Re: Using Group names in the security templates (inf files)

From: Nick Finco [MSFT] (nfinco_at_online.microsoft.com)
Date: 11/25/03

• Next message: Nick Finco [MSFT]: "Re: security INF files"
• Previous message: Rich Benack: "RE: Virus targeting my print server"
• In reply to: Kevin: "Using Group names in the security templates (inf files)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 24 Nov 2003 15:32:35 -0800

That is currently not possible. SDDL only supports the use of SIDs and well
known account aliases in that field.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/security_descriptor_string_format.asp

N

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily
constitute those of my employer.  Use of included script samples are subject
to the terms specified at http://www.microsoft.com/info/cpyright.htm
"Kevin" <kevinryanhp@hotmail.com> wrote in message
news:a14decd4.0311241006.285efeca@posting.google.com...
> Hi,
>
> Does anyone know if it's possible to use Group Names in a security
> template instead of the SID of the group? If I create a security
> template using the MMC and allow a certain group access to a
> particular folder when I open the inf file that's created the MMC has
> converted the group name to the SID. as in the example below:
> [File Security]
>
"%SystemRoot%\Windows\MyFolder",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;O
ICI;0x1301bf;;;S-1-5-21-1606980848-813497703-725345543-1145)"
>
> What I would like to use is:
>
"%SystemRoot%\Windows\MyFolder",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;O
ICI;0x1301bf;;;MyGroup)"
>
> The reason I want this is because I am creating the security templates
> in a test environment, so if I create new groups in the live
> environment the names won't change but the SID's will, which means my
> templates won't work.
> Have I got the syntax wrong or is it that secedit will only take inf
> files that use the SID's? does the SID hold domain information aswell
> as group information?
>
> Any help would be appreciated.
> Thanks,
> Kevin

• Next message: Nick Finco [MSFT]: "Re: security INF files"
• Previous message: Rich Benack: "RE: Virus targeting my print server"
• In reply to: Kevin: "Using Group names in the security templates (inf files)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Template Build Shows SID, Not Name ... When you create a local group it is assigned a sid specific to that machine and other ... > the server where I am going to apply the template I have found that after I ... > servers and not see the SID but the actual account? ... (microsoft.public.win2000.security) vim-latexsuite not loading template ... :TTemplates command to automatically bring in a template, ... Is anyone using vim-latexsuite successfully in sid. ... In fact that is my .vimrc file. ... (Debian-User) Re: vim-latexsuite not loading template ... :TTemplates command to automatically bring in a template, ... Yes I have "filetype plugin on" in my .vimrc ... Is anyone using vim-latexsuite successfully in sid. ... (Debian-User) Using Group names in the security templates (inf files) ... Does anyone know if it's possible to use Group Names in a security ... template instead of the SID of the group? ... does the SID hold domain information aswell ... (microsoft.public.win2000.security) Re: Security issues with local filesystem caching ... bypassed (for instance the op that assigns a security label to an inode ... context if that was the basis of the check. ... the kernel that lasts as long as the cache is in active service. ... but once NFS had a SID, the two would then be the same. ... (Linux-Kernel)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint