From fa38a155cf2019c1fc7904ab47d37c0e7e558c13 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 21 Feb 2014 15:25:46 -0500
Subject: [PATCH] WindowsAuthProvider setting to restrict BUILTIN\Administrators

---
 src/main/java/com/gitblit/auth/WindowsAuthProvider.java |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/gitblit/auth/WindowsAuthProvider.java b/src/main/java/com/gitblit/auth/WindowsAuthProvider.java
index 93cae04..ac15b28 100644
--- a/src/main/java/com/gitblit/auth/WindowsAuthProvider.java
+++ b/src/main/java/com/gitblit/auth/WindowsAuthProvider.java
@@ -158,9 +158,11 @@
        		groupNames.add(group.getFqn());
         }
 
-        if (groupNames.contains("BUILTIN\\Administrators")) {
-        	// local administrator
-        	user.canAdmin = true;
+       	if (settings.getBoolean(Keys.realm.windows.permitBuiltInAdministrators, true)) {
+       		if (groupNames.contains("BUILTIN\\Administrators")) {
+       			// local administrator
+       			user.canAdmin = true;
+       		}
         }
 
         // TODO consider mapping Windows groups to teams

--
Gitblit v1.9.1