[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#865: 23.0.60; The directory is unsafe today
From: |
Francis Litterio |
Subject: |
bug#865: 23.0.60; The directory is unsafe today |
Date: |
Fri, 05 Sep 2008 23:33:58 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (windows-nt) |
Lennart Borgman (gmail) wrote:
> Francis Litterio wrote:
>> Eli Zaretskii wrote:
>>
>>> Thanks. Do you know which API can be used to find out
>>> programmatically whether this setting is one or the other?
>>
>> You had to ask. :) Some hours of Googling and reading bad MS
>> documentation reveals that Windows sets the following registry value to
>> 0 or 1 to reflect that particular policy:
>>
>> Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
>> Value: NoDefaultAdminOwner
>>
>> If it is 0, then new files created by members of Local Administrators
>> are owned by the group, otherwise they are owned by the user.
>
> Is this the recommended way to check it? Quite often I have seen people
> on Internet claiming that you should look for a registry value when the
> documentation from MS clearly say you should use an API instead.
The documentation from MS on how to query policy settings is poorly
organized. There is a function named GetGPOList() documented at:
http://msdn.microsoft.com/en-us/library/aa373520(VS.85).aspx
but it isn't clear to me how one extracts a specific policy setting from
the returned GPO list. There's a structure named GROUP_POLICY_OBJECT
documented at:
http://msdn.microsoft.com/en-us/library/aa374173(VS.85).aspx
but it's not clear to me how that structure represents policy settings.
There is a different (newer?) API called RSOP (Resulting Set of
Policies) that's part of the WMI (Windows Management Infrastructure)
API, but it doesn't appear to be directly callable from C code. It's
documented at:
http://msdn.microsoft.com/en-us/library/aa375082(VS.85).aspx
The overall Group Policy architecture is documented at:
http://msdn.microsoft.com/en-us/library/aa373783(VS.85).aspx
where it is implied that group policies only exist on a domain, which
leads me to wonder if any of the above APIs work on non-domain
machines.
Confusing.
--
Fran
- bug#865: 23.0.60; The directory is unsafe today, (continued)
- bug#865: 23.0.60; The directory is unsafe today, Jason Rumney, 2008/09/04
- bug#865: 23.0.60; The directory is unsafe today, Lennart Borgman (gmail), 2008/09/04
- bug#865: 23.0.60; The directory is unsafe today, Lennart Borgman (gmail), 2008/09/04
- bug#865: 23.0.60; The directory is unsafe today, Eli Zaretskii, 2008/09/05
- Message not available
- bug#865: 23.0.60; The directory is unsafe today, Francis Litterio, 2008/09/05
- bug#865: 23.0.60; The directory is unsafe today, Eli Zaretskii, 2008/09/05
- Message not available
- bug#865: 23.0.60; The directory is unsafe today, Francis Litterio, 2008/09/05
- bug#865: 23.0.60; The directory is unsafe today, Lennart Borgman (gmail), 2008/09/05
- Message not available
- bug#865: 23.0.60; The directory is unsafe today,
Francis Litterio <=
- bug#865: 23.0.60; The directory is unsafe today, Eli Zaretskii, 2008/09/06