--- q_a/samples/sd_flppy/floplock.c 2018/08/09 18:29:42 1.1 +++ q_a/samples/sd_flppy/floplock.c 2018/08/09 18:30:12 1.1.1.2 @@ -63,7 +63,7 @@ PSECURITY_DESCRIPTOR psdEveryoneSD PSID psidAdministrators = (PSID)&ucSIDBuf; PSID psidPowerUsers = (PSID)&ucPwrUsrsSIDBuf; PACL pNewDACL = (PACL)&ucACLBuf; - +BOOL bGotPowerUsersSid = FALSE; @@ -185,7 +185,9 @@ service_main(DWORD dwArgc, LPTSTR *lpszA /************************************************************************\ * - * Get SID of Power Users + * Get SID of Power Users, which is not defined on Windows NT Advanced + * Server machines, so if we fail to get the SID, simply record that + * fact, and don't try to use the Power Users' SID later * \************************************************************************/ @@ -198,18 +200,19 @@ service_main(DWORD dwArgc, LPTSTR *lpszA LPSTR lpszDomain = (LPSTR)&ucDomainBuf; PSID_NAME_USE psnuType = (PSID_NAME_USE)&ucPSNUBuf; - if(!LookupAccountName((LPSTR)NULL, /* local name */ + bGotPowerUsersSid = + LookupAccountName((LPSTR)NULL, /* local name */ "Power Users", psidPowerUsers, &dwSID, lpszDomain, &dwDomainName, - psnuType)) - { StopSimpleService("LookupAccountName"); - } + psnuType); - if (*psnuType != SidTypeAlias) - { StopSimpleService("LookupAccountName returned the wrong SID type"); + if(bGotPowerUsersSid) + { if (*psnuType != SidTypeAlias) + { StopSimpleService("LookupAccountName returned the wrong SID type"); + } } } @@ -258,7 +261,7 @@ service_main(DWORD dwArgc, LPTSTR *lpszA \************************************************************************/ #define UNLOCK_AT_SERVICE_STOP (0==0) - if (UNLOCK_AT_SERVICE_STOP) + if (UNLOCK_AT_SERVICE_STOP && bGotPowerUsersSid) { if (!AddAccessAllowedAce(pNewDACL, ACL_REVISION2, FILE_ALL_ACCESS,