X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:date:message-id:references :mime-version:content-type:content-transfer-encoding; q=dns; s= default; b=ykzKPvb8YL3cg6dZdoyuCcLON2WuBJ7tVaxLDib0gAFyvihy8OeIJ DctFcoczTYlI5gJFdAZK5ND6mCMfBOE3o6ebQN6y+XWls2rDbPle5BzwCdFp0uaa Ldjls8Uzsac0hBG91BmxS3p9tIbLUeWyWJg293i4u5U64z+OORLe+Y= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:date:message-id:references :mime-version:content-type:content-transfer-encoding; s=default; bh=ZHgJpgec8Y1YBxB6Cl8XRfbuAMg=; b=KiIYtn80cYV2y4CKPKgfVAtCFfbF Qo0GhPOTjvF0P1X+owYCd4wqonhtOGU70pFcHmYyuJlIOzkj9UAEyAAIv9ntCDfc YWrAD9x+7B1VZ5uCOArghcpNinQQurqRlcsq9iQkV5XWkrlM/JscutakmcvR6vQd buzZDHIChw2Dhpg= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.2 required=5.0 tests=AWL,BASE64_LENGTH_79_INF,BAYES_40,MIME_BASE64_BLANKS,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD autolearn=no version=3.3.2 spammy=corinna-cygwin, corinnacygwin, H*Ad:D*ca, H*MI:sk:87mvpz1 X-HELO: plane.gmane.org To: cygwin AT cygwin DOT com From: Brian Inglis Subject: Re: Change PS1 when run as administrator Date: Wed, 23 Mar 2016 18:01:02 +0000 (UTC) Lines: 1 Message-ID: References: <28210846 DOT 20160315202354 AT yandex DOT ru> <87mvpz1ong DOT fsf AT Rainer DOT invalid> <0F37E0B7-A313-49F2-BAFD-59A7A144BD8C AT etr-usa DOT com> <20160323141740 DOT GT14892 AT calimero DOT vinschen DOT de> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 User-Agent: Loom/3.14 (http://gmane.org/) X-IsSubscribed: yes Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id u2NI1jhv003910 Corinna Vinschen cygwin.com> writes: > On Mar 23 12:35, Brian Inglis wrote: >> Warren Young etr-usa.com> writes: >>> Confirmed, at least on Win10 64-bit without any AD mucking things up. >>> That is, I get both 114 and 544 here, so I don’t need the 114 rule at all. >> Opposite for me on Win7 x64 non-domain machine! >> I am always a member of 544(Administrators) group and it is my default >> primary group in normal non-admin and elevated admin shells. >> In elevated admin shell, I am also a member of 114(Local account and >> member of Administrators group) and 405504(High Mandatory Level) not >> 401408(Medium Mandatory Level). > You have either some /etc/passwd, /etc/group settings overshadowing the > default settings, or you used the "desc" method described in > https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nsswitch-desc > to change your primary group. > Otherwise your primary group is always "None", or the equivalent in your > locale. The admins group is *never* the primary group, unless you > messed with the settings for Cygwin as outlined above. > If you're member in the Admins group, then the admins group is part of > the non-elevated token, but only as "deny-only" group. That means, it's > usually not shown in id, unless you made it primary group, in which case > it has to be shown. > You better remove this. I think I'll fix this function to not allow > primary groups which are not enabled in the token. net user /comment - thanks, that worked. Removed comment (in elevated shell) and default became None. Readded comment with Users and that became the default. Will leave that there, as seeing None=="local non-domain accounts" bugs me, and it seems stupid to default anything to local non-domain accounts only. Is there a better consistent choice of dynamic group having elevated rights on both local and domain systems than 544 e.g. 114 or 405504 or ?