GetWindowsDirectory and GetPrivateProfileString problems after installing KB9174

Giganews Newsgroups
Subject: GetWindowsDirectory and GetPrivateProfileString problems after installing KB9174
Posted by:  toddericks…
Date: 11 Aug 2006

We are an ISV and several of our customers are reporting problems with
our application running on Win2000 Terminal Server after installing the
KB917422 update.

Our application reads and writes certain user settings to an
appname.ini file in the user's Windows folder.  We use
GetPrivateProfileString and WritePrivateProfileString.  After
installing this update our application is trying to access the
c:\windows\appname.ini file instead of c:\documents and
settings\userid\windows\appname.ini file.  This causes severe problems
in our application.
>From further testing it appears that GetWindowsDirectory is returning
c:\winnt\ instead of c:\documents and settings\userid\windows\.

This behavior affects users who are members of the domain/users group.
Members of the domain/administrators group are not affected.

Microsoft Security Bulletin MS06-051 describes the User Profile
Elevation of Privilege Vulnerability that this update is suppose to
address, however I can't find any documentation indicating that users
would have no access to their private profile via the Kernel32 APIs.

After uninstalling KB917422 users again access their own ini in their
local windows folder.
At this time it appears that this is a problem on only Windows 2000
Terminal Server machines.

Has anyone else experienced similar problems?

Is anyone aware of a fix other than removing the update?

Thank you,
Todd Erickson
Project Manager
Software Solutions Integrated, LLC