Getting the list of users in a host. Followup to a previous quest
From: Sudhakar Govindavajhala (sudhakarg79_re_move_me_at_hotmail.com)
Date: Tue, 17 May 2005 18:09:36 -0700
[ I asked a related question in March. Thanks to OShah and Raghu Malpani
for posting their thoughts.
Now, I have a followup question. Given a user, I know how to get the
groups to which a user belongs. I am trying to generate a list of local
users on my host. (No active directory.) Can someone tell me how to do it?
A solution I am able to think of is to use LsaEnumerateAccountsWithUserRight
and see who has SE_INTERACTIVE_LOGON_NAME and SE_NETWORK_LOGON_NAME rights.
Can someone tell me a better way to do it? Is there an enumerate API that
will list all the SIDs that are mentioned in the LSA?
Another thing I want to do is to get an idea of what the process token looks
like after the user logs in. Is there a way I can do this easily? Can
someone tell me the detailed steps involved in logging in a user. After the
GINA/LSA authenticates the user, how does one go about constructing the
process token for the first process? (explorer.exe??) Given a process
token, my program knows if the process can access resource X. Now I am
trying to see if a user Y who logs in has access to resource X.
Thanks for being patient with my questions. I am newbie trying to become an
expert on these stuff.