Machine SIDs and Domain SIDs

Microsoft Technical Fellow Mark Russinovich’s recent post “The Machine SID Duplication Myth” confused many readers who didn’t understand the distinction between the two independent SIDs that belong to a domain-joined computer.  I’ll take a crack at trying to clarify that. Machine and domain SIDs consist of a base SID and a Relative ID (RID) that…

10

LUA Buglight 2.1 released

LUA Buglight 2.1, identifies admin-permissions issues (“LUA bugs”) in desktop applications.  New version supports Windows 7 (x86 and x64), Vista (x86 and x64), XP (x86 only) and corresponding Server OSes. The download and more information is on this page: http://blogs.msdn.com/aaron_margosis/pages/LuaBuglight.aspx

4

LUA Buglight

LUA Buglight 2.1 is here.  LUA Buglight identifies admin-permissions issues (“LUA bugs”) in desktop applications.  I’ve made a lot of changes to LUA Buglight since the last “2.0 Preview” that I posted, so the version number has been bumped up: Support for Windows 7, Vista and XP, and corresponding Servers (2008 R2, 2008, 2003) Support…

31

Utilities for Local Group Policy and IE Security Zones

Because of my work with the Federal Desktop Core Configuration, I’ve published a set of three utilities that manage Local Group Policy.  The newest of these (ImportRegPol) parses registry.pol files and can convert their content to text.  I’ve also created a utility to view and compare IE security zone settings that is particularly helpful on…

2

Live, on the internet…

Ahoy, all — Later this week I’ll be appearing at a virtual roundtable hosted by Mark Russinovich, streaming live over the web.  The topic is Windows 7 application compatibility.  Among other things, I’ll be demoing the latest (still-unreleased) updates to LUA Buglight (latest released version here). Here are the details:   Springboard Series Virtual Roundtable   Windows…

2

FAQ: How do I start a program as the desktop user from an elevated app?

Common Vista/Win7 scenario:  the app you’ve written runs with elevated permissions, but then needs to start another program as the non-elevated desktop user.  For example, you want to display web content.  Now, you could just launch the web browser from your app, and let the web browser run as admin.  What could go wrong?  (Hint: …

16