DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 63OCPbsj2790828 Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 63OCPbsj2790828 Authentication-Results: delorie.com; dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=cHQFIygB X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D8F004B9700B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1777033536; bh=9k4fegnQRXSG7a+m+fTsmTETZYBLsh36TQA5wqcc+2U=; h=Subject:To:References:Date:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=cHQFIygBloWJ+XCCvtabnGb2rYsd6gAqxeylAVH6PdhVlLbjDfcaq4iK0xxwRqpfE Sfh2sbJjLOTi5aByTXbXr2Pd2eq5woywimQ6oHx2qjxJaQCwWN0WDVjve6jRfi+iJr bP0CHRcEJ0RkYUshOdmbrAcO+Dq33wUeWeMnclFo= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 15D1C4BA902E ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 15D1C4BA902E ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1777033516; cv=none; b=sKDM4bpV4qscMge8oWcIrVLoLwuhfCU7GpaSj5NLo+bqO2ExEOfIFzodmBxPwxfoVOWCf0emSd3N1EE+MKWGWdF5K5kqQYQoVXAz0fiLS5gO1acwHr+ag11kWebjvUt4TLm1YubpsWOa+BK/GfbrYWAyW13womBU30Q4qgVxPWw= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1777033516; c=relaxed/simple; bh=x79u9uXxWWmUdybyH6QEB11kux9ZfGSpB1h2fUUN+Wo=; h=DKIM-Signature:Subject:To:From:Message-ID:Date:MIME-Version; b=b2ipvCnQGYQK9blpIGAVFKANGB1O6+E7y98N/N9JyrfnCGFVs3jrY2HqWeGvEStt7faSEvcaU0mQV4Q/hkGPPJ/qAfBYlBZyFfT/tD0ADO8ks1G5s1OEvf9yUTF0s+XF2RgSZQHVeMxpc3oLoD6PyhcRkjfHGcrHYtDwH+P5MJw= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 15D1C4BA902E Subject: Re: Getting Windows "MACHINE SID" without fork() & exec()? To: cygwin AT cygwin DOT com References:

Organization: WiseMo A/S Message-ID: Date: Fri, 24 Apr 2026 14:25:10 +0200 X-Mailer: Epyrus/2.2.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Content-Filtered-By: Mailman/MimeDel 2.1.30 X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.30 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Jakob Bohm via Cygwin Reply-To: Jakob Bohm Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 63OCPbsj2790828 On 24/04/2026 00:55, Brian Inglis via Cygwin wrote: > On 2026-04-23 13:27, René Berber via Cygwin wrote: >> On 4/23/2026 11:07 AM, Takeshi Nishimura via Cygwin wrote: >> >>> Does Cygwin have a secret shell variable or /proc file which contains >>> the current machine's MACHINE SID, without having to resort to calling >>> an external program (no fork(), no exec(), please)? >> >> Create your own environment variable. Store it once per bash session >> with .bashrc for example, or permanently with all the other Windows >> variables. >> >> Use PsGetSid to get the value into that variable (i.e. no super user >> access needed like with regtool.) > > No regtool or superuser access needed for most queries and regtool > accepts paths: > > $ l /proc/registry*/ > /proc/registry/: > HKEY_CLASSES_ROOT/ HKEY_CURRENT_CONFIG/ HKEY_CURRENT_USER/ > HKEY_LOCAL_MACHINE/ HKEY_PERFORMANCE_DATA/ HKEY_USERS/ > > /proc/registry32/: > HKEY_CLASSES_ROOT/ HKEY_CURRENT_CONFIG/ HKEY_CURRENT_USER/ > HKEY_LOCAL_MACHINE/ HKEY_PERFORMANCE_DATA/ HKEY_USERS/ > > /proc/registry64/: > HKEY_CLASSES_ROOT/ HKEY_CURRENT_CONFIG/ HKEY_CURRENT_USER/ > HKEY_LOCAL_MACHINE/ HKEY_PERFORMANCE_DATA/ HKEY_USERS/ > >> Ref: https://learn.microsoft.com/en-us/sysinternals/downloads/psgetsid >> >> Caveat: The first time you run PsGetSid it shows a popup with the >> license agreement. >> >> Example: >> XPS-8930: ~ >> $ /home/reneb/bin/SysinternalsSuite/PsGetsid >> >> PsGetSid v1.44 - Translates SIDs to names and vice versa >> Copyright (C) 1999-2008 Mark Russinovich >> Sysinternals - www.sysinternals.com >> >> SID for \\XPS-8930: >> S-1-5-21-3651791898-1415975337-2452924111 >> >> XPS-8930: ~ >> $ /home/reneb/bin/SysinternalsSuite/PsGetsid |& tail -n 3 >> S-1-5-21-3651791898-1415975337-2452924111 > > Do you mean like these values replaced by '*'? > > $ regtool list -v /proc/registry/HKEY_USERS/ > .DEFAULT\ () > S-1-5-18\ () > S-1-5-19\ () > S-1-5-20\ () > S-1-5-21-**********-**********-**********-1001\ () > S-1-5-21-**********-**********-**********-1001_Classes\ () > ... > > Of course, if the info is not yours, you probably will need elevated > access! > That particular list is only for users with a local home directory (called "profile dir"in windows), and for which the per user config registry are currently cached in memory due to use by one or more processes. There are Win32 functions which return the value directly from the Windows component that owns it, for example this sequence, which does not require any user to have recently logged on. Wrapping in cygwin-compatible code is left as an exercise for the reader. // Note: On domain controllers, the machine sid is actually the // sid of thedomain for which this domain controller is the // Kerberos KDC. This isa historical consequence of NT // versions before 5.00 stored the domainuser database with // the same code as the local user database of othermachines. // Note: This code uses the NT OS API conventions, where each API // returns asigned 32 bit error code where < 0 is error, // >= 0 is success, see WinSDK/include/shared/ntstatus.h // Note: This sample prefixes Win32 API names with the DLL that // exports them, adjust to how your code otherwise accesses // system calls // Note: Most LsaXxxx() APIs exported by ADVAPI32 are actually // local RPC calls to the secure process that is the equivalent // of logind on Systemd/Linux. // Note: The policy handle temporarily used by this code could be // shared with other tasks, such as looking up the local names // of accounts, listing trusted AD/Kerberos domains etc. For // simplicity, it is just opened and closed by this self-contained // sample. // Implement this function yourself, similar to strdup() from ANSI C, // But using ADVAPI32.GetLengthSid() instead of strlen() PSID SampleDuplicateSid(PSID pSid0); NTSTATUS STDCALL SampleGetMachineSid(PSID *ppMachineSid) { LSA_HANDLE hLsaPolicy = NULL; POLICY_ACCOUNT_DOMAIN_INFO *pAccountDomainInfo = NULL LSA_OBJECT_ATTRIBUTES oattr; NTSTATUS ntStatus; bzero(&oattr, sizeof(oattr) ntStatus = ADVAPI32.LsaOpenPolicy( NULL, &oattr, POLICY_VIEW_LOCAL_INFORMATION | POLICY_LOOKUP_NAMES, &hLsaPolicy) if (ntStatus < 0) return ntStatus; ntStatus = ADVAPI32.LsaQueryInformationPolicy( hLsaPolicy, PolicyAccountDomainInformation, (PdwVOID*)(&pAccountDomainInfo)) (void)ADVAPI32.LsaClose(hLsaPolicy); if (ntStatus < 0) return ntStatus; ppMachineSid = SampleDuplicateSid(pAccountDomainInfo->DomainSid); if (!pMachineSid) ntStatus = STATUS_NO_MEMORY; ADVAPI32.LsaFreeMemory(pAccountDomainInfo) return ntStatus; } -- Jakob Bohm, CIO, partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Soborg, Denmark. direct: +45 31 13 16 10 This message is only for its intended recipient, delete if misaddressed. WiseMo - Remote Service Management for PCs, Phones and Embedded -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple