/*++

Copyright (c) 1990  Microsoft Corporation

Module Name:

    regnames.txt

Abstract:

    This file describes the Configuration Registry namespace used to 
    back-store the LSA database.


Author:

    Scott Birrell (ScottBi) 11-June-1991

Revision History:

General:

The Local Security Authority (LSA) stores the Local Security Policy (LSP)
of a system in a subtree of the Configuration Registry.  The Registry 
consists of a hierarchy of nodes called "Keys".  Each Key can have associated
with it data called the "Value" of the Key.  A Key Value can also have a
"Key Value Type" associated with it when the value is set.

A full Registry Keyname has the following general syntax:

\Registry\KeyNameE\KeyNameE\..\KeyNameE.

where each KeyNameE is an "element" of the Key name.  We usually use the term 
"Keyname" to mean any element of the full name as indicated above.  Within the 
Registry, the Local Security Policy occupies the subtree

\Registry\RLM\Security\Protectd\LSP

which is so named because it is the Local Security Policy subtree of the
Protected part of the Security subtree of the Registry's Local Machine
information.

This file describes the content of Keys at all levels within this LSP.  We
first introduce some notation.

Notational Conventions:

o   Xxx is the Unicode name of a Registry Key element.  For example, 
    "PasswordExpires".

o   (Xxx) is a description of a Registry Key's name.  For example, 
    "(UserName)" might indicate that the Key name is a user's name.

o   [kvt,Value] kvt is the Key Value Type, and Value describes the
    value of a Registry Key.  If no specific Key Value Type is used,
    then [,Value] references just the value.   If the Key has a
    Key Value Type, but no Key Value, then [kvt,] notation is used.

o   Individual Keys or Key Values may be referenced in the description
    as the following examples show:

    LSP/Accounts/(AcctName)
       - references a particular Account Name.

    LSP/Accounts/(AcctName)[,Rid]
       - references a value of a named Key.

    .../(AcctName)   or
    .../(AcctName)[Rid] may also be used as a shorthand notation in which
        the first part of the Key has been omitted.

    NOTE: In several instances, a RID (Relative Id) is used as a Key name.  In 
    this case an ASCII conversion of the ULONG value is used.  The name is 
    printable and contains no zero bytes.

LSP Database Struture:


Using the above notation, the structure of the Registry namespace used to 
back-store the LSA's Local Security Policy (PSP) Database is as follows:

        LSP
        --+-
          +--  SecDesc [,SecurityDescriptor]
          +--  Domain [,SidValue]
          +--  AdminMod [,AdmininstrationModeValue]
          +--  OperMode [,OperationalModeValue]
          +--  Accounts [Count,]
               ----+
                   +--  (AccountName1) [AccountRid1,]
                   |    (...)
                   +--  (AccountNameN) [AccountRidN,]
                   |
                   +--  (AccountRid1) [,AccountName1]
                   |    (...)
                   +--  (AccountRidN) [,AccountNameN]

               BltAccts
               ----+--
                   +--  (BuiltInManagerAccountName) [AccountRidMGR,]
                   |    (...)
                   +--  (BuiltInGuestAccountName) [AccountRidGST,]
                   |
                   +--  (AccountRidMGR) [,BuiltInManagerAccountName]
                   |    (...)
                   +--  (AccountRidGST) [,BuiltInGuestAccountName]
          

    The structure under each User or Group Account (AccountRid) Key is
    is as follows:

                        (AccountRid)[PosixId,AccountName]
                        ----+---------
                            +-- SecDesc [,SecurityDescriptor]
                            +-- Privilgs [,PrivilegeSet]
                            +-- Quotas [,QuotaLimits]
                          
    The structure under each Built-in Account (AccountRid) is as follows:

                        (BuiltInAccountName) [AccountRid,]
                        ----+---------
                            +-- SecDesc [,SecurityDescriptor]
--*/
