Microsoft/NT4
Microsoft/NT4
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ce47f986d8
NT4/private/newsam/server/regnames.txt
Microsoft ce47f986d8 First commit
2020-09-30 17:12:29 +02:00

261 lines
11 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*++
Copyright (c) 1990 Microsoft Corporation
Module Name:
regnames.txt
Abstract:
This file describes the registry namespace used to back-store the SAM
database.
Author:
Jim Kelly (JimK) 3-June-1991
Revision History:
1.0 - Initial implementation
1.1 - Conversion to FlexAdmin model
--*/
/*
The following notation is used:
Xxx is the unicode name of a registry key.
For example, "PasswordExpires".
(Xxx) is a description of a registry key's name.
For example, "(UserName)" might indicate that the key name
is a user's name.
[kvt,Value] kvt is the key value type, and Value describes the
value of a registry key. If no specific key value type is used,
then [,Value] references just the value. If the key has a
key value type, but no key value, then [kvt,] notation is used.
Individual keys or key values may be referenced in the description
as follows:
SAM/Domains/(DomainName)/Users/(UserName)
- references a particular user name in a particular domain.
SAM/Domains/(DomainName)/Users/(UserName)[,Rid]
- references a value of a named key.
.../(UserName) or
.../(UserName)[Rid] may also be used as a shorthand notation when
I get tired of typing out the whole name.
NOTE: In several instances, and RID is used as a key name. In this
case an ASCII conversion of the ULONG value is used. The name
is printable and contains no zero bytes.
///////////////////////////////////////////////////////////////////////////////
The structure of the registry namespace used to back-store the SAM
database is as follows:
SAM [Revision,SecurityDescriptor]
--+-
+-- Domains
----+--
+-- (DomainName1) [,SecurityDescriptor]
| (...)
+-- (DomainNameN) [,SecurityDescriptor]
The structure under each named domain is as follows:
(DomainName) [Revision, SecurityDescriptor]
----+-------
+-- V1_Fixed [, SAMP_V1_FIXED_LENGTH_DOMAIN]
+-- DomainSid [,SidValue]
+-- OemInformation [,unicode string]
+-- ReplicaSourceNodeName [,unicode string]
|
+-- Users [Count,]
| ---+-
| +-- Names
| | --+---
| | +-- (UserName1) [UserRid,]
| | | (...)
| | +-- (UserNameL) [UserRid,]
| |
| +-- (UserRid1) [Revision,SecurityDescriptor]
| | (...)
| +-- (UserRidL) [Revision,SecurityDescriptor]
|
+-- Groups [Count,]
| ---+--
| +-- Names
| | --+---
| | +-- (GroupName1) [GroupRid,]
| | | (...)
| | +-- (GroupNameM) [GroupRid,]
| |
| +-- (GroupRid1) [Revision,SecurityDescriptor]
| | (...)
| +-- (GroupRidM) [Revision,SecurityDescriptor]
|
|
+-- Aliases [Count,]
---+---
+-- Names
| --+---
| +-- (AliasName1) [AliasRid,]
| | (...)
| +-- (AliasNameN) [AliasRid,]
|
+-- (AliasRid1) [Revision,SecurityDescriptor]
| (...)
+-- (AliasRidN) [Revision,SecurityDescriptor]
|
|
+-- Members [DomainCount,]
--+----
+-- (DomainSid1) [RidCount,]
| -------+----
| +-- (AccountRid0) [AliasCount,(Alias0Rid, (...), AliasX-1Rid)]
| | (...)
| +-- (AccountRidY) [AliasCount,(Alias0Rid, (...), AliasX-1Rid)]
|
+-- (DomainSid2) [RidCount,]
| ------------
| +-- (AccountRid0) [AliasCount,(Alias0Rid, (...), AliasX-1Rid)]
| | (...)
| +-- (AccountRidZ) [AliasCount,(Alias0Rid, (...), AliasX-1Rid)]
.
.
.
The structure under each (UserRid) is as follows:
(UserRid) [Revision,SecurityDescriptor]
+-- V1_Fixed [,SAMP_V1_FIXED_LENGTH_USER]
+-- AccountName [,unicode string]
+-- FullName [,unicode string]
+-- AdminComment [,unicode string]
+-- UserComment [,unicode string]
+-- Parameters [,unicode string]
+-- HomeDirectory [,unicode string]
+-- HomeDirectoryDrive [,unicode string]
+-- ScriptPath [,unicode string]
+-- Workstations [,unicode string]
+-- CaseInsensitiveDbcs [,dbcs string]
+-- CaseSensitiveUnicode [,unicode string]
+-- LmPasswordHistory [,unicode string]
+-- NtPasswordHistory [,unicode string]
+-- LogonHours [See Note On Logon Hours]
+-- ProfilePath [,unicode string]
+-- Groups [Count,(Group0Rid/Attributes, (...), GroupY-1Rid/Attributes)]
The structure under each (GroupRid) is as follows:
(GroupRid) [Revision,SecurityDescriptor]
---+-----
+-- V1_Fixed [,SAM_V1_FIXED_LENGTH_GROUP]
+-- Name [,Name]
+-- AdminComment [,unicode string]
+-- Members [Count,(Member0Rid, (...), MemberX-1Rid)]
The structure under each (AliasRid) is as follows:
(AliasRid) [Revision,SecurityDescriptor]
---+-----
+-- V1_Fixed [,SAM_V1_FIXED_LENGTH_ADMIN]
+-- Name [,Name]
+-- AdminComment [,unicode string]
+-- Members [Count,(Member0Sid, (...), MemberX-1Sid)]
The structure under the Alias\Members key is used for looking up the aliases
an SID is a member of (at logon time). These keys have the following
description:
- keyValueType of Alias\Members - This field contains a count of
domains whose accounts are included as alias members. For
example, if there are three aliases, and these aliases collectively
have the following members:
\MS\SYS\NTDEV\JIMK
\MS\SYS\NTDEV\DAVEC
\MS\SYS\NTDEV\CHADS
\MS\SYS\NTPGM\BOBMU
\MS\EXEC\BILLG
\MS\EXEC\PAULMA
\MS\EXEC\STEVEB
then this represents accounts from 3 domains ("\MS\SYS\NTDEV",
"\MS\SYS\NTPGM", and "\MS\EXEC"). So, the DomainCount would
be three.
- Each Alias\Members\(DomainSid) key - These each have a name representing
the SID of the domains counted in the DomainCount.
- Under each Alias\Members\(DomainSid) key - There is a single key for each
account in that domain that is a member of an alias. The name of these
keys are printable representations of their RIDs. The KeyValueType
field of these keys contains a count of the aliases the SID is a member
of. The KeyValue field contains an array of RIDs of the Aliases that
the SID is a member of.
===============================================================================
Logon Hours are stored as follows:
The KeyValueType is used to store the UnitsPerWeek value.
This value may not exceed SAM_MINUTES_PER_WEEK (10080).
The actual bitmask of legitimate logon times is stored as
the key value. The number of bytes stored is
((KeyValueType + 1) / 8).
If there are no logon time restrictions, the key will have
a KeyValueType of zero and there will be no KeyValue.
REVISION HISTORY
----------------
Revision 1.0, 3-June-1991, Jim Kelly (JimK)
- Initial implementation
Revision 1.1, 4-Jan-1992, Jim Kelly (JimK)
- Conversion to FlexAdmin model.
- Added all Alias fields. Notice that the members of aliases
are SIDs, not RIDs. This makes alias membership marshalling
much more difficult than for Group objects.
- Drop the following fields:
(UserRid)/LogonServer
- Added the following fields:
(UserRid)/ProfilePath
Reference in New Issue View Git Blame Copy Permalink