Re: Manage User Privileges Programmatically
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 10/22/05
- Next message: Steven L Umbach: "Re: User List of all group at Domain or Local Account"
- Previous message: Steven L Umbach: "Re: Missing Group for local admin group"
- In reply to: ciuly0_at_gmail.com: "Manage User Privileges Programmatically"
- Next in thread: David Wang [Msft]: "Re: Manage User Privileges Programmatically"
- Reply: David Wang [Msft]: "Re: Manage User Privileges Programmatically"
- Reply: Larry Smith: "Re: Manage User Privileges Programmatically"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 22 Oct 2005 11:20:26 -0700
I am not pointing you at a .h here, but rather commenting on what
you seem to be trying to do, which is fool with the user rights.
As a dev I understand the need to make sure that an account has
the needed rights. As an admin I have disgust at installers that fool
with the user rights settings, which generally I have locked down by
use of group policy. On one of my machines your installer would
result in a non-working install as soon as group policy applied from
the AD level. Worse, as your installed thought all was good, I have
no indication that the service account was granted the right, which
later disappears.
Solution: document in the install docs that your installed expects a
group named "x" that is granted the user right to log on as a service,
and give the admin a way to specify "x" if they do not like your
default. Your installer just makes sure the account is in the group.
Everyone is happy. It works with group policy latch down, your
install works and keeps working, and admins do not feel your install
is being sneeky tweaking critical settings behind the scenes.
<ciuly0@gmail.com> wrote in message
news:1129899960.165326.100260@f14g2000cwb.googlegroups.com...
> Hi all,
>
> I am trying to translate the code from the following article into
> delphi. I mostly succedded but I cannot seem to find the definition of
> 3 constants. I looked in the latest platform sdk and they are simply
> not there.
>
> the article in question:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;132958
>
> the constants:
> ACCOUNT_ADJUST_SYSTEM_ACCESS
> ACCOUNT_VIEW
> ACCOUNT_ADJUST_PRIVILEGES
>
> I did found a file NTSecApi.h but it deosn't contain those definitions.
> I think that since the article relates to win nt and 2000 maybe those
> definitions are present in the nt or 2000 platform sdk. I couldn't get
> a copy of any of the 2 and that is why I am asking for your help.
>
> I also looked into the reactOS and wine sources, but with no luck.
>
> If the above is not possible, then I would like another way of
> programatically manage a users privilege.
> What I am trying to do is programatically grant the "Logon as a
> service" right to a newly created user. I need something that will work
> at least on winxp, and it will be better if it will run on all windows
> nt platforms.
>
> Thanks in advance for your help.
>
- Next message: Steven L Umbach: "Re: User List of all group at Domain or Local Account"
- Previous message: Steven L Umbach: "Re: Missing Group for local admin group"
- In reply to: ciuly0_at_gmail.com: "Manage User Privileges Programmatically"
- Next in thread: David Wang [Msft]: "Re: Manage User Privileges Programmatically"
- Reply: David Wang [Msft]: "Re: Manage User Privileges Programmatically"
- Reply: Larry Smith: "Re: Manage User Privileges Programmatically"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
