From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.gmx.com (mout.gmx.com [74.208.4.200]) by sourceware.org (Postfix) with ESMTPS id 8460A3858C1F for ; Sat, 19 Aug 2023 17:34:26 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8460A3858C1F Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=iname.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=iname.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iname.com; s=s1089575; t=1692466465; x=1693071265; i=bstewart@iname.com; bh=nsuRFJfzr09GwejgXoBHldhmqNU6n4P9QCoFSKCLXWM=; h=X-UI-Sender-Class:References:In-Reply-To:From:Date:Subject:To; b=QAUoBnn4YOIV6RE8/1Y2ZncNaYPPIf98bPBEwfbPN7Hbj0xjU4svvAjwgOUP9Yy/XZz9yH3 JZixLlfuBs85sOofFF0bnc+6kW3pF3g1OKjLvJq+4yxHgUjotO9b71jo/L4cK5692lJ/qa/MG MYN6pHGx57ujejhWZ3qRhZMyiFWepsp1HXalHAQJfxsb8jKbC8HWMzcI9rftt2vYJgFWpps6/ U2dFHQlhbrdBVJbLokseIP0+445DdhFTjfYXc5dLldstG73+vEw6JQ4DXbfuB/XiRLRZixplu PCnhqCdfaZ3bzWB6/R2w0kerOWN5rKNLk9TkPRAvuIIRxnkmE5RQ== X-UI-Sender-Class: f2cb72be-343f-493d-8ec3-b1efb8d6185a Received: from mail-lf1-f46.google.com ([209.85.167.46]) by smtp.mail.com (mrgmxus005 [74.208.5.15]) with ESMTPSA (Nemesis) id 0MUHHY-1q7Szb1DgA-00R3dQ for ; Sat, 19 Aug 2023 19:34:25 +0200 Received: by mail-lf1-f46.google.com with SMTP id 2adb3069b0e04-4ffa6e25ebbso1637363e87.0 for ; Sat, 19 Aug 2023 10:34:24 -0700 (PDT) X-Gm-Message-State: AOJu0YyjEpyWZ086M5MMReanTqvbsjPtVaPkHsOx7pVoTtr/+sPoCEfT j6H7HJylWpfoeFpZFXvSwZg8KK8jGDc9UrfTW18= X-Google-Smtp-Source: AGHT+IHBESpVW+HxEZH88hT7jidWb27WRHwddH3spIcm90cyV6+uR3QKugd0kIPiku6uJ73bKiPIBA4NrVSrfOmd+Y8= X-Received: by 2002:a05:6512:31ca:b0:4fd:d254:edc6 with SMTP id j10-20020a05651231ca00b004fdd254edc6mr763719lfe.26.1692466463463; Sat, 19 Aug 2023 10:34:23 -0700 (PDT) MIME-Version: 1.0 References: <87cyzj4fep.fsf@Rainer.invalid> In-Reply-To: <87cyzj4fep.fsf@Rainer.invalid> From: Bill Stewart Date: Sat, 19 Aug 2023 11:33:58 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Test for Windows Administrator permissions from Cygwin terminal|script? To: cygwin@cygwin.com Content-Type: multipart/alternative; boundary="00000000000059617606034a0efe" X-Provags-ID: V03:K1:CuFm/CYveFqevRemFxPWKaDJXl2+xxn7GmC98xbDQWJiZArm+m8 No/nhP39JYx1sWw8+aUn37/OicadswGPl7+hDz6gzu0vC2MzSBhXTrnW6HE0PfxBc/XiCO6 8HnGfplaKvNcWQMRJsjbBqM+cSVqem2IEDBjuhUEZXLcgd9vqyAPIP1MhaDTFYFwRO910CO cmkCo8eXEFhI+j5Bf4UhA== UI-OutboundReport: notjunk:1;M01:P0:0Dkt8YDEJlM=;GYzMb9o53AVAOnJlszKBrF+7ClA QP8BO9jvhCWNfZPlz91ROjBMeWa90r2OhVYuALa0QQ27ItlpEBJkPTcFTWc9QX3PZXXfWzu6O BUjRojPqm12wyg34kfoB5iGrX98TKOwnt/7HhOT/x6Ifp5fVX4VH2LhX0P4I/se2EPvubqVyy WC06iIKuEi3VBdwkbtSuO8n1ZzVGghizgth0L4Sw6UsD308UIrZNxab/W+AcUsG25s5BJBWYD QGANREuQSNta1tk2TatIT0d5FD51ble7bJNaESp1Ji2wRupcqnWu4zu4Fbo/gYDqdJkPdAMvC p+zPK7nMYwiGWUfhhxwaI/ayio8g2yhewLUuUeVmM3mmzeCnpMVa7ETubT5TAISg/9pPHCIcs obebFJDIPppsfsd4s8dPOhCRQwIDqtyqHykVw4agKble1mnTtjEYfRHuaOIZUh7Q2Iv4yGIZQ VX0o39MmXN53IUfV/F243MgEq4maCsm36dIIn8LGuFiEv5FTY0Ajw7H3ydmKspVgO2PAObzvG +oDQ91Xg/E4VQQPGs3h0VwsBHN5rMZQIkw9L/124X/jthxCz+9VPWSj9PhrDpnRJ1DE9R8Qlp KOliwY+ogYLPegbsWhm5oFomId9WZKmV/fVnWmoLGGoE6E+rBRRv+EhKPaf1XeSrDmcqEZMFN xjSVMuMfJ6FmLAk4hQfXDwhtOmxryEF96nXEzUAwF2aIUiw2TgEm843xqNNhkmeHqBqp/ErCc 9gIriwQTq1dFdYGri4a4nGwD7cQaocqIhvl8/XX8SN/U6iCcu4NfYYIywS5U+PJpF8XOtQTa0 Gc0qlbXkd/WI79TETuzEwaqHzJ8s+J9A14J0FsyU5wftanSdCKw4gKCOzqaGXVSTTwq1gXyc0 XO5f1BIhTqrzpwrvwL6ZTRN9EE5sJOI74y09NmUy7VOIzbluf326k1O7XIpAjO5cpMqIUI27M eGCq4fsk62oqqSnxVIbSak+T+KM= X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --00000000000059617606034a0efe Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, Aug 19, 2023 at 2:15=E2=80=AFAM ASSI wrote: Windows really doesn't have a defined notion of what is or is not an > "administrator". Each particular definition will be insufficient or > invalid in certain contexts. > There is a definition of administrator in Windows: Your account is a member, either directly or indirectly, of the Administrators group (SID 1-5-32-544). With the introduction of User Account Control (UAC) in Windows Vista, if you log on as a member of this group, processes are normally started with the Administrators group disabled (i.e, the process is not running as a member of Administrators). The "run as administrator" action starts a process with the group enabled. This is commonly referred to as "elevation." [Side note: As I understand it, one of the reasons UAC was introduced was made was to break (some?) software developers' habits of assuming their programs run as administrator, and to choose better data storage paths, registry paths, etc. See https://techcommunity.microsoft.com/t5/windows-blog-archive/faq-why-can-821= 7-t-i-bypass-the-uac-prompt/ba-p/701510 for a nice summary. Also helpful is the current docs on SIDs: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/unde= rstand-security-identifiers ] On a domain, the Domain Admins group (which has a relative identifier, or RID, of 512) is by default a member of the Administrators group. The Administrators group is still there (same SID, S-1-5-32-544), and is called a "Domain Local Security Group" (i.e., it's a local group that's shared by all domain controllers.) Hope this helps clarify. Bill --00000000000059617606034a0efe--