Scott Hanselman

Finding out the name of the EVERYONE Group on a non-english (International) version of Windows

July 21, 2003 Comment on this post [1] Posted in Web Services | Internationalization
Sponsored By

I preach a lot about awareness around issues of Internationalization.  Issues arise when we make assumptions.  For example, if you have code that assumes the security group "Everyone" is called "Everyone" on a non-english Windows box...well, you can guess that "results are not guaranteed."

Typically (in C++/SDK) you don't refer to these groups by name, but rather by SID.  Depending on what you're doing, there's a number of ways to figure these things out.  Perhaps instead of using “Everyone,” use the Everyone SID: (S-1–1–0)

You may want to call AllocateAndInitializeSid...see Creating Security Descriptor and most importantly the list of Well-Known SIDs.

Call AllocateAndInitializeSid to obtain the SID of the Everyone group. In the parameters passed to AllocateAndInitializeSid, the number of subauthorities in the SID is set to 1, and the value of the first subauthority is set to SECURITY_WORLD_RID.

PSID BuildEveryoneSid() {
   BOOL fSuccess = AllocateAndInitializeSid(&auth, 1,
      SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pSID);
   return(fSuccess ? pSID : NULL);
} //(Call FreeSid() when you’re done…)

Or, call LookupAccountSID and receive the name as an out parameter.

Or, use this Russian fellow's old util. (sid2user, user2sid, source code here.) from the command line or script and get output like this: 

C:\Documents and Settings\SHanselm\Desktop\Utils>user2sid "Everyone"
Number of subauthorities is 1
Domain is
Length of SID in memory is 12 bytes
Type of SID is SidTypeWellKnownGroup

C:\Documents and Settings\SHanselm\Desktop\Utils>sid2user 1 S-1-1-0
Name is Everyone
Domain is
Type of SID is SidTypeWellKnownGroup

I'm sure there's a way to do with from both Windows Scripting Host (VBS) and .NET (C#) given a SID, so if you know, let me know.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Hosting By
Hosted in an Azure App Service
July 22, 2003 0:25
Yep, we hit the same problem setting IIS and folder security permissions from a home grown installer till we figured out that using 'Everyone" wasn't very safe, code or security wise!


Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.