cygdrop drops Administrators, but then it reappears
Win H Dizzler
windizzler@yahoo.com
Thu Sep 19 14:41:00 GMT 2013
I'm trying to use cygdrop to drop Administrators from my security access token.
I use the Windows whoami utility to dump out the current state of the access token. First, I try without cygdrop:
$ /cygdrive/c/Windows/System32/whoami.exe /groups | grep Administrators
BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group
This shows I'm in the Administrators group. Now, cygdrop should drop the Administrators group, but it doesn't appear to:
$ cygdrop /cygdrive/c/Windows/System32/whoami.exe /groups | grep Administrators
BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group
Here's what cygdrop -v says:
$ cygdrop -v echo -n
d S-1-5-32-544 [enabled] [default] gid=0(root)
d SeIncreaseQuotaPrivilege
d SeSecurityPrivilege
...
exec 'echo' '-n'
So cygdrop does drop the Administrators group (S-1-5-32-544). But then Administrators reappears after cygdrop execs the command.
Is there some Windows security setting which could be causing this "undead Administrators" behavior to happen? (I'm using Windows 7)
NOTE: I've redacted some info in cygcheck.out - always with XxXxXx, YyYyYy, or similar.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cygcheck.out
Type: application/octet-stream
Size: 60867 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20130919/a644e004/attachment.obj>
-------------- next part --------------
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list