Re: SIDs of local groups (fwd)

Luke Kenneth Casson Leighton (lkcl@switchboard.net)
Tue, 7 Apr 1998 15:31:06 +0100 (BST)

Date:	Tue, 7 Apr 1998 15:31:06 +0100 (BST)
From:	Luke Kenneth Casson Leighton <lkcl@switchboard.net>
To:	Samba Technical List <samba-technical@samba.anu.edu.au>
Subject: Re: SIDs of local groups (fwd)

<a href="mailto:lkcl@samba.anu.edu.au" > Luke Kenneth Casson Leighton </a>
<a href="http://mailhost.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://www.samba.co.uk" > Samba and Network Consultancy </a>

---------- Forwarded message ----------
Date: Mon, 6 Apr 1998 15:09:46 -0700
From: Scott Field <sfield@MICROSOFT.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Re: SIDs of local groups

Sorry, I overlooked the part of the post about getsid.

I just looked at the getsid source code and it is not correctly converting
the sid to textual form. This error will be corrected, I or somebody else
will post information regarding a fix to getsid when it becomes available.
It's likely the article was deriving values based on the output of the
utility, hence the coincidence.

> ----------
> From: McGregor, Byron[SMTP:BMcGregor@bcbc.bc.ca]
> Sent: Monday, April 06, 1998 2:47 PM
> To: Scott Field; NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
> Subject: Re: SIDs of local groups
>
> Scott said:
> > the article quoted is in error. The identifier authority is
> > SECURITY_NT_AUTHORITY { 0,0,0,0,0,5 }, with the first subauthority
> being
> > SECURITY_BUILTIN_DOMAIN_RID 0x20 (32). Consult the winnt.h header
> file in
> > the Win32/Platform SDK.
> >
> > We will have the error in the article corrected.
>
> Which does not explain Evgenii's observation that getsid.exe (from the
> RK) reports "The SID for account BUILTIN\administrators is
> S-1-2-32-544". (This observation is confirmed - the quote is a direct
> paste from the output.)
>
>