From: Bill Stewart <bstewart@iname.com>
To: cygwin@cygwin.com
Subject: Re: Test for Windows Administrator permissions from Cygwin terminal|script?
Date: Sat, 19 Aug 2023 11:33:58 -0600 [thread overview]
Message-ID: <CANV9t=SzZXU-1xt8XXfyrhqU0nyWv_G0v527mUsmnF3ANL28yg@mail.gmail.com> (raw)
In-Reply-To: <87cyzj4fep.fsf@Rainer.invalid>
[-- Attachment #1: Type: text/plain, Size: 1653 bytes --]
On Sat, Aug 19, 2023 at 2:15 AM ASSI wrote:
Windows really doesn't have a defined notion of what is or is not an
> "administrator". Each particular definition will be insufficient or
> invalid in certain contexts.
>
There is a definition of administrator in Windows: Your account is a
member, either directly or indirectly, of the Administrators group (SID
1-5-32-544).
With the introduction of User Account Control (UAC) in Windows Vista, if
you log on as a member of this group, processes are normally started with
the Administrators group disabled (i.e, the process is not running as a
member of Administrators). The "run as administrator" action starts a
process with the group enabled. This is commonly referred to as
"elevation." [Side note: As I understand it, one of the reasons UAC was
introduced was made was to break (some?) software developers' habits of
assuming their programs run as administrator, and to choose better data
storage paths, registry paths, etc. See
https://techcommunity.microsoft.com/t5/windows-blog-archive/faq-why-can-8217-t-i-bypass-the-uac-prompt/ba-p/701510
for a nice summary. Also helpful is the current docs on SIDs:
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers
]
On a domain, the Domain Admins group (which has a relative identifier, or
RID, of 512) is by default a member of the Administrators group. The
Administrators group is still there (same SID, S-1-5-32-544), and is called
a "Domain Local Security Group" (i.e., it's a local group that's shared by
all domain controllers.)
Hope this helps clarify.
Bill
next prev parent reply other threads:[~2023-08-19 17:34 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-18 2:01 Martin Wege
2023-08-18 2:18 ` Backwoods BC
2023-08-18 8:49 ` Mark Geisert
2023-08-18 8:59 ` Mark Geisert
2023-08-18 22:00 ` Doug Henderson
2023-08-19 8:14 ` ASSI
2023-08-19 17:33 ` Bill Stewart [this message]
2023-08-24 16:24 ` Martin Wege
2023-08-25 9:42 ` Corinna Vinschen
2023-08-24 13:01 ` Andrew Schulman
2023-08-24 14:52 ` Bill Stewart
2023-08-24 18:46 ` Bill Stewart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CANV9t=SzZXU-1xt8XXfyrhqU0nyWv_G0v527mUsmnF3ANL28yg@mail.gmail.com' \
--to=bstewart@iname.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).