Re: How to add a user to a group and programatically see that in its token
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 6 Feb 2008 11:17:21 -0600
Do you need a real kernel mode token or do you just need to verify the group
membership? If the former, you could potentially use S4U to create a kernel
mode token for the user based only on their username. That requires AD 2003
and server 2003 and only works with domain accounts.
If you could deal with a "user mode" token, would
AuthzInitializeContextFromSid work for you?
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Garfield Lewis" <galewis@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:Oz49eMNaIHA.4712@xxxxxxxxxxxxxxxxxxxxxxx
Hi Kellie,
Thx, for the response but I guess I just wasn't too clear to begin with.
What I want to do is add a user to a group (which I already know how to
do) then without using LogonUser to get a brand new token (since I likely
will not have the users password). I was wondering if there was anyway for
me to get a token for that user that would show that it has been added to
the new group? I had thought ImpersonateSelf would do this but when I
inspect the token returned it doesn't have the new group listed.
--
Garfield A. Lewis
"Kellie Fitton" <KELLIEFITTON@xxxxxxxxx> wrote in message
news:c6f05f63-1951-4e91-8dc0-1c3f79b96ef7@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Feb 5, 10:59 am, "Garfield Lewis" <gale...@xxxxxxxxxxxxxxxxxxxxxx>
wrote:
Hi,
I want to be able to create a group, add a user to that group then
(without
using LogonUser) get a token for that user that lists the user as a
member
of that new group. Is this possible? This all has to be done in one shot
inside of my program.
Thx,
--
Garfield A. Lewis
Hi,
You can use the following APIs to add a user account and assigns
a password and privilege level:
NetUserAdd()
NetUserSetInfo()
NetGroupAddUser()
NetGroupSetUsers()
NetLocalGroupAddMembers()
http://msdn2.microsoft.com/en-us/library/aa370649(VS.85).aspx
http://msdn2.microsoft.com/en-us/library/aa370659(VS.85).aspx
http://msdn2.microsoft.com/en-us/library/aa370425(VS.85).aspx
http://msdn2.microsoft.com/en-us/library/aa370432(VS.85).aspx
http://msdn2.microsoft.com/en-us/library/aa370436(VS.85).aspx
Kellie.
.
- Follow-Ups:
- Re: How to add a user to a group and programatically see that in its token
- From: Garfield Lewis
- Re: How to add a user to a group and programatically see that in its token
- References:
- How to add a user to a group and programatically see that in its token
- From: Garfield Lewis
- Re: How to add a user to a group and programatically see that in its token
- From: Kellie Fitton
- Re: How to add a user to a group and programatically see that in its token
- From: Garfield Lewis
- How to add a user to a group and programatically see that in its token
- Prev by Date: Whether a key container is persist
- Next by Date: Re: How to add a user to a group and programatically see that in its token
- Previous by thread: Re: How to add a user to a group and programatically see that in its token
- Next by thread: Re: How to add a user to a group and programatically see that in its token
- Index(es):
Relevant Pages
|
