Best way to determine a well-known SID?
in [Win32 Kernel]
|
From: Stefan Kuhr on 6 Feb 2010 13:34 Hello everyone, is there a canonical way to determine a well-known SID? I am doing a AD object lookup with LDAP and an object's SID which I get from a security descriptor. I don't want to bother the DC with a lookup for a well-known SID if I can determine the SID to be a well-known SID locally. Can I safely assume that well-known SIDs will always be exactly of the form S-1�x�y? Are there any SIDs that are of the form S-1�x�y thar are not well-known SIDs? Any help appreciated, -- S
From: Kerem Gümrükcü on 6 Feb 2010 14:39 Hi Stephan, there is this: [WELL_KNOWN_SID_TYPE Enumeration] http://msdn.microsoft.com/en-us/library/aa379650%28VS.85%29.aspx [IsWellKnownSid] http://msdn.microsoft.com/en-us/library/aa379154%28VS.85%29.aspx Run the enumeration in a nice loop and return a TRUE or FALSE for your compared SID,... Hope this helps,... regards Kerem -- ----------------------- Beste Gr�sse / Best regards / Votre bien devoue Kerem G�mr�kc� Latest Project: http://www.pro-it-education.de/software/deviceremover Latest Open-Source Projects: http://entwicklung.junetz.de ----------------------- "Stefan Kuhr" <kustt110(a)gmx.li> schrieb im Newsbeitrag news:uWEYJs1pKHA.5760(a)TK2MSFTNGP02.phx.gbl... > Hello everyone, > > is there a canonical way to determine a well-known SID? I am doing a AD > object lookup with LDAP and an object's SID which I get from a security > descriptor. I don't want to bother the DC with a lookup for a well-known > SID if I can determine the SID to be a well-known SID locally. Can I > safely assume that well-known SIDs will always be exactly of the form > S-1�x�y? Are there any SIDs that are of the form S-1�x�y thar are not > well-known SIDs? > > Any help appreciated, > > -- > S > >
From: Jeroen Mostert on 6 Feb 2010 14:44 On 2010-02-06 19:34, Stefan Kuhr wrote: > is there a canonical way to determine a well-known SID? Is that a trick question? It's well-known, innit? :-) > I am doing a AD object lookup with LDAP and an object's SID which I get > from a security descriptor. I don't want to bother the DC with a lookup > for a well-known SID if I can determine the SID to be a well-known SID > locally. You could use the list given in http://support.microsoft.com/kb/243330. The problem is that this will necessarily fail for WK SIDs introduced in newer versions of Windows. The same caveat applies to using IsWellKnownSid() with all known values of the WELL_KNOWN_SID enumeration. I don't know if SID lookup functions like LookupAccountName() will return without a network call if the SID is well-known. It should be easy enough to find out. Even if a network call is required, it will almost certainly be cached, meaning that looking up a WKS won't bother the DC at all. > Can I safely assume that well-known SIDs will always be exactly > of the form S-1–x–y? No. For example, S-1-0 is the null authority and S-1-5-32-544 is the local administrators group. All SIDs in current use (well-known and otherwise) start with S-1-... > Are there any SIDs that are of the form S-1–x–y thar > are not well-known SIDs? > Knowledge of this is not stable. For example, S-1-16-4096 is not a well-known SID on Windows XP, but it is on Windows Vista. -- J.
From: Jonathan de Boyne Pollard on 6 Feb 2010 21:23 > > > Are there any SIDs that are of the form S-1–x–y thar are not > well-known SIDs? > Yes, plenty. The 1 is the revision number of the SID structure.
From: Alexander Grigoriev on 7 Feb 2010 00:02 Um... Can you make an example of not-well-known SID with a single subauthority component (that's what the OP was asking)? "Jonathan de Boyne Pollard" <J.deBoynePollard-newsgroups(a)NTLWorld.COM> wrote in message news:IU.D20100207.T022408.P15330.Q0(a)J.de.Boyne.Pollard.localhost... > > >> >> Are there any SIDs that are of the form S-1-x-y thar are not well-known >> SIDs? >> > Yes, plenty. The 1 is the revision number of the SID structure. >
|
Next
|
Last
Pages: 1 2 3 Prev: Driver development - newbie questions Next: disk driver implementation |