CreateWellKnownSid 表示参数与 WinAccountAdministratorSid 不正确，但适用于 WinBuiltAdministratorsSid

Question

我正在尝试使用内置管理员帐户获取众所周知的 SID，CreateWellKnownSid以便我可以在其他功能中使用它，但是当用作第一个参数时，我收到参数不正确的错误消息WinAccountAdministratorSid；但是，如果我使用WinBuiltinAdministratorsSid或WinBuiltinUsersSid它有效。不知道发生了什么。

代码：

#include <Windows.h>
#include <wchar.h>
#include <LM.h>
#include <locale.h>

#pragma comment(lib, "Netapi32.lib")

#define MAX_NAME 256

VOID ShowError(DWORD errorCode)
{
    //FormatMessageW
    DWORD flags = FORMAT_MESSAGE_ALLOCATE_BUFFER |
        FORMAT_MESSAGE_FROM_SYSTEM |
        FORMAT_MESSAGE_IGNORE_INSERTS;
    LPWSTR errorMessage;
    DWORD size = 0;

    if (!FormatMessageW(flags, NULL, errorCode, 0, (LPWSTR)&errorMessage, size, NULL))
    {
        fwprintf(stderr, L"Could not get the format message, error code: %u\n", GetLastError());
        exit(1);
    }

    wprintf(L"\n%s", errorMessage);

    LocalFree(errorMessage);
}

int wmain(int argc, WCHAR **argv)
{
    _wsetlocale(LC_ALL, L"English");

    //LocalAlloc
    UINT memFlags = LMEM_FIXED; //Allocates fixed memory
    DWORD numOfBytes = SECURITY_MAX_SID_SIZE;
    PSID builtInAdminSid;

    /*Allocating memory to hold the SID for the
    built-in administrator user*/
    if (!(builtInAdminSid = LocalAlloc(memFlags, numOfBytes)))
    {
        ShowError(GetLastError());
        return 1;
    }

    //CreateWellKnownSid
    WELL_KNOWN_SID_TYPE accountAdminSid = WinAccountAdministratorSid;
    PSID domainSid = NULL;

    /*We will ask Windows for the well known Admin SID.
    If this function fails, we cannot continue*/
    if (!CreateWellKnownSid(accountAdminSid, NULL,
                            builtInAdminSid, &numOfBytes))
    {
        ShowError(GetLastError());
        LocalFree(builtInAdminSid); //Do not forget to free memory!
        return 1;

    }


    return 0;
}

难道我做错了什么？

编辑：

好像我必须指定DomainSid参数，但是如何为本地计算机检索它？

Answer 1

有时出于非常简单的原因CreateWellKnownSid需要DomainSid参数 - 它将DomainSid与众所周知的rid连接起来（向 sid 添加一个 SubAuthority）。

对于获取DomainSid，我们可以LsaQueryInformationPolicy与PolicyAccountDomainInformation 一起使用-检索系统帐户域的名称和 SID。- 此 api 调用返回POLICY_ACCOUNT_DOMAIN_INFO结构，其中存在DomainSid

#include <Ntsecapi.h>

ULONG CreateSid()
{
    LSA_HANDLE PolicyHandle;

    static LSA_OBJECT_ATTRIBUTES oa = { sizeof(oa) };

    NTSTATUS status = LsaOpenPolicy(0, &oa, POLICY_VIEW_LOCAL_INFORMATION, &PolicyHandle);

    if (0 <= status)
    {
        PPOLICY_ACCOUNT_DOMAIN_INFO ppadi;

        if (0 <= (status = LsaQueryInformationPolicy(PolicyHandle, PolicyAccountDomainInformation, (void**)&ppadi)))
        {
            PSID sid = alloca(MAX_SID_SIZE);

            ULONG cbSid = MAX_SID_SIZE;

            if (!CreateWellKnownSid(::WinAccountAdministratorSid, ppadi->DomainSid, sid, &cbSid))
            {
                status = GetLastError();
            }

            LsaFreeMemory(ppadi);
        }

        LsaClose(PolicyHandle);
    }

    return status;
}