It might not be as glorious as the "root" but Administrators command similar rights and privileges. But not every locale uses that string to identify the all powerful group of users. That might introduce interesting bugs. Even in some microsoft tools.

 

Use of well known SID is how these sort of bugs can be avoided. .Net has WellKnownSidType enumeration that makes it quite easy but in the unmanaged world, it’s a 2 step process. You have to create the SID yourself. The constants are defined in sddl.h to get admin SID you can do something like this:

 

PSID GetAdminSID()

{

SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_NT_AUTHORITY;

PSID pSID = NULL;

 

if(! AllocateAndInitializeSid( &SIDAuth, 2,

SECURITY_BUILTIN_DOMAIN_RID,

DOMAIN_ALIAS_RID_ADMINS,

0, 0, 0, 0, 0, 0,

&pSID) )

{

ThrowExceptionUsingHr(HRESULT_FROM_WIN32(GetLastError()));

}

 

return pSID;

}

 

Make sure that you free the SID created above using FreeSid()

 

Edit: Michael Kaplan has more details about the bug in Microsoft tools that I was referring to above.