The configuration adds entries to the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\control\lsa\rodcroles
- Name: 544
- Data type: REG_MULTI_SZ
- Value: S-1-5-21-760266474-1386482297-4237089879-1107
The role is denoted by the entry name—544, for example, is the well known RID for the builtin\administrators group. Then, each value represents the security identifier (SID) of a user who has been assigned to the role.
0 Comments