Re: Q329170 (MS02-070), Q327984 and slow logoffs
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa@PACBELL.NET)
Date: 03/21/03
- Previous message: Christopher Hill: "Q329170 (MS02-070), Q327984 and slow logoffs"
- In reply to: Christopher Hill: "Q329170 (MS02-070), Q327984 and slow logoffs"
- Next in thread: J. Merrill: "Re: Q329170 (MS02-070), Q327984 and slow logoffs"
- Reply: J. Merrill: "Re: Q329170 (MS02-070), Q327984 and slow logoffs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Mar 2003 10:50:43 -0800 From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@PACBELL.NET> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Information to share with users experiencing this problem:::
In the US, customers can call 1-866-PCSaftey and mention they have an issue
with the 329170 security patch and that they would like the hotfix described
in Q814770 Outside the US, customers should contact
their local Microsoft subsidiary.
814770 - Unexpected Delay When You Log Off Your Domain:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q814770
Christopher Hill wrote:
> I have been investigating the apparently widespread problem under Windows
> 2000 that if you install the Q329170 patch from the MS02-070 security
> bulletin, your computer takes a long time to log off (up to 60 seconds
> more), and logs an error with event ID 1000 in your Application event log
> from 'Userenv', stating 'Windows cannot unload your registry file. If you
> have a roaming profile, your settings are not replicated. Contact your
> administrator. DETAIL - Access is denied. , Build number ((2195)).'
> Relevant articles are here:
> http://support.microsoft.com/?kbid=329170
> http://www.microsoft.com/technet/security/bulletin/MS02-070.asp
>
> Having tested the problem, it seems that it is linked to the problem
> described in Q327984:
> http://support.microsoft.com/?kbid=327984
> which is the problem that if you change printer settings and log off, your
> user profile is not unloaded. I have confirmed this by using oh.exe
> (available here:
> http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/oh-
> o.asp)
>
> On a computer with Q329170 applied, if you log on as one user, open up the
> properties of a printer (I opened up the properties of a network printer
> *and* a local one just to be safe), and then log off, then log on as
> another user, OH will show that the HKEY_USERS\<user's SID> registry key
> is still open by spoolsv.exe, the printer spooler service.
>
> As an aside, it is strange that Q327984 says that the problem 'is caused
> by a handle leak in shlwapi32.dll' whereas this patch does not exist on
> the Windows 2000 system that I am using... shlwapi.dll does exist but even
> this file is not actually updated by the patch mentioned in Q327984 (the
> patch is not publicly available).
>
> Uninstalling the Q329170 patch fixes the problem perfectly. This is the
> quick workaround for anyone interested! Others have suggested stopping the
> spooler service in a logoff script which should work as well.
>
> My theory? If you compare Q327984 and Q329170's list of updated files, all
> of the files in Q327984 are also in Q329170, but Q329170's files are later
> versions. Q327984 is the earlier article. I reckon that the problem solved
> by Q327984 was broken again by Q329170 - or perhaps Q329170 does not
> include the patches created by Q327984.
>
> Anyway, it would be really nice if anyone from Microsoft reading this
> could put some serious muscle behind it being fixed - because it is REALLY
> annoying having to wait 60 seconds every time you log off just because
> you've been aware enough to actually apply security patches! 'Trustworthy
> Computing' means that you also trust security patches not to break other
> parts of your computer's functionality! There is no mention in the KB of
> the problem although a quick Google search will show that it is well
> known. The security patch should be re-released, or another patch released
> that fixes the problem.
>
> Thanks a lot!
>
> Chris Hill
> ICT Technician
> Colchester Royal Grammar
> School
>
> ---------------------------------------------
> This message was sent using Endymion MailMan.
> http://www.endymion.com/products/mailman/
>
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> Delivery co-sponsored by TruSecure Corporation
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> TICSA - Anniversary Special - Limited Time
>
> Become TICSA certified for just $221.25 US when you register before 3/31/03
> with PROMO "TS0103" at www.2test.com. NO membership fees, certification
> good for 2 years. Price for international delivery just $296.25 US, with
> this offer. Offer cannot be combined with any other special and expires
> 3/31/03. Visit www.trusecure.com/ticsa for full details.
>
> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure Corporation
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
TICSA - Anniversary Special - Limited Time
Become TICSA certified for just $221.25 US when you register before 3/31/03
with PROMO "TS0103" at www.2test.com. NO membership fees, certification
good for 2 years. Price for international delivery just $296.25 US, with
this offer. Offer cannot be combined with any other special and expires
3/31/03. Visit www.trusecure.com/ticsa for full details.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Christopher Hill: "Q329170 (MS02-070), Q327984 and slow logoffs"
- In reply to: Christopher Hill: "Q329170 (MS02-070), Q327984 and slow logoffs"
- Next in thread: J. Merrill: "Re: Q329170 (MS02-070), Q327984 and slow logoffs"
- Reply: J. Merrill: "Re: Q329170 (MS02-070), Q327984 and slow logoffs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
