<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40"
xmlns:ns5="http://schemas.microsoft.com/office/2004/12/omml">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="Street"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="country-region"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="State"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="City"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="place"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="address"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PersonName"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--a:link
{mso-style-priority:99;}
span.MSOHYPERLINK
{mso-style-priority:99;}
a:visited
{mso-style-priority:99;}
span.MSOHYPERLINKFOLLOWED
{mso-style-priority:99;}
p
{mso-style-priority:99;}
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p
{mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
p.default, li.default, div.default
{margin:0in;
margin-bottom:.0001pt;
text-autospace:none;
font-size:12.0pt;
font-family:Verdana;
color:black;}
span.EmailStyle19
{mso-style-type:personal;
font-family:Arial;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:Calibri;
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Hi Obaid,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Thank you for the attached information. I
think it answers the question. Will let you know if something else comes up,
but at this point this seems reasonable.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Regards,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Nadezhda Ivanova<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> Obaid Farooqi
[mailto:obaidf@microsoft.com] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Friday, August 14, 2009 7:12
<st1:PersonName w:st="on">PM</st1:PersonName><br>
<b><span style='font-weight:bold'>To:</span></b> <st1:PersonName w:st="on">Nadezhda
Ivanova</st1:PersonName><br>
<b><span style='font-weight:bold'>Cc:</span></b> <st1:PersonName w:st="on">pfif@tridgell.net</st1:PersonName>;
<st1:PersonName w:st="on">cifs-protocol@samba.org</st1:PersonName><br>
<b><span style='font-weight:bold'>Subject:</span></b> RE: Question about owner
and group defaulting rules in MS-ADTS</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>Hi Nadezhda:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>We have finished our
investigation on “Owner and Group Defaulting Rules”. In a future version of MS-ADTS,
section 7.1.3.6 and 7.1.3 will be modified. Please find the PDF version of
modifications attached to this email.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>Please let me know
if this answers your question. If yes, I’ll consider this issue resolved.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>Regards,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>Obaid Farooqi<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>Sr. Support Escalation
Engineer | Microsoft<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'><o:p> </o:p></span></font></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> <st1:PersonName
w:st="on">Nadezhda Ivanova</st1:PersonName>
[mailto:nadezhda.ivanova@postpath.com] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, August 04, 2009
2:58 AM<br>
<b><span style='font-weight:bold'>To:</span></b> Interoperability Documentation
Help<br>
<b><span style='font-weight:bold'>Cc:</span></b> <st1:PersonName w:st="on">pfif@tridgell.net</st1:PersonName>;
<st1:PersonName w:st="on">cifs-protocol@samba.org</st1:PersonName><br>
<b><span style='font-weight:bold'>Subject:</span></b> Question about owner and
group defaulting rules in MS-ADTS<o:p></o:p></span></font></p>
</div>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hi,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>In MS-ADTS, section 7.1.3.6, is written the following:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=default><font size=1 color=black face=Verdana><span style='font-size:
9.0pt'>The GROUP field is defaulted as follows: <o:p></o:p></span></font></p>
<p class=default style='text-indent:.5in'><font size=1 color=black
face=Wingdings><span style='font-size:9.0pt;font-family:Wingdings'>§ </span></font><font
size=1><span style='font-size:9.0pt'>If the DAG was used as the default OWNER
field value, then the same SID is written into the GROUP field. <o:p></o:p></span></font></p>
<p class=default><font size=1 color=black face=Verdana><span style='font-size:
9.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>However, it appears that the creating user’s primary group
is ALWAYS used as the default group, regardless of partition or owner. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Example:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>We create an object in the domain partition, say an OU,
without providing an nTSecurityDescriptor. The creating user is a member of
Domain Admins, with primary group Domain Users, so the DAG is Domain admins as
per the DAG rules in the same document. Domain Admins is used as the OWNER in
the new object’s security descriptor. According to the above statement, Domain
Admins should also be set as the default group. However, in a Windows 2003
server, Domain Users is defaulted as the group in the new object’s descriptor.
If the user’s primary group is changed to Domain Admins, then the group of the
new object is defaulted to Domain Admins.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The above behavior is consistent with
CreateSecurityDescriptor algorithm from MS-DTYP, where the primary group of the
security token is assigned if a group is not provided. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Could you please clarify the contradiction between <st1:place
w:st="on"><st1:City w:st="on">MS-ADTS</st1:City>, <st1:State w:st="on">MS</st1:State></st1:place>-DTYP
and actual behavior?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Regards,<o:p></o:p></span></font></p>
<p class=MsoNormal><st1:PersonName w:st="on"><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Nadezhda Ivanova</span></font></st1:PersonName><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 width=543
style='width:407.25pt'>
<tr>
<td colspan=3 style='padding:0in 0in 0in 0in'>
<p class=MsoNormal><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><img width=110 height=73 id="_x0000_i1025"
src="cid:image001.gif@01CA1F4A.0A87BFB0"><o:p></o:p></span></font></p>
</td>
</tr>
<tr>
<td nowrap valign=top style='padding:0in 0in 11.25pt .25in'>
<p><st1:PersonName w:st="on"><strong><b><font size=1 color="#666666"
face=Arial><span style='font-size:8.5pt;font-family:Arial;color:#666666'>Nadezhda
Ivanova</span></font></b></strong></st1:PersonName><font size=1
color="#666666" face=Arial><span style='font-size:8.5pt;font-family:Arial;
color:#666666'><br>
<strong><b><font face=Arial><span style='font-family:Arial'>Software Engineer</span></font></b></strong><br>
<strong><b><font face=Arial><span style='font-family:Arial'>Software
Development</span></font></b></strong><b><span style='font-weight:bold'><br>
</span></b><br>
<a href="mailto:nadezhda.ivanova@postpath.com"><font color="#666666"
face="Times New Roman"><span style='font-family:"Times New Roman";color:#666666'>nadezhda.ivanova@postpath.com</span></font></a><o:p></o:p></span></font></p>
</td>
<td nowrap valign=top style='padding:0in 0in 7.5pt 15.0pt'>
<p style='margin-bottom:12.0pt'><strong><b><font size=1 color="#666666"
face=Arial><span style='font-size:8.5pt;font-family:Arial;color:#666666'>CISCO
SYSTEMS <st1:country-region w:st="on"><st1:place w:st="on">BULGARIA</st1:place></st1:country-region>
EOOD</span></font></b></strong><font size=1 color="#666666" face=Arial><span
style='font-size:8.5pt;font-family:Arial;color:#666666'><br>
<st1:address w:st="on"><st1:Street w:st="on">18 Macedonia Blvd.</st1:Street> <st1:City
w:st="on">Sofia</st1:City></st1:address> 1606<br>
<st1:country-region w:st="on"><st1:place w:st="on">Bulgaria</st1:place></st1:country-region><br>
<a href="http://www.cisco.com/global/BG/"><font color="#666666"
face="Times New Roman"><span style='font-family:"Times New Roman";color:#666666'>Cisco
home page</span></font></a><o:p></o:p></span></font></p>
</td>
<td width=155 style='width:116.25pt;padding:0in 0in 0in 0in'>
<p class=MsoNormal><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> <o:p></o:p></span></font></p>
</td>
</tr>
<tr>
<td style='padding:0in .25in 0in .25in'>
<p class=MsoNormal><font size=1 color="#009900" face=Arial><span
style='font-size:7.5pt;font-family:Arial;color:#009900'><img border=0
width=18 height=19 id="_x0000_i1026" src="cid:image002.gif@01CA1F4A.0A87BFB0"
alt="Think before you print.">Think before you print.<o:p></o:p></span></font></p>
</td>
<td width=362 colspan=2 style='width:271.5pt;padding:0in 0in 0in 0in'>
<p class=MsoNormal><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> <o:p></o:p></span></font></p>
</td>
</tr>
</table>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
</div>
</div>
</body>
</html>