So, what can a program that can modify the SIDs in NTUSER.DAT
do?
Richard Sharpe
rsharpe at ns.aus.com
Thu Oct 31 17:52:41 GMT 2002
On Thu, 31 Oct 2002, Andy Thomas wrote:
>
> We have just set up a test domain, with a separate domain SID and separate
> user profile area. We would like to copy existing profiles for some
> users to the test domain, and change the SID to match. The program you are
> describing sounds perfect for this. We have a need for this soon - if you
> need help testing or debugging, let me know.
OK, I just added to samba-head in source/utils a file called profiles.c
which currently only prints out the following info for all SEC DESCs
found:
Off: 00000080, Refs: 312, Size: 256
Owner SID: S-1-5-32-544
Group SID: S-1-5-18
SACL: NONE
DACL: ACEs: 8
Perms: 000F003F, SID: S-1-5-21-129735678-430395340-1080627117-2002
Perms: 000F003F, SID: S-1-5-18
Perms: 000F003F, SID: S-1-5-32-544
Perms: 00020019, SID: S-1-5-12
Perms: 10000000, SID: S-1-5-21-129735678-430395340-1080627117-2002
Perms: 10000000, SID: S-1-5-18
Perms: 10000000, SID: S-1-5-32-544
Perms: 80000000, SID: S-1-5-12
Off: 00006E28, Refs: 245, Size: 284
Owner SID: S-1-5-21-129735678-430395340-1080627117-2002
Group SID: S-1-5-21-129735678-430395340-1080627117-2003
SACL: NONE
DACL: ACEs: 8
Perms: 000F003F, SID: S-1-5-21-129735678-430395340-1080627117-2002
Perms: 10000000, SID: S-1-5-21-129735678-430395340-1080627117-2002
Perms: 000F003F, SID: S-1-5-18
Perms: 10000000, SID: S-1-5-18
Perms: 000F003F, SID: S-1-5-32-544
Perms: 10000000, SID: S-1-5-32-544
Perms: 00020019, SID: S-1-5-12
Perms: 80000000, SID: S-1-5-12
and so on.
What I envision is something like:
profiles -c S-1-5-21-x-y-z-oldrid -n S-1-5-21-x-y-z-newrid <profiles>
which would walk the SEC DESCs, find all the SIDs and change them.
The remaining problem however, may be SIDs burried in other entries in the
NTUSER.DAT. This can be solved, however, by walking all the entries in the
registry and changing all the SIDS.
Regards
-----
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org,
sharpe at ethereal.com, http://www.richardsharpe.com
More information about the samba-technical
mailing list