This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: Windows server 2003
On Wed, Apr 09, 2003 at 09:26:52PM +0200, Corinna Vinschen wrote:
> On Wed, Apr 09, 2003 at 12:38:47PM -0400, Pierre A. Humblet wrote:
> > <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/localservice_account.asp>
> > <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/networkservice_account.asp>
> > It looks like the only diff between them is how they act on the
> > network (anonymous vs. local computer).
>
> Thanks for the above links. I still think that NT doesn't actually
> put them into a group. Hmm, it would be interesting to see their
> default token...
Just FYI, I've started my token info application under both accounts to
see the tokens. The primary group is set to the user SID itself.
However, I don't understand why some groups are in the group list more
than once...
Local Service:
--------------
Type: Primary
Impersonation Level: Primary Token
Source: Advapi 0 45185823
Owner: S-1-5-19
User: S-1-5-19
Primary Group: S-1-5-19
Groups:
S-1-5-19 enabled default mandatory
S-1-1-0 enabled default mandatory
S-1-5-32-545 enabled default mandatory
S-1-1-0 enabled default mandatory
S-1-5-11 enabled default mandatory
S-1-2-0 enabled default mandatory
S-1-5-32-545 enabled default mandatory
S-1-5-5-0-45185827 enabled default logon_id mandatory
S-1-2-0 enabled default mandatory
S-1-5-6 enabled default mandatory
S-1-5-11 enabled default mandatory
DefaultDacl:
allow all 10000000 S-1-5-18
allow all 10000000 S-1-5-19
Statistics: TokenId: 0 45186632
AuthenticationId: 0 997
ExpirationTime: 6207526b64ceb90
TokenType: Primary
ImpersonationLevel: SecurityAnonymous
DynamicCharged: 500
DynamicAvailable: 440
GroupCount: 11
PrivilegeCount: 6
ModifiedId: 0 45186634
Privileges:
SeAuditPrivilege "Generate security audits"
SeIncreaseQuotaPrivilege "Adjust memory quotas for a process"
SeAssignPrimaryTokenPrivilege "Replace a process level token"
SeChangeNotifyPrivilege "Bypass traverse checking" enabled default
SeShutdownPrivilege "Shut down the system"
SeUndockPrivilege "Remove computer from docking station"
RestrictedSids:
Network Service:
----------------
Type: Primary
Impersonation Level: Primary Token
Source: Advapi 0 45214699
Owner: S-1-5-20
User: S-1-5-20
Primary Group: S-1-5-20
Groups:
S-1-5-20 enabled default mandatory
S-1-1-0 enabled default mandatory
S-1-5-32-545 enabled default mandatory
S-1-1-0 enabled default mandatory
S-1-5-11 enabled default mandatory
S-1-2-0 enabled default mandatory
S-1-5-32-545 enabled default mandatory
S-1-5-5-0-45214703 enabled default logon_id mandatory
S-1-2-0 enabled default mandatory
S-1-5-6 enabled default mandatory
S-1-5-11 enabled default mandatory
DefaultDacl:
allow all 10000000 S-1-5-18
allow all 10000000 S-1-5-20
Statistics: TokenId: 0 45215474
AuthenticationId: 0 996
ExpirationTime: 6207526b64ceb90
TokenType: Primary
ImpersonationLevel: SecurityAnonymous
DynamicCharged: 500
DynamicAvailable: 440
GroupCount: 11
PrivilegeCount: 6
ModifiedId: 0 45215476
Privileges:
SeAuditPrivilege "Generate security audits"
SeIncreaseQuotaPrivilege "Adjust memory quotas for a process"
SeAssignPrimaryTokenPrivilege "Replace a process level token"
SeChangeNotifyPrivilege "Bypass traverse checking" enabled default
SeShutdownPrivilege "Shut down the system"
SeUndockPrivilege "Remove computer from docking station"
RestrictedSids:
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin at cygwin dot com
Red Hat, Inc.