/*++ Copyright (c) 1990 Microsoft Corporation Module Name: regnames.txt Abstract: This file describes the Configuration Registry namespace used to back-store the LSA database. Author: Scott Birrell (ScottBi) 11-June-1991 Revision History: General: The Local Security Authority (LSA) stores the Local Security Policy (LSP) of a system in a subtree of the Configuration Registry. The Registry consists of a hierarchy of nodes called "Keys". Each Key can have associated with it data called the "Value" of the Key. A Key Value can also have a "Key Value Type" associated with it when the value is set. A full Registry Keyname has the following general syntax: \Registry\KeyNameE\KeyNameE\..\KeyNameE. where each KeyNameE is an "element" of the Key name. We usually use the term "Keyname" to mean any element of the full name as indicated above. Within the Registry, the Local Security Policy occupies the subtree \Registry\RLM\Security\Protectd\LSP which is so named because it is the Local Security Policy subtree of the Protected part of the Security subtree of the Registry's Local Machine information. This file describes the content of Keys at all levels within this LSP. We first introduce some notation. Notational Conventions: o Xxx is the Unicode name of a Registry Key element. For example, "PasswordExpires". o (Xxx) is a description of a Registry Key's name. For example, "(UserName)" might indicate that the Key name is a user's name. o [kvt,Value] kvt is the Key Value Type, and Value describes the value of a Registry Key. If no specific Key Value Type is used, then [,Value] references just the value. If the Key has a Key Value Type, but no Key Value, then [kvt,] notation is used. o Individual Keys or Key Values may be referenced in the description as the following examples show: LSP/Accounts/(AcctName) - references a particular Account Name. LSP/Accounts/(AcctName)[,Rid] - references a value of a named Key. .../(AcctName) or .../(AcctName)[Rid] may also be used as a shorthand notation in which the first part of the Key has been omitted. NOTE: In several instances, a RID (Relative Id) is used as a Key name. In this case an ASCII conversion of the ULONG value is used. The name is printable and contains no zero bytes. LSP Database Struture: Using the above notation, the structure of the Registry namespace used to back-store the LSA's Local Security Policy (PSP) Database is as follows: LSP --+- +-- SecDesc [,SecurityDescriptor] +-- Domain [,SidValue] +-- AdminMod [,AdmininstrationModeValue] +-- OperMode [,OperationalModeValue] +-- Accounts [Count,] ----+ +-- (AccountName1) [AccountRid1,] | (...) +-- (AccountNameN) [AccountRidN,] | +-- (AccountRid1) [,AccountName1] | (...) +-- (AccountRidN) [,AccountNameN] BltAccts ----+-- +-- (BuiltInManagerAccountName) [AccountRidMGR,] | (...) +-- (BuiltInGuestAccountName) [AccountRidGST,] | +-- (AccountRidMGR) [,BuiltInManagerAccountName] | (...) +-- (AccountRidGST) [,BuiltInGuestAccountName] The structure under each User or Group Account (AccountRid) Key is is as follows: (AccountRid)[PosixId,AccountName] ----+--------- +-- SecDesc [,SecurityDescriptor] +-- Privilgs [,PrivilegeSet] +-- Quotas [,QuotaLimits] The structure under each Built-in Account (AccountRid) is as follows: (BuiltInAccountName) [AccountRid,] ----+--------- +-- SecDesc [,SecurityDescriptor] --*/