- Determine non-logged-in user's group membership?
- Posted by Gandoo Rampud on December 7th, 2006
Hi, given nothing more than a username, I need to determine if they are
a member of a particular group. I can determine this quite easily if I have
a token for that user, but this requires LogonUser(), and I don't want to
go that far.
Is there a Win32 API that to facilitate this? I get the feeling I'll have
to go the
route of acquiring the user's SID before being able to enumerate their group
membership, so what are the APIs for acquiring a user's SID?
- Posted by Sten Westerback \(MVP SDK\) on December 13th, 2006
"Gandoo Rampud" <GandooRampud@here.com> wrote in message
news:twRdh.70265$bz5.28944@fe3.news.blueyonder.co. uk...
You can fine the SID of the user profiles under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
(or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileGuid on newer OS versions).
Or you can just use the API's like this function of mine:
SID *p_sidFromAccount(char *p_szAccount, DWORD *p_dwLen)
{
SID *p_sid;
DWORD dw=0, dwC=0;
SID_NAME_USE snu=0;
char szDom[100];
if (p_dwLen!=NULL) *p_dwLen=0;
if (p_szAccount==NULL) return NULL;
LookupAccountName(NULL, p_szAccount, NULL, &dw, NULL, &dwC, &snu);
if (dw==0) return NULL;
if ((p_sid=malloc(dw+1))==NULL) return NULL;
if (LookupAccountName(NULL, p_szAccount, p_sid, &dw, szDom, &dwC, &snu))
{ if (p_dwLen!=NULL) *p_dwLen=dw; return p_sid; }
free(p_sid); return NULL;
}
- Sten
- How to determine if logged into AD (Development Resources) by JRB
- Group membership (Help and Support) by pdg
- Help! Want to determine which Computer(s) a user is logged in on (Security & Administration) by Zep
- Any way to refresh group membership while logged in? (Security & Administration) by Byron
- Determine if CFtpConnection has 'logged out' (Development Resources) by Gernot Frisch
