2.2.9.2.1.2 SID_ATTR_DATA
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
SidData (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
Attr |
|||||||||||||||||||||||||||||||
SidData (variable): SID, as specified in [MS-DTYP] section 2.4.2.2, information in BLOB_DATA format as specified in section 2.2.9.2.1.1. BlobSize MUST be set to the size of SID and BlobData MUST be set to the SID value.
Attr (4 bytes): Specified attributes of the SID, containing the following values.
-
Value
Meaning
SE_GROUP_ENABLED
0x00000004
The SID is enabled for access checks. A SID without this attribute is ignored during an access check unless the SE_GROUP_USE_FOR_DENY_ONLY attribute is set.
SE_GROUP_ENABLED_BY_DEFAULT
0x00000002
The SID is enabled by default.
SE_GROUP_INTEGRITY
0x00000020
The SID is a mandatory integrity SID.
SE_GROUP_INTEGRITY_ENABLED
0x00000040
The SID is enabled for mandatory integrity checks.
SE_GROUP_LOGON_ID
0xC0000000
The SID is a logon SID that identifies the logon session associated with an access token.
SE_GROUP_MANDATORY
0x00000001
The SID cannot have the SE_GROUP_ENABLED attribute cleared.
SE_GROUP_OWNER
0x00000008
The SID identifies a group account for which the user of the token is the owner of the group, or the SID can be assigned as the owner of the token or objects.
SE_GROUP_RESOURCE
0x20000000
The SID identifies a domain-local group.
SE_GROUP_USE_FOR_DENY_ONLY
0x00000010
The SID is a deny-only SID in a restricted token. If this attribute is set, SE_GROUP_ENABLED is not set, and the SID cannot be reenabled.
-