Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

how to constrcut well known SID for Built-In Administrator

62 views
Skip to first unread message

Kumar Talinki

unread,
Oct 2, 2001, 6:45:55 PM10/2/01
to
Hi,
I am trying to find Built-In admnistrator name on Win NT 4.0 thru a
program. I am trying to construct the SID for Built_in Administrator and use
LookupAccountSid() function to find the name and domain name of the
administrator, but I am not able the construct the SID as it involves the
system specific sub authority fields, which I am not able to find out. Is
there any other to do it?
thanks,
Kumar Talinki


Tomas Restrepo

unread,
Oct 2, 2001, 7:45:41 PM10/2/01
to
Kumar,

Are you looking specifically for the Administrator _user_ SID? If so, I
don't believe it's a well known one (but I might be wrong, it's been a while
since I've done it). The local Administrators _group_ is certainly well
known, though.

What are you trying to do? Perhaps the short snippets of sample code at
http://www.mvps.org/vcfaq/sdk/21.htm would help...

--
Tomas Restrepo
tom...@mvps.org


Kumar Talinki

unread,
Oct 2, 2001, 8:30:03 PM10/2/01
to
Hi,
Thanks for the information. I went thru the code you referred. Using
that code we can determine whether the current user has admin privileges or
not. What I am trying to do is finding out the name of the Built In Domain
Administrator name.
The out put of getsid.exe, a tool in Win NT resource kit has the
following output -

Built-In Users
DOMAINNAME\ADMINISTRATOR
S-1-5-21-917267712-1342860078-1792151419-500 (=0x1F4)

I am trying to construct this SID and find the name of the Administrator
for the Built-In Domain. I am not able to get the subauthority identifiers
after S-1-5-21, as those unique for the machine. Is ther any way I can build
these sub authority values?
Is there any other way to find the Adminitrator for Built_In Domain?
thanks in advance,
kumar Talinki.

"Tomas Restrepo" <tom...@mvps.org> wrote in message
news:#eWE1v5SBHA.1904@tkmsftngp05...

Slava M. Usov

unread,
Oct 2, 2001, 10:04:47 PM10/2/01
to
"Kumar Talinki" <ktal...@nortelnetworks.com> wrote in message
news:9pdlth$mbs$1...@bcarh8ab.ca.nortel.com...

> What I am trying to do is finding out the name of the Built In Domain
> Administrator name.

There is no such thing as "Built In Domain Administrator", i.e.,
"BUILTIN\Administrator" never exists. There are "MACHINE_NAME\Administrator"
and/or "DOMAIN_NAME\Administrator". Their SIDs are

S-1-5-21-x-y-...-z-500

or

SID_REVISION, SECURITY_NT_AUTHORITY, SECURITY_NT_NON_UNIQUE, x, y, ..., z,
DOMAIN_USER_RID_ADMIN.

where z, y, ..., z are the RIDs that specify the domain and which are pretty
much unique for any NT machine or domain in the world. The only way to build
the Administrator's SID for your machine or domain is by getting somehow
those RIDs.

One way to do it is by using LsaQueryInformationPolicy() for
PolicyAccountDomainInformation if you need the local machine's domain, or
PolicyPrimaryDomainInformation if you need the domain that the machine is a
member of. Either one will return a structure that has the SID of the
domain, which will be of the form

S-1-5-21-x-y-...-z

so you can just add DOMAIN_USER_RID_ADMIN at its end and you'll get the
Administrator's SID.

Or, you can just enumerate all the users and look for DOMAIN_USER_RID_ADMIN,
although this is probably not practical in most cases.

Slava


0 new messages