Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

About administrator id

1 view
Skip to first unread message

linuxnewsgroup

unread,
Dec 1, 2001, 8:17:21 PM12/1/01
to
hi,

any one know how windowsNT check the administrator user ? Is their any id is
related to administrator like UNIX and Linux ?
bye


Ken Hagan

unread,
Dec 4, 2001, 4:34:03 AM12/4/01
to
"linuxnewsgroup" <linuxne...@yahoo.co.uk> asked...

>
> any one know how windowsNT check the administrator user ? Is their any id
is
> related to administrator like UNIX and Linux ?

There are two related concepts. The "administrator" user is a built-in
account. It is "well-known" for programming purposes, in that it has a
standard ID which you would use if you were writing security related
programs.

What really counts, though, is that it is a member of the adminstrators
"group" (alias, to be pedantic). If you were writing a program that
required its user to have administrative privileges, you would check for
membership of this group. You would not check for the administrator user.
The administrator group is also "well-known".

Obviously, the adminstrator user is a member of the adminsitrators group.
Equally obviously, other users can be as well. Domain-based networks
are more complicated in the details, but follow the same basic principles.


Daniel Lohmann

unread,
Dec 4, 2001, 9:01:55 AM12/4/01
to

However, it is very uncommon for apps to check the access token for a
Administrators group membership explicitly and decide what to to. The
NT security concepts favor implicit security checks based on objects.
You just set up your apps objects (like files, registry keys, etc.)
with an appropriate DACL and try to access them. If the ACL allows
only admins to access the object and the current user (current threads
access token) is not a member of the Admins group, the result is
simply ERROR_ACCESS_DENIED. All your app has to do is to handle
ERROR_ACCESS_DENIED and inform the user.

Daniel

Adrien de Beaupre

unread,
Dec 4, 2001, 10:15:33 AM12/4/01
to
Another related concet is that of the SID:

http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=14781

Adrien de Beaupre, A+/Network+/MCP/MCSE/MCT
Brainbench MVP for Networking Concepts
http://www.brainbench.com
"The problem with trouble-shooting is, sometimes trouble shoots back!"

"linuxnewsgroup" <linuxne...@yahoo.co.uk> wrote in message
news:9ubop3$612$1...@news.vsnl.net.in...

0 new messages