This is the mail archive of the cygwin-apps@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [RFC] Globally creating a user and a group "root"


On Thu, 27 Nov 2003, Corinna Vinschen wrote:

> > >> 4) I get an "Error in addUserRights (LsaAddAccountRights returned
> > >>    0xc0000060=STATUS_NO_SUCH_PRIVILEGE)!" on a w2k box (I have
> > >>    full, local, admin rights.  Is this OK? (or have I lost the
> > >>    plot again :|
> > >
> > > Details?  Which user right does result in that error?  Does W2K not
> > > have the SeDenyXXX rights, perhaps?
> >
> > Sorry, you are talking double dutch (sorry all you Dutch ;).  All
>
> Just look into the create-root script.  There are seven calls to the
> famous new editrights tool.  Three of them are only called on machines
> with NT5 (W2K) and up.  Probably that's not ok.  I don't know exactly
> but it's possible that W2K doesn't have these SeDenyWhatever user rights.
>
> > I did was run the create-root.sh and enter a password.  I've not got
> > the time atm to go any deeper - I've a non-flexable deadline at work
> > that I'm up against :(
>
> That's ok.  I just don't have W2K currently floating around here so
> I'm stuck with 98, NT4, XP and 2003.  Oh, no, wait... uh, damn, I
> don't have administrative access to that W2K machine so I can't take
> a look into the Local Security Policy MMC snapin :-(
>
> Corinna

Corinna,

I assume you mean the "User Rights Assignment" policy.  Below is a full
list of user rights on my Win2k SP3 machine (copied from that policy).
Hope this is what you needed,
	Igor

Access this computer from the network
Act as part fo the operating system
Add workstations to domain
Back up files and directories
Bypass traverse checking
Change the system time
Create a pagefile
Create a token object
Create permanent shared objects
Debug programs
Deny access to this computer from the network
Deny logon as a batch job
Deny logon as service
Deny logon locally
Enable computer and user accounts to be trusted for delegation
Force shutdown from a remote system
Generate security audits
Increase quotas
Increase scheduling priority
Load and unload device drivers
Lock pages in memory
Log on as a batch job
Log on as a service
Log on locally
Manage auditing and security log
Modify firmware environment values
Profile single process
Profile system performance
Remove computer from docking station
Replace a process level token
Restore files and directories
Shut down the system
Synchronize directory service data
Take ownership of files or other objects

-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha@cs.nyu.edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor@watson.ibm.com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]