http://bugs.winehq.org/show_bug.cgi?id=20643
--- Comment #24 from Ben Peddell klightspeed@netspace.net.au 2009-12-05 06:36:51 --- Created an attachment (id=25080) --> (http://bugs.winehq.org/attachment.cgi?id=25080) Testcase to list groups present in a process token
(In reply to comment #23)
The Users group implicitly includes all users with 'limited' users accouts, plus BUILTIN\INTERACTIVE and BUILTIN\AUTHENTICATED groups both on XP and Vista. So all local users, administrators, network users etc. are members of Users group, and Wine should correctly emulate this behaviour. User not in Users group isn't a WoW bug, it's abnormal condition.
By default, NT AUTHORITY\INTERACTIVE and NT AUTHORITY\Authenticated Users are members of the BUILTIN\Users group. They can be removed from the BUILTIN\Users group using the Local Users and Groups MMC snapin. However, doing so will almost certainly break some assumptions made by Windows programs.
Unless a person creates a new group that permits interactive logins, removing INTERACTIVE and Authenticated from Users will prevent those not in the Users group (including Administrators on Vista) from logging on.
Any breakages of the World of Warcraft launcher on Windows are almost certainly due to administrators breaking their system, World of Warcraft requiring all users on a system be given full access to its directory, and/or administrators not fixing the permissions on the World of Warcraft directory.
The attached testcase was used in this investigation. If it shows the token containing the BUILTIN\Users group, then the user should be able to access the World of Warcraft directory with the permissions the launcher sets.
If it shows the token not containing the BUILTIN\Users group, and the INTERACTIVE and Authenticated groups have not been removed from Users, please leave a comment with the operating system in use, how the user is logging in, and the output of the testcase (possibly redacting any non-builtin accounts).