2.2.1.4.7 NETLOGON_SID_AND_ATTRIBUTES

  • Article

The NETLOGON_SID_AND_ATTRIBUTES structure contains a security identifier (SID) and its attributes.

 typedef struct _NETLOGON_SID_AND_ATTRIBUTES {
   PRPC_SID Sid;
   ULONG Attributes;
 } NETLOGON_SID_AND_ATTRIBUTES,
  *PNETLOGON_SID_AND_ATTRIBUTES;

Sid: A pointer to a security identifier (SID), as specified in [MS-DTYP] section 2.4.2.3.

Attributes: A set of bit flags that contains the set of security attributes assigned to this SID. A bit is TRUE (or set) if its value is equal to 1.  The value is constructed from one or more bit flags from the following table.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

0

0

D

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

C

B

A

Where the bits are defined as:

Value

Description

A

The SID cannot have the SE_GROUP_ENABLED attribute removed.  Corresponds to the SID attribute SE_GROUP_MANDATORY. This attribute prevents the user from disabling the group. Disabling a group causes the group to be ignored by access validation routines.

B

The SID is enabled by default (as opposed to being enabled by an application). Corresponds to the SID attribute SE_GROUP_ENABLED_BY_DEFAULT

C

The SID is enabled for access checks.  Corresponds to the SID attribute SE_GROUP_ENABLED.

D

This group is a domain local group.  Corresponds to SE_GROUP_RESOURCE.

All other bits MUST be set to zero and MUST be ignored on receipt. For more information, see [MSDOCS-TokenGrp].

These values are opaque to the Netlogon protocol. They are not used or processed directly. All fields of this structure have the same meaning as the identically named fields in the KERB_SID_AND_ATTRIBUTES structure as specified in [MS-PAC] section 2.2.1.