Getting the list of users in a host. Followup to a previous quest

From: Sudhakar Govindavajhala (sudhakarg79_re_move_me_at_hotmail.com)
Date: 05/18/05

  • Next message: Sudhakar Govindavajhala: "Link for previous question"
    Date: Tue, 17 May 2005 18:09:36 -0700
    
    

    Hi there,

     [ I asked a related question in March. Thanks to OShah and Raghu Malpani
    for posting their thoughts.
    http://msdn.microsoft.com/newsgroups/default.aspx?dg=microsoft.public.platformsdk.security&tid=20aa3f28-a8a4-4c6c-94fb-542db5342eab&cat=en-us-msdn-windev-winsdk&lang=en&cr=US&sloc=en-us&m=1&p=1]

    Now, I have a followup question. Given a user, I know how to get the
    groups to which a user belongs. I am trying to generate a list of local
    users on my host. (No active directory.) Can someone tell me how to do it?
    A solution I am able to think of is to use LsaEnumerateAccountsWithUserRight
    and see who has SE_INTERACTIVE_LOGON_NAME and SE_NETWORK_LOGON_NAME rights.
    Can someone tell me a better way to do it? Is there an enumerate API that
    will list all the SIDs that are mentioned in the LSA?

    Another thing I want to do is to get an idea of what the process token looks
    like after the user logs in. Is there a way I can do this easily? Can
    someone tell me the detailed steps involved in logging in a user. After the
    GINA/LSA authenticates the user, how does one go about constructing the
    process token for the first process? (explorer.exe??) Given a process
    token, my program knows if the process can access resource X. Now I am
    trying to see if a user Y who logs in has access to resource X.

    Thanks for being patient with my questions. I am newbie trying to become an
    expert on these stuff.

    regards,
    Sudhakar


  • Next message: Sudhakar Govindavajhala: "Link for previous question"