@@ -12,7 +12,6 @@ import (

 	"github.com/docker/docker/pkg/idtools"

 	"github.com/docker/docker/pkg/jsonmessage"

 	"github.com/docker/docker/pkg/system"

-	"github.com/pkg/errors"

 	"golang.org/x/sys/windows"

 )

@@ -31,13 +30,7 @@ func getAccountIdentity(builder *Builder, accountName string, ctrRootPath string

 		sid, err := windows.StringToSid(accountName)

 		if err == nil {

-			accountSid, err := sid.String()

-

-			if err != nil {

-				return idtools.Identity{SID: ""}, errors.Wrapf(err, "error converting SID to string")

-			}

-

-			return idtools.Identity{SID: accountSid}, nil

+			return idtools.Identity{SID: sid.String()}, nil

 		}

 	}

@@ -46,13 +39,7 @@ func getAccountIdentity(builder *Builder, accountName string, ctrRootPath string

 	// If this is a SID that is built-in and hence the same across all systems then use that.

 	if err == nil && (accType == windows.SidTypeAlias || accType == windows.SidTypeWellKnownGroup) {

-		accountSid, err := sid.String()

-

-		if err != nil {

-			return idtools.Identity{SID: ""}, errors.Wrapf(err, "error converting SID to string")

-		}

-

-		return idtools.Identity{SID: accountSid}, nil

+		return idtools.Identity{SID: sid.String()}, nil

 	}

 	// Check if the account name is one unique to containers.

@@ -5,7 +5,6 @@ import (

 	"os"

 	"unsafe"

-	winio "github.com/Microsoft/go-winio"

 	"github.com/docker/docker/pkg/signal"

 	"github.com/sirupsen/logrus"

 	"golang.org/x/sys/windows"

@@ -17,7 +16,7 @@ func (d *Daemon) setupDumpStackTrap(root string) {

 	// signaled. ACL'd to builtin administrators and local system

 	event := "Global\\stackdump-" + fmt.Sprint(os.Getpid())

 	ev, _ := windows.UTF16PtrFromString(event)

-	sd, err := winio.SddlToSecurityDescriptor("D:P(A;;GA;;;BA)(A;;GA;;;SY)")

+	sd, err := windows.SecurityDescriptorFromString("D:P(A;;GA;;;BA)(A;;GA;;;SY)")

 	if err != nil {

 		logrus.Errorf("failed to get security descriptor for debug stackdump event %s: %s", event, err.Error())

 		return

@@ -25,7 +24,7 @@ func (d *Daemon) setupDumpStackTrap(root string) {

 	var sa windows.SecurityAttributes

 	sa.Length = uint32(unsafe.Sizeof(sa))

 	sa.InheritHandle = 1

-	sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))

+	sa.SecurityDescriptor = sd

 	h, err := windows.CreateEvent(&sa, 0, 0, ev)

 	if h == 0 || err != nil {

 		logrus.Errorf("failed to create debug stackdump event %s: %s", event, err.Error())

@@ -11,7 +11,6 @@ import (

 	"time"

 	"unsafe"

-	winio "github.com/Microsoft/go-winio"

 	"golang.org/x/sys/windows"

 )

@@ -103,13 +102,13 @@ func mkdirall(path string, applyACL bool, sddl string) error {

 // and Local System.

 func mkdirWithACL(name string, sddl string) error {

 	sa := windows.SecurityAttributes{Length: 0}

-	sd, err := winio.SddlToSecurityDescriptor(sddl)

+	sd, err := windows.SecurityDescriptorFromString(sddl)

 	if err != nil {

 		return &os.PathError{Op: "mkdir", Path: name, Err: err}

 	}

 	sa.Length = uint32(unsafe.Sizeof(sa))

 	sa.InheritHandle = 1

-	sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))

+	sa.SecurityDescriptor = sd

 	namep, err := windows.UTF16PtrFromString(name)

 	if err != nil {