2.2.3.2 WindowsIdentifiers Structure
The WindowsIdentifiers structure has variable length. It defines a set of SIDs and flags. To reduce the overall data size, the SIDs are not included in full binary expansion. Rather, PACKED_SIDS structures are created for each group of SIDs that are identical except for the last subauthority.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
WindowsIdentifierFlags |
|||||||||||||||||||||||||||||||
|
PackedSidsCount |
|||||||||||||||||||||||||||||||
|
PackedSids (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
WindowsIdentifierFlags (4 bytes): A 32-bit WindowsIdentifierFlags structure (see 2.2.3.2.1).
PackedSidsCount (4 bytes): A 4-byte, little-endian, unsigned integer that defines the number of PackedSids fields in this structure. This field MUST NOT be 0.
PackedSids (variable): A sequence of PACKED_SIDS structures of variable size, each of which defines a set of SIDs. The sequence defines a set of SIDs, which is the union of the sets of SIDs defined by all the elements.