Final version of new ntsec documentation

Corinna Vinschen
Tue Dec 2 19:38:00 GMT 2008

On Dec  2 10:28, Max Kaehn wrote:
> On Tue, 2008-12-02 at 18:16 +0100, Corinna Vinschen wrote:
> > I spent two days now to get the ntsec documentation in the user's
> > guide for Cygwin 1.7 into the final new shape.  You can find it
> > in the sources, of course, but also uploaded as HTML file here:
> > 
> >
> > 
> > It would be incredibly nice if some of you would proofread it.
> > 
> > I take the blame and patches and patch suggestions for everything, be it
> > syntax errors, bad english, crude descriptions, too much drivel, too
> > brief descriptions.  Don't hesitate to fix my bugs, please.
> I've had to dig into Windows ACLs a lot, and this looks good.
> In Example 2.2, do you mean
> 	the Windows user "FOO\Administrator"
> instead of FOO\Administrators?  (Spelling nitpick: "dutifully".)

Thanks!  I fixed those.  I don't update the HTML pages for that, though.

> I don't know if this will be helpful to you, but there's another
> interesting and obscure property of logon sessions:  they
> live in their own sandboxes when it comes to network shares.
> If you get WinObj from and look
> under \Sessions\0\DosDevices, you'll see your "net use" mounts are in
> one of those sessions as links from a drive letter to
> "\Device\LanmanRedirector\;...".  On 2000, XP, and 2003 (I haven't tried
> this stunt on NT4), any entity created there is added to or masks the ones
> in \Global?? (which is where the OS maps drive letters to device IDs;
> C: is just an alias, usually to "\Device\HarddiskVolume1").  That's
> why any session you start as SYSTEM doesn't see the network mounts
> on your desktop-- in that session, they don't exist.

Yep, I know how that works but I had a couple of extra systoles thinking
how to explain all this.  It seemed too complicated to me to explain how
this works on the NT level.  That's why I only vaguely refer to the
problems you can get when trying to connect to shares using drive

Btw., NT4 is different because it only supports global mappings from
drive letters to shares.  AFAIR I never succeeded in creating even a
single drive mapping using `net use' in a password-less ssh session
when I tried it.  Way back when...

Thanks for proofreading!  If you see anything else or are missing
something you thin is important, don't be shy :)


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

More information about the Cygwin-developers mailing list