This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

cygdrop drops Administrators, but then it reappears


I'm trying to use cygdrop to drop Administrators from my security access token.

I use the Windows whoami utility to dump out the current state of the access token.  First, I try without cygdrop:

    $ /cygdrive/c/Windows/System32/whoami.exe /groups | grep Administrators
    BUILTIN\Administrators    Alias   S-1-5-32-544   Mandatory group, Enabled by default, Enabled group

This shows I'm in the Administrators group.  Now, cygdrop should drop the Administrators group, but it doesn't appear to:

    $ cygdrop /cygdrive/c/Windows/System32/whoami.exe /groups | grep Administrators
    BUILTIN\Administrators     Alias  S-1-5-32-544   Mandatory group, Enabled by default, Enabled group

Here's what cygdrop -v says:

    $ cygdrop -v echo -n
    d   S-1-5-32-544 [enabled] [default] gid=0(root)
    d   SeIncreaseQuotaPrivilege
    d   SeSecurityPrivilege
    ...
    exec 'echo' '-n'

So cygdrop does drop the Administrators group (S-1-5-32-544).  But then Administrators reappears after cygdrop execs the command.

Is there some Windows security setting which could be causing this "undead Administrators" behavior to happen?  (I'm using Windows 7)

NOTE: I've redacted some info in cygcheck.out - always with XxXxXx, YyYyYy, or similar.

Attachment: cygcheck.out
Description: Binary data

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]