Re: Windows to Cygwin username mapping: Domain before local account when duplicate name?

[Bill Stewart <bstewart@iname.com>]

On Fri, Feb 15, 2019 at 2:32 PM Corinna Vinschen wrote:

> What is a "typical" order?!?
>
> If you login locally to a domain member machine the default domain is
> the logon domain of this machine.  If that's not what you want you have
> to choose the logon domain of your account explicitely, even if it's the
> local machine SAM.  Windows will not try to find the user name locally
> if you didn't chose it explicitely.  You get "The user name or password
> is incorrect. Try again" instead.
>
> The only exception I'm aware of is the "Administrator" account, at least
> in Windows 10.

Here's a real-world scenario you might not have considered...

I have a local account named "Admin" on my computer I use for
administrative tasks.

My computer is a member of a medium-side domain (about 25000 users),
and at some point in the past an admin created a group named "Admin"
that I didn't even know existed.

This means that when I test getent using the name "Admin", Cygwin
finds the domain group:

PS C:\> getent -w passwd admin
admin:nnnnnnnn:DOMAINNAME\admin:S-1-5-21-nnnnnnnnnn-nnnnnnnnn-nnnnnnnnn-nnnnnn

I get that this is by design, but .NET finds the local account first,
which is what I was expecting:

PS C:\> $name = [Security.Principal.NTAccount] "admin"
PS C:\> $sid = $name.Translate([Security.Principal.SecurityIdentifier])
PS C:\> $sid.Translate([Security.Principal.NTAccount])

Value
-----
COMPUTERNAME\Admin

Hence the question.

Regards,

Bill

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple