Debugging the Access Control List Editor

ID: Q225031

The information in this article applies to:

Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server

IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.

SUMMARY

The Access Control List Editor can provide output to a debugger. This may be useful when troubleshooting Access Control List Editor related issues.

MORE INFORMATION

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD).

There are two dynamic-link library (.dll) files in Windows 2000 involved in the functionality of the Access Control List Editor, Dssec.dll, and Aclui.dll.

The checked version of the Dssec.dll file generates debug print statements when used in conjunction with a debugger. To enable debug output from the Access Control List Editor:

Rename the original Dssec.dll file in the %SYSTEMROOT%\SYSTEM32 folder to Dssec.old, or another unique file name.

Copy the checked Dssec.dll file to the %SYSTEMROOT%\SYSTEM32 folder.

Debugging detail can be set from the following registry key value:

HKEY_CLASSES_ROOT\CLSID\{4E40F770-369C-11d0-8922-00A-24AB2DBB)\TraceMask
- To see basic debug output, set the value to (DWORD) 0x40000007
- To see more detailed debug output, set the value to (DWORD) 0x4000003F

Useful information can also be gained by using the checked version of the Aclui.dll file with a debugger. Once this new file is installed, a specific trace mask may be assigned in the registry to denote the level of detail. To enable debugging output for the Aclui.dll file:

Rename the original Aclui.dll file in the %SYSTEMROOT%\SYSTEM32 folder to Aclui.old, or another unique file name.

Copy the checked Aclui.dll file to the %SYSTEMROOT%\SYSTEM32 folder.

Debugging detail can be set from the following registry key value:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AclUI\TraceMask

To enable basic debug output, set the value of TraceMask to (DWORD) 0x400001ff.

Here is a more detailed list of the debug flags in the mask for debugging the Dssec.dll and Aclui.dll files:

Common Debug Flags

TRACE_COMMON_STR	0x80000000	String functions
TRACE_COMMON_ASSERT	0x40000000	Break on assertion failures

ACLUI Debug Flags

TRACE_PERMPAGE	0x00000001	Security Page
TRACE_PRINCIPAL	0x00000002	SID specific changes on security page
TRACE_SI	0x00000004	Additional security page information
TRACE_PERMSET	0x00000004	Permission changes on security page
TRACE_ACELIST	0x00000010	Advanced permission and audit pages
TRACE_ACEEDIT	0x00000020	View/Edit ACE page
TRACE_OWNER	0x00000040	Ownership Page
TRACE_MISC	0x00000080	Includes SID lookup/cache
TRACE_CHECKLIST	0x00000100	"List of Checkboxes" control

DSSEC Debug Flags

TRACE_CORE	0x00000001	DLLMain, etc.
TRACE_SECURITY	0x00000002	Shell extension
TRACE_DSSI	0x00000004	DS provider for ACLUI
TRACE_SCHEMA	0x00000008	Schema cache
TRACE_SCHEMACLASS	0x00000010	Schema cache (class specific)
TRACE_SCHEMAPROP	0x00000020	Schema cache (property specific

Additional query words: 2000 4.00

Keywords : kbtool
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbhowto