Re: [spam] Re: Windows rights

public inbox for cygwin-talk@cygwin.com
 help / color / mirror / Atom feed

From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: 'Freedom for rubber plants' <cygwin-talk@cygwin.com>
Subject: Re: [spam] Re: Windows rights
Date: Fri, 24 Jun 2005 17:12:00 -0000	[thread overview]
Message-ID: <20050624164221.GA8132@calimero.vinschen.de> (raw)
In-Reply-To: <SERRANOxFkD0zmCrYhQ000001db@SERRANO.CAM.ARTIMI.COM>

On Jun 24 16:03, Dave Korn wrote:
>   LocalSystem is an account.  An account is an object in the AD.  There is
> an access token associated with that account.  An access token is a
> container in the LSA.  Within that container there are two SIDs.  A SID is
> another kind of object.  When you pass the correct login details to the LSA,
> that correspond to those recorded in the account object, it creates the
> access token container and places two SID objects in it.  One of those SID
> objects is SYSTEM.

- LocalSystem has nothing to do with AD.

- What are the two SIDs you're talking about?  Did you see an access token
  from the inside?  There are lots of SIDs in it, the user, the owner, the
  primary group, the group list and, in a restricted token, the list of
  restricted SIDs.

>   So LocalSystem is an AD record that contains the details of which SIDs

- LocalSystem does not exist in AD since it's a *local* account, not a
  domain account.

> should be placed in the access token, and SYSTEM is one of those SIDs.

How does that differ from any other user account?  A user has a SID
(or uid) and when creating a default logon session then the SAM or AD
or /etc/passwd + /etc/group determine how the access token (user/group
list) look like.

We're still talking artificial here.


Corinna

next prev parent reply	other threads:[~2005-06-24 16:42 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20050623175338.GX2814@calimero.vinschen.de>
2005-06-24 15:04 ` Dave Korn
2005-06-24 17:12   ` Corinna Vinschen [this message]
2005-06-24 17:21     ` Dave Korn
2005-06-24 19:11       ` Dave Korn
     [not found] <2B674CE447106D46A53D0FDDC7DF8B1C3A2D2B@PTXSMSXM01.emea.ime.reuters.com>
2005-06-23 22:59 ` Dave Korn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050624164221.GA8132@calimero.vinschen.de \
    --to=corinna-cygwin@cygwin.com \
    --cc=cygwin-talk@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).