[I'm so sorry I'm messing up the mailing list by not replying to the proper
email.... I only just got it through my thick skull now to subscribe to the
mailing list. I think my brain is on vacation already....]
Unfortunately your prediction was correct - RunAs Administrator CMD gives this:
C:\WINDOWS\system32>whoami
azuread\russellmora
C:\WINDOWS\system32>whoami /all
USER INFORMATION
----------------
User Name SID
=================== ===================================================
azuread\russellmora S-1-12-1-2043906341-1249388050-2635137163-399631282
GROUP INFORMATION
-----------------
Group Name Type SID
Attributes
========================================= ================
====================================================
===============================================================
Mandatory Label\High Mandatory Level Label S-1-16-12288
Everyone Well-known group S-1-1-0
Mandatory group, Enabled by default, Enabled
group
BUILTIN\Administrators Alias S-1-5-32-544
Mandatory group, Enabled by default, Enabled
group, Group owner
BUILTIN\Users Alias S-1-5-32-545
Mandatory group, Enabled by default, Enabled
group
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4
Mandatory group, Enabled by default, Enabled
group
CONSOLE LOGON Well-known group S-1-2-1
Mandatory group, Enabled by default, Enabled
group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11
Mandatory group, Enabled by default, Enabled
group
NT AUTHORITY\This Organization Well-known group S-1-5-15
Mandatory group, Enabled by default, Enabled
group
LOCAL Well-known group S-1-2-0
Mandatory group, Enabled by default, Enabled
group
Unknown SID type
S-1-12-1-2741946010-1181797680-2322883994-3292483823 Mandatory group, Enabled
by default, Enabled group
NT AUTHORITY\Cloud Account Authentication Well-known group S-1-5-64-36
Mandatory group, Enabled by default, Enabled
group
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
=============================== =========================================
========
SeLockMemoryPrivilege Lock pages in memory
Disabled
SeIncreaseQuotaPrivilege Adjust memory quotas for a process
Disabled
SeSecurityPrivilege Manage auditing and security log
Disabled
SeTakeOwnershipPrivilege Take ownership of files or other objects
Disabled
SeLoadDriverPrivilege Load and unload device drivers
Disabled
SeSystemProfilePrivilege Profile system performance
Disabled
SeSystemtimePrivilege Change the system time
Disabled
SeProfileSingleProcessPrivilege Profile single process
Disabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority
Disabled
SeCreatePagefilePrivilege Create a pagefile
Disabled
SeBackupPrivilege Back up files and directories
Disabled
SeRestorePrivilege Restore files and directories
Disabled
SeShutdownPrivilege Shut down the system
Disabled
SeDebugPrivilege Debug programs
Disabled
SeSystemEnvironmentPrivilege Modify firmware environment values
Disabled
SeChangeNotifyPrivilege Bypass traverse checking
Enabled
SeRemoteShutdownPrivilege Force shutdown from a remote system
Disabled
SeUndockPrivilege Remove computer from docking station
Disabled
SeManageVolumePrivilege Perform volume maintenance tasks
Disabled
SeImpersonatePrivilege Impersonate a client after authentication
Enabled
SeCreateGlobalPrivilege Create global objects
Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set
Disabled
SeTimeZonePrivilege Change the time zone
Disabled
SeCreateSymbolicLinkPrivilege Create symbolic links
Disabled
C:\WINDOWS\system32>
-----Original Message-----
From: "rm...@aboutgolf.com" <rm...@aboutgolf.com>
Sent: Tuesday, August 2, 2016 11:44
To: corinna-cyg...@cygwin.com, cygwin@cygwin.com
Cc: t...@towo.net
Subject: Re: /dev/ptmx fails with Azure accounts
<squeek squeek>
Though I am going on vacation in a couple of days until the 15th....
C:\Users\RussellMora>whoami
azuread\russellmora
C:\Users\RussellMora>whoami /fqdn
ERROR: Unable to get Fully Qualified Distinguished Name (FQDN) as the current
logged-on user is not a domain user.
C:\Users\RussellMora>whoami /all
USER INFORMATION
----------------
User Name SID
=================== ===================================================
azuread\russellmora S-1-12-1-2043906341-1249388050-2635137163-399631282
GROUP INFORMATION
-----------------
Group Name Type SID
Attributes
========================================= ================
====================================================
==================================================
Mandatory Label\Medium Mandatory Level Label S-1-16-8192
Everyone Well-known group S-1-1-0
Mandatory group, Enabled by default, Enabled
group
BUILTIN\Administrators Alias S-1-5-32-544
Group used for deny only
BUILTIN\Users Alias S-1-5-32-545
Mandatory group, Enabled by default, Enabled
group
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4
Mandatory group, Enabled by default, Enabled
group
CONSOLE LOGON Well-known group S-1-2-1
Mandatory group, Enabled by default, Enabled
group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11
Mandatory group, Enabled by default, Enabled
group
NT AUTHORITY\This Organization Well-known group S-1-5-15
Mandatory group, Enabled by default, Enabled
group
LOCAL Well-known group S-1-2-0
Mandatory group, Enabled by default, Enabled
group
Unknown SID type
S-1-12-1-2741946010-1181797680-2322883994-3292483823 Mandatory group, Enabled
by default, Enabled group
NT AUTHORITY\Cloud Account Authentication Well-known group S-1-5-64-36
Mandatory group, Enabled by default, Enabled
group
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ==================================== ========
SeShutdownPrivilege Shut down the system Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeUndockPrivilege Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
C:\Users\RussellMora>
On Aug 1 22:24, Thomas Wolff wrote:
> For Azure Domain users (and I do not really know what that means),
> pts handling does not seem to work, at least not for mintty, where forkpt=
y()
> fails.
> Please check https://github.com/mintty/mintty/issues/563 for a discussion,
> and my comment
> https://github.com/mintty/mintty/issues/563#issuecomment-235310199
>=20
> Also, there has been a similar report here:
> https://sourceware.org/ml/cygwin/2016-02/msg00046.html
>=20
> I have no idea how to establish a working startup of mintty for those use=
rs.
The problem here is that it's impossible to generate access
permissions for the pty with those weird accounts. I like it
how Microsoft screws up otherwise working software with this
strange domain handling.
To fix this we have to be able to come up with a working user and group
account for these cases. For that I need at least output from `whoami
/all'. I wonder why supposedly nobody tried that after /fqdn didn't
work.
This may be fixable by somebody with such an account and willing to hack
on the Cygwin function pwdgrp::fetch_account_from_windows(). There's
already some code for the so-called "Windows accounts" which seem to
work in a similar fashion (albeit in this case the user has a local
account SID).
Alternatively I need at least a guinea pig with such an account,
Corinna
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
