don't know, LDAP stands for Lightweight Directory Access
Protocol. I can't imagine why this is necessary for the GUI ACL add to work,
but apparently it is.

Thank you to all for considering my problem, and especially thank you again
David who was the only one to respond.
-SHAWN-
!