WMI AccessCheck Receives Local Administrator's SID

Article translations Article translations
Article ID: 320678 - View products that this article applies to.
This article was previously published under Q320678
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all


The IWbemEventProviderSecurity::AccessCheck method is used by WMI event providers to check access permissions. This check occurs when a consumer tries to subscribe to an event. By definition, the AccessCheck method is passed the security identifier (SID) of the user who is trying to create the event registration. The consumer is permitted to subscribe to the event only if the consumer has access permission for the event. If this permission does not exist, the subscription is prevented. With Windows XP, when a permanent WMI event consumer is registered by a member of the local administrators group, the event provider's AccessCheck method is passed the local administrators group SID instead of the individual user's SID.


To resolve this problem, obtain the latest service pack for Windows XP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
322389 How to Obtain the Latest Windows XP Service Pack
The English version of this fix should have the following file attributes or later:
   Date         Time      Version      Size     File name
   17-Apr-2002  15:27:58  5.1.2600.42  259,072  Wbemess.dll


Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows XP Service Pack 1.


Article ID: 320678 - Last Review: January 12, 2015 - Revision: 1.2
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
kbnosurvey kbarchive kbhotfixserver kbqfe kbbug kbenv kbfix kbsysadmin kbwinxpsp1fix KB320678

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com