Copy local Groups -- Get SID

R

ronny.kluge

Hallo @all,

i want to copy local Groups from Server to Server(MS Win).
The Groups should allocated the same "old" SID, because the first
Server is to old for productivity ..

How can i do this in Perl ?

Google could'nt help me so far.

Thanx, Greets, Ronny !
 
T

Thomas Kratz

Hallo @all,

i want to copy local Groups from Server to Server(MS Win).
The Groups should allocated the same "old" SID, because the first
Server is to old for productivity ..

This last sentence doesn't make sense to me. What exactly are you trying
to do? If you just want to change the server's hardware, go with a backup
and restore of your server's data (the SAM user database included). This
will not change any ACLs or SIDs.

I would not use Perl for that (not that I knew how to ;-)

You cannot set the SID while creating a group, nor change the SID of a
newly created group (at least I know no simple or even documented way of
doing it).

Thomas

--
$/=$,,$_=<DATA>,s,(.*),$1,see;__END__
s,^(.*\043),,mg,@_=map{[split'']}split;{#>J~.>_an~>>e~......>r~
$_=$_[$%][$"];y,<~>^,-++-,?{$/=--$|?'"':#..u.t.^.o.P.r.>ha~.e..
'%',s,(.),\$$/$1=1,,$;=$_}:/\w/?{y,_, ,,#..>s^~ht<._..._..c....
print}:y,.,,||last,,,,,,$_=$;;eval,redo}#.....>.e.r^.>l^..>k^.-
 
R

ronny.kluge

Ok, the old Server is Windows NT 4.0. I want to install an Windows
2003 Server and "copy" or create the local Groups with the same SID's
to this newest
Server !

All Things are possible with Perl ;), this too ??

Greets, Thanx, Ronny.
 
T

Thomas Kratz

Ok, the old Server is Windows NT 4.0. I want to install an Windows
2003 Server and "copy" or create the local Groups with the same SID's
to this newest
Server !

First: please learn to quote properly. This and other important things are
explained in the posting guidelines posted here frequently and are
accessible at:

http://mail.augustmail.com/~tadmc/clpmisc/clpmisc_guidelines.text
All Things are possible with Perl ;), this too ??

Second: you should first establish that your problem is well defined and
solvable. Only then you should worry about solving it in Perl.

Why the hell do you want the SIDs to be identical? This only makes sense
if there are resources on the new server with ACL entries pointing to
those SIDs. But as they are local groups, this is very strange.

If you want to update the server, clone the old disk and make an update to
Win2003. If something goes wrong run from the cloned disk.

This is OT here, you will get better help in one of the Microsoft groups.

Thomas

--
$/=$,,$_=<DATA>,s,(.*),$1,see;__END__
s,^(.*\043),,mg,@_=map{[split'']}split;{#>J~.>_an~>>e~......>r~
$_=$_[$%][$"];y,<~>^,-++-,?{$/=--$|?'"':#..u.t.^.o.P.r.>ha~.e..
'%',s,(.),\$$/$1=1,,$;=$_}:/\w/?{y,_, ,,#..>s^~ht<._..._..c....
print}:y,.,,||last,,,,,,$_=$;;eval,redo}#.....>.e.r^.>l^..>k^.-
 
R

ronny.kluge

At first thanyou Thomas.

The Reason is, that the local Groups on the Windows NT 4.0 Server
contains global groups of the domain. If you create a local group
on the new server with not the same SIDs the global groups should not
automatically assign to the local groups.

This is what i want to reach.

In fact with many Perl Moduls you can do all that you want to
create/change groups, accounts, ...etc. so i thougt that i also
can read the SIDs of my old local groups to create these groups on the
new Server and allocate the original SIDs. So that the global
Groups assign automatical to these local groups.

Whats wrong with these Thoughts ?

Greets, Ronny.
 
F

Fabian Pilkowski

At first thanyou Thomas.

Thank him by following his advice. He mentioned you didn't quote
properly. Please do this the next time. This is not one of those
proprietary Google Groups you're reading, this is "Usenet". It's
just Google's (crappy) interface you're using to access it.
The Reason is, that the local Groups on the Windows NT 4.0 Server
contains global groups of the domain. If you create a local group
on the new server with not the same SIDs the global groups should not
automatically assign to the local groups.

This is what i want to reach.

Consider to upgrade your already installed Windows system after making a
backup. It's *the* option you have to do to reach your goal. What's the
reason you won't doing this?
In fact with many Perl Moduls you can do all that you want to
create/change groups, accounts, ...etc. so i thougt that i also
can read the SIDs of my old local groups to create these groups on the
new Server and allocate the original SIDs. So that the global
Groups assign automatical to these local groups.

Whats wrong with these Thoughts ?

AFAIK, Microsoft's API doesn't provide anything for doing this.

regards,
fabian
 
T

Thomas Kratz

At first thanyou Thomas.

As Fabian already mentioned: instead of thanking me please learn to quote
properly. I certainly will be reluctant to help otherwise.
Implementation is the sincerest kind of flattery ;-)
The Reason is, that the local Groups on the Windows NT 4.0 Server
contains global groups of the domain. If you create a local group
on the new server with not the same SIDs the global groups should not
automatically assign to the local groups.

This is what i want to reach.

Either you have problems explaining what you want to do, or you don't
understand how local and global groups work. How on earth should the
global groups become members of the newly created local group without
somebody assigning them? And as that somebody would be you, what do you
need the SID for? There is no automatic assigning of group members!
In fact with many Perl Moduls you can do all that you want to
create/change groups, accounts, ...etc. so i thougt that i also
can read the SIDs of my old local groups to create these groups on the
new Server and allocate the original SIDs. So that the global
Groups assign automatical to these local groups.

Whats wrong with these Thoughts ?

It doesn't work like this? :cool:

But joking aside: You would be far better of with an upgrade after backup.
Or at least with a backup of your local users and groups and restore on
the new server (There are lots of tools for this purpose, e.g. the NTSEC
suite or even tools from the NT ResourceKit).

I would suggest reading a bit more on the subject, leaving Perl aside.

Thomas

--
$/=$,,$_=<DATA>,s,(.*),$1,see;__END__
s,^(.*\043),,mg,@_=map{[split'']}split;{#>J~.>_an~>>e~......>r~
$_=$_[$%][$"];y,<~>^,-++-,?{$/=--$|?'"':#..u.t.^.o.P.r.>ha~.e..
'%',s,(.),\$$/$1=1,,$;=$_}:/\w/?{y,_, ,,#..>s^~ht<._..._..c....
print}:y,.,,||last,,,,,,$_=$;;eval,redo}#.....>.e.r^.>l^..>k^.-
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,904
Latest member
HealthyVisionsCBDPrice

Latest Threads

Top