Profile permissions ...
rsharpe at ns.aus.com
Wed Oct 30 07:10:19 GMT 2002
On Wed, 30 Oct 2002, Jean Francois Micouleau wrote:
> On Wed, 30 Oct 2002, Richard Sharpe wrote:
> > Hi,
> > In looking at NTUSER.DAT, it seems that the permissions associated with
> > some of the SIDs are:
> > 0x000f003f
> > Hmmm, here is one of the entries:
> > 0x0014 003f 000f 0101 0000 0000 0005 0012 0000
> > Which seems to be:
> > ACCESS Denied, No Propogate Inherit, All Access, S-1-5-4608
> > Does this seem reasonable?
> hum the sid looks more like S-1-5-18 (this one exists i'm sure) or
> S-1-5-18-0 (don't remember that one).
> Are you sure the access mask is a file's access mask ? The lower bits of
> an access mask is linked to the type of the object, it applies to.
> files access bits != printer access bits != SAM access bits != LSA access
> bits, and so on.
Nope, I was wrong.
It is pretty much a SecDesc:
0008 0000 Some flags maybe and then the num of SIDS? Maybe alignment.
0000 0024 003f 000f 0501 0000 0000 0500 0015 0000 ...
That is an Allow ACE, no inheritance, 36 bytes long inc S-1-5-21-...
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org,
sharpe at ethereal.com, http://www.richardsharpe.com
More information about the samba-technical