domain group and local group API needed
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Fri Oct 30 18:39:34 GMT 1998
nt stores in the SAM, on a per-user basis:
- a list of domain group rids in a USER_INFO_3 structure. this is handed
out when a NetSamLogon query is made, and also when a QueryUserGroups call
is made (samr op 0x28).
- a list of local group rids (aliases). this includes well-known and
admin-created aliases.
you have to manually split these two out, as a call is made in a samr op
0x10 call (don't have a name for it yet. QueryUserAliases?) this is on a
per-SID basis, and valid SIDs include:
S-1-5-20 where this is the SID for the well-known stuff.
S-1-5-21-xxx-yyy-zzz where this is the SID for the SAM.
actually, the 0x10 call doesn't pass in the SID itself, it passes a policy
handle on which the SID was opened, and USRMGR.EXE opens two SID policy
handles, both mentioned above.
More information about the samba-technical
mailing list