View Single Post
Old 29th July 2009, 02:24   #3
ronca
Junior Member
 
Join Date: Aug 2008
Posts: 13
Quote:
Originally posted by Afrow UK
Sure you aren't just trying to run your install from a limited account?
I am 100% sure. I can tell you, however, that your question prompted me to double-check again and I discovered something interesting about 'Admin': It is not the "Built-in account for administering the computer/domain". The built-in administrator account is named 'Administrator' and it is a member of one group only, the built-in 'Administrators'.

'Admin', on the other hand, is a member of two built-in groups: 'Administrators' and 'Users'.

'Limited' is a member of one group only, the built-in 'Users'.

Does this mean that a "true" administrator cannot belong to both 'Users' and 'Administrators' at the same time?


Quote:
Originally posted by Afrow UK
You aren't going to see the Limited hive when on Admin unless you are logged into Limited at the same time.
But in SP2 it worked without being logged into Limited at the same time. Can you explain this?


Quote:
Originally posted by Afrow UK
Anyway, EnumUsersReg uses the RegLoadKey API to load the account hives into HKEY_USERS and that API requires the SE_RESTORE_NAME and SE_BACKUP_NAME privileges, both of which are only available to users which have administrator privileges.
If a user has administrator privileges and uses the the RegLoadKey API to load the account hives into HKEY_USERS, does that create the "effect" of that account being logged in?

Thanks!
ronca is offline   Reply With Quote