Troubleshooting Account Operators

I’m using NT Server 4.0 Service Pack 6a. When I logon locally with an “account operators” user and try to open a user properties box using “user manager” I get an “access denied” message. I get the following in the security event log:

Object Open:
Object Server: Security Account Manager
Object Type: SAM_DOMAIN
Object Name: GALENAHQ
New Handle ID: –
Operation ID: {0,14902891}
Process ID: 2158934272
Primary User Name: SYSTEM
Primary Domain: NT AUTHORITY
Primary LogonID: (0x0,0x3E7)
Client User Name: test
Client Domain: GALENAHQ
Client Logon ID: (0x0,0xE2E633)
Accesses ReadPasswordParameters
WritePasswordParameters
CreateUser
CreateGlobalGroup
CreateLocalGroup
GetLocalGroupMembership
ListAccounts
LookupIDs

Privileges –