2 files changed, 25 insertions, 2 deletions

diff --git a/source3/lib/account_pol.c b/source3/lib/account_pol.c
index 75a1d62ee7..0694b1c3f8 100644
--- a/source3/lib/account_pol.c
+++ b/source3/lib/account_pol.c
@@ -288,12 +288,17 @@ BOOL init_account_policy(void)
 	/* These exist by default on NT4 in [HKLM\SECURITY\Policy\Accounts] */
 
 	privilege_create_account( &global_sid_World );
-	privilege_create_account( &global_sid_Builtin_Administrators );
 	privilege_create_account( &global_sid_Builtin_Account_Operators );
 	privilege_create_account( &global_sid_Builtin_Server_Operators );
 	privilege_create_account( &global_sid_Builtin_Print_Operators );
 	privilege_create_account( &global_sid_Builtin_Backup_Operators );
 
+	/* BUILTIN\Administrators get everything -- *always* */
+
+	if ( !grant_all_privileges( &global_sid_Builtin_Administrators ) ) {
+		DEBUG(0,("init_account_policy: Failed to grant privileges to BUILTIN\\Administrators!\n"));
+	}
+
 	return True;
 }
 
diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c
index ee69613df0..d77d7857d7 100644
--- a/source3/lib/privileges.c
+++ b/source3/lib/privileges.c
@@ -867,9 +867,27 @@ BOOL privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset )
 /*******************************************************************
 *******************************************************************/
 
-BOOL is_privileged_sid( DOM_SID *sid )
+BOOL is_privileged_sid( const DOM_SID *sid )
 {
 	SE_PRIV mask;
 	
 	return get_privileges( sid, &mask );
 }
+
+/*******************************************************************
+*******************************************************************/
+
+BOOL grant_all_privileges( const DOM_SID *sid )
+{
+	int i;
+	SE_PRIV mask;
+	uint32 num_privs = count_all_privileges();
+
+	se_priv_copy( &mask, &se_priv_none );
+	
+	for ( i=0; i<num_privs; i++ ) {
+		se_priv_add(&mask, &privs[i].se_priv); 
+	}
+
+	return grant_privilege( sid, &mask );
+}