const string SID_CREATOR_OWNER_DOMAIN = "S-1-3";
const string SID_CREATOR_OWNER = "S-1-3-0";
const string SID_CREATOR_GROUP = "S-1-3-1";
+ const string SID_OWNER_RIGHTS = "S-1-3-4";
/* SECURITY_NT_AUTHORITY */
const string NAME_NT_AUTHORITY = "NT AUTHORITY";
const string SID_NT_TERMINAL_SERVER_USERS = "S-1-5-13";
const string SID_NT_REMOTE_INTERACTIVE = "S-1-5-14";
const string SID_NT_THIS_ORGANISATION = "S-1-5-15";
+ const string SID_NT_IUSR = "S-1-5-17";
const string SID_NT_SYSTEM = "S-1-5-18";
const string SID_NT_LOCAL_SERVICE = "S-1-5-19";
const string SID_NT_NETWORK_SERVICE = "S-1-5-20";
+ const string SID_NT_DIGEST_AUTHENTICATION = "S-1-5-64-21";
+ const string SID_NT_NTLM_AUTHENTICATION = "S-1-5-64-10";
+ const string SID_NT_SCHANNEL_AUTHENTICATION = "S-1-5-64-14";
+ const string SID_NT_OTHER_ORGANISATION = "S-1-5-1000";
/* SECURITY_BUILTIN_DOMAIN_RID */
const string NAME_BUILTIN = "BUILTIN";
.sid = SID_CREATOR_GROUP,
.rtype = SID_NAME_WKN_GRP,
},
+ {
+ .name = "Owner Rights",
+ .sid = SID_OWNER_RIGHTS,
+ .rtype = SID_NAME_WKN_GRP,
+ },
{
.domain = "NT AUTHORITY",
.name = "Dialup",
},
{
.domain = "NT AUTHORITY",
- .name = "Termainal Server User",
+ .name = "Terminal Server User",
.sid = SID_NT_TERMINAL_SERVER_USERS,
.rtype = SID_NAME_WKN_GRP,
},
.sid = SID_NT_NETWORK_SERVICE,
.rtype = SID_NAME_WKN_GRP,
},
+ {
+ .domain = "NT AUTHORITY",
+ .name = "Digest Authentication",
+ .sid = SID_NT_DIGEST_AUTHENTICATION,
+ .rtype = SID_NAME_WKN_GRP,
+ },
+ {
+ .domain = "NT AUTHORITY",
+ .name = "Enterprise Domain Controllers",
+ .sid = SID_NT_ENTERPRISE_DCS,
+ .rtype = SID_NAME_WKN_GRP,
+ },
+ {
+ .domain = "NT AUTHORITY",
+ .name = "NTLM Authentication",
+ .sid = SID_NT_NTLM_AUTHENTICATION,
+ .rtype = SID_NAME_WKN_GRP,
+ },
+ {
+ .domain = "NT AUTHORITY",
+ .name = "Other Organization",
+ .sid = SID_NT_OTHER_ORGANISATION,
+ .rtype = SID_NAME_WKN_GRP,
+ },
+ {
+ .domain = "NT AUTHORITY",
+ .name = "SChannel Authentication",
+ .sid = SID_NT_SCHANNEL_AUTHENTICATION,
+ .rtype = SID_NAME_WKN_GRP,
+ },
+ {
+ .domain = "NT AUTHORITY",
+ .name = "IUSR",
+ .sid = SID_NT_IUSR,
+ .rtype = SID_NAME_WKN_GRP,
+ },
{
.sid = NULL,
}
groupType: -2147483644
isCriticalSystemObject: TRUE
+dn: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Read-Only Domain Controllers
+description: read-only domain controllers
+objectSid: ${DOMAINSID}-521
+sAMAccountName: Read-Only Domain Controllers
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Enterprise Read-Only Domain Controllers
+description: enterprise read-only domain controllers
+objectSid: ${DOMAINSID}-498
+sAMAccountName: Enterprise Read-Only Domain Controllers
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Certificate Service DCOM Access,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Certificate Service DCOM Access
+description: Certificate Service DCOM Access
+objectSid: ${DOMAINSID}-574
+sAMAccountName: Certificate Service DCOM Access
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Cryptographic Operators,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Cryptographic Operators
+description: Cryptographic Operators
+objectSid: ${DOMAINSID}-569
+sAMAccountName: Cryptographic Operators
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Event Log Readers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Event Log Readers
+description: Event Log Readers
+objectSid: ${DOMAINSID}-573
+sAMAccountName: Event Log Readers
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=IIS_IUSRS,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: IIS_IUSRS
+description: IIS_IUSRS
+objectSid: ${DOMAINSID}-568
+sAMAccountName: IIS_IUSRS
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
dn: CN=Administrators,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group