/* These exist by default on NT4 in [HKLM\SECURITY\Policy\Accounts] */
privilege_create_account( &global_sid_World );
- privilege_create_account( &global_sid_Builtin_Administrators );
privilege_create_account( &global_sid_Builtin_Account_Operators );
privilege_create_account( &global_sid_Builtin_Server_Operators );
privilege_create_account( &global_sid_Builtin_Print_Operators );
privilege_create_account( &global_sid_Builtin_Backup_Operators );
+ /* BUILTIN\Administrators get everything -- *always* */
+
+ if ( !grant_all_privileges( &global_sid_Builtin_Administrators ) ) {
+ DEBUG(0,("init_account_policy: Failed to grant privileges to BUILTIN\\Administrators!\n"));
+ }
+
return True;
}
/*******************************************************************
*******************************************************************/
-BOOL is_privileged_sid( DOM_SID *sid )
+BOOL is_privileged_sid( const DOM_SID *sid )
{
SE_PRIV mask;
return get_privileges( sid, &mask );
}
+
+/*******************************************************************
+*******************************************************************/
+
+BOOL grant_all_privileges( const DOM_SID *sid )
+{
+ int i;
+ SE_PRIV mask;
+ uint32 num_privs = count_all_privileges();
+
+ se_priv_copy( &mask, &se_priv_none );
+
+ for ( i=0; i<num_privs; i++ ) {
+ se_priv_add(&mask, &privs[i].se_priv);
+ }
+
+ return grant_privilege( sid, &mask );
+}