cygdrop drops Administrators, but then it reappears

Win H Dizzler
Thu Sep 19 14:41:00 GMT 2013

I'm trying to use cygdrop to drop Administrators from my security access token.

I use the Windows whoami utility to dump out the current state of the access token.  First, I try without cygdrop:

    $ /cygdrive/c/Windows/System32/whoami.exe /groups | grep Administrators
    BUILTIN\Administrators    Alias   S-1-5-32-544   Mandatory group, Enabled by default, Enabled group

This shows I'm in the Administrators group.  Now, cygdrop should drop the Administrators group, but it doesn't appear to:

    $ cygdrop /cygdrive/c/Windows/System32/whoami.exe /groups | grep Administrators
    BUILTIN\Administrators     Alias  S-1-5-32-544   Mandatory group, Enabled by default, Enabled group

Here's what cygdrop -v says:

    $ cygdrop -v echo -n
    d   S-1-5-32-544 [enabled] [default] gid=0(root)
    d   SeIncreaseQuotaPrivilege
    d   SeSecurityPrivilege
    exec 'echo' '-n'

So cygdrop does drop the Administrators group (S-1-5-32-544).  But then Administrators reappears after cygdrop execs the command.

Is there some Windows security setting which could be causing this "undead Administrators" behavior to happen?  (I'm using Windows 7)

NOTE: I've redacted some info in cygcheck.out - always with XxXxXx, YyYyYy, or similar.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cygcheck.out
Type: application/octet-stream
Size: 60867 bytes
Desc: not available
URL: <>
-------------- next part --------------
Problem reports:
Unsubscribe info:

More information about the Cygwin mailing list