registry stuff
Brian Roberson
brian at bstc.net
Wed Nov 25 09:12:42 GMT 1998
hi all,
been working on getting win95-98 boxes to use user level security,
validated via samba PDC (2.0.0beta2),
works great, however I had to do some hard coding in the registry to get it
all to work, as you know, win95+ cannot see the user list yet from samba.
here is how I got around it, I thought maybe someone else may benefit from
my research. (digging:)
All the information in this document was derived solely by fat fingering
through the registry,
I am 99.9% positive of the validity of the statements made in this
document, if any of it is incorrect, I appologize, and where did you find
out? :-)
Brian Roberson
brian at bstc.net
USER LEVEL SECURITY ACCESS REG KEYS UNDER HKEY_LOCAL_MACHINE\Security\Access\
for a shared folder:
HKEY_LOCAL_MACHINE\Security\Access\$DRIVE\$FOLDER
USERS ARE A BINARY VALUE UNDER THE SHARED RESOURCE, IN THE FORMAT OF
$DOMAIN\USERNAME AND THE BINARY VALUE IS A 2 BYTE RESOURCE DETERMINING THE
ACCESS ALLOWED TO RESOURCE, AND GROUP INFO.
The first byte is for permisions.
The second byte is for the group/user class, when set to 80h, this
represents a domain group, when set to 00h its user. If you have a binary
value named `*` with content of `81h 80h` , It shows as " The World " {Read
Only}. If you have a binary value named `$SOMENAME\$SOMEDOMAIN` with
content `81h 80h` it shows up as a group in the share properties, with
value set to `81h 00h` it shows as a sigle user in the share properties.
** ALL VALUES ARE IN HEX ( more legible to write 81 00 than 10000001
10000000 ) ***
[R] READ FILES
[W] WRITE TO FILES
[C] CREATE FILES AND FOLDERS
[D] DELETE FILES
[T] CHANGE FILE ATTRIBUTES
[F] LIST FILES
[A] CHANGE ACCESS CONTROL
USER SPECIFIC VALUES:
b7 00 -- FULL ACCESS [RWCDTF]
81 00 -- READ ONLY [RF]
CUSTOM SINGLE:
81 00 -- RD ONLY [R]
02 00 -- WR ONLY [W]
04 00 -- CREATE FILES [C]
10 00 -- DELETE FILES [D]
20 00 -- CHANGE FILE ATTRIBUTES [T]
80 00 -- LIST FILES [F]
40 00 -- CHANGE ACCESS CONTROL [A]
CUSTOM MULTIPLE {2} :
03 00 -- [RW]
05 00 -- [RC]
11 00 -- [RD]
21 00 -- [RT]
81 00 -- [RF]
41 00 -- [RA]
06 00 -- [WC]
12 00 -- [WD]
22 00 -- [WT]
82 00 -- [WF]
42 00 -- [WA]
14 00 -- [CD]
24 00 -- [CT]
84 00 -- [CF]
44 00 -- [CA]
30 00 -- [DT]
90 00 -- [DF]
50 00 -- [DA]
a0 00 -- [TF]
60 00 -- [TA]
CUSTOM MULTIPLE {3}:
70 00 -- [RWC]
13 00 -- [RWD]
23 00 -- [RWT]
83 00 -- [RWF]
43 00 -- [RWA]
15 00 -- [RCD]
25 00 -- [RCT]
85 00 -- [RCF]
45 00 -- [RCA]
31 00 -- [RDT]
91 00 -- [RDF]
51 00 -- [RDA]
a1 00 -- [RTF]
61 00 -- [RTA]
c1 00 -- [RFA]
16 00 -- [WCD]
26 00 -- [WCT]
86 00 -- [WCF]
46 00 -- [WCA]
32 00 -- [WDT]
92 00 -- [WDF]
52 00 -- [WDA]
a2 00 -- [WTF]
62 00 -- [WTA]
c2 00 -- [WFA]
34 00 -- [CDT]
94 00 -- [CDF]
54 00 -- [CDA]
a4 00 -- [CTF]
64 00 -- [CTA]
c4 00 -- [CFA]
b0 00 -- [DTF]
70 00 -- [DTA]
d0 00 -- [DFA]
e0 00 -- [TFA]
CUSTOM MULTIPLE {4}
17 00 -- [RWCD]
27 00 -- [RWCT]
87 00 -- [RWCF]
47 00 -- [RWCA]
33 00 -- [RWDT]
93 00 -- [RWDF]
53 00 -- [RWDA]
a3 00 -- [RWTF]
63 00 -- [RWTA]
c3 00 -- [RWFA]
36 00 -- [WCDT]
96 00 -- [WCDF]
56 00 -- [WCDA]
a6 00 -- [WCTF]
66 00 -- [WCTA]
c6 00 -- [WCFA]
b2 00 -- [WDTF]
72 00 -- [WDTA]
d2 00 -- [WDFA]
e2 00 -- [WTFA]
b4 00 -- [CDTF]
74 00 -- [CDTA]
e4 00 -- [CTFA]
f0 00 -- [DTFA]
CUSTOM MULTIPLE {5}
37 00 -- [RWCDT]
97 00 -- [RWCDF]
57 00 -- [RWCDA]
a7 00 -- [RWCTF]
67 00 -- [RWCTA]
c7 00 -- [RWCFA]
b3 00 -- [RWDTF]
73 00 -- [RWDTA]
d3 00 -- [RWDFA]
b3 00 -- [RWDTF]
73 00 -- [RWDTA]
e3 00 -- [RWTFA]
b6 00 -- [WCDTF]
76 00 -- [WCDTA]
d6 00 -- [WCDFA]
e6 00 -- [WCTFA]
f2 00 -- [WDTFA]
f4 00 -- [CDTFA]
CUSTOM MULTIPLE {6}
b7 00 -- [RWCDTF]
77 00 -- [RWCDTA]
d7 00 -- [RWCDFA]
e7 00 -- [RWCTFA]
f3 00 -- [RWDTFA]
f5 00 -- [RCDTFA]
f6 00 -- [WCDTFA]
here is an example key:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[HKEY_LOCAL_MACHINE\Security\Access]
[HKEY_LOCAL_MACHINE\Security\Access\G:]
"*"=hex:81,80
[HKEY_LOCAL_MACHINE\Security\Access\C:]
[HKEY_LOCAL_MACHINE\Security\Access\C:\temp]
"BST\\BRIAN"=hex:81,00
"BST\\Administrators"=hex:81,80
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
~~~~~~ Brian Roberson ~~~~~~
~~~ BrainStorm Technologies ~~
~~~ Linux Solution Provider ~~~
~~~~~~~ info at bstc.net ~~~~~~
~~~~~ http://www.bstc.net/ ~~~~
~~~~~~~ (402) 690-7306 ~~~~~~
More information about the samba-technical
mailing list