Final version of new ntsec documentation

Max Kaehn
Tue Dec 2 18:29:00 GMT 2008

On Tue, 2008-12-02 at 18:16 +0100, Corinna Vinschen wrote:
> I spent two days now to get the ntsec documentation in the user's
> guide for Cygwin 1.7 into the final new shape.  You can find it
> in the sources, of course, but also uploaded as HTML file here:
> It would be incredibly nice if some of you would proofread it.
> I take the blame and patches and patch suggestions for everything, be it
> syntax errors, bad english, crude descriptions, too much drivel, too
> brief descriptions.  Don't hesitate to fix my bugs, please.

I've had to dig into Windows ACLs a lot, and this looks good.

In Example 2.2, do you mean
	the Windows user "FOO\Administrator"
instead of FOO\Administrators?  (Spelling nitpick: "dutifully".)

I don't know if this will be helpful to you, but there's another
interesting and obscure property of logon sessions:  they
live in their own sandboxes when it comes to network shares.
If you get WinObj from and look
under \Sessions\0\DosDevices, you'll see your "net use" mounts are in
one of those sessions as links from a drive letter to
"\Device\LanmanRedirector\;...".  On 2000, XP, and 2003 (I haven't tried
this stunt on NT4), any entity created there is added to or masks the ones
in \Global?? (which is where the OS maps drive letters to device IDs;
C: is just an alias, usually to "\Device\HarddiskVolume1").  That's
why any session you start as SYSTEM doesn't see the network mounts
on your desktop-- in that session, they don't exist.

More information about the Cygwin-developers mailing list