Re: How to get the user logon privilege on win2k/xp??
From: Marco Peretti (marcoper_at_newsgroup.nospam)
Date: 02/28/05
- Previous message: Jordan Samulaitis: "IPSec Policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Feb 2005 10:12:58 +0100
Tim,
the privileges are listed in a process token. Call OpenProcessToken() and
then GetTokenInformation with TokenPrivileges info class.
hope it helps.
-- marco [alla] neovalens [punto] com [ www.neovalens.com ] ---- "Tim" <tzhong@hotmail.com> wrote in message news:uN6uvPN$EHA.2076@TK2MSFTNGP15.phx.gbl... > My question in short, how do I get (not add or remove) a user's logon > privileges set from "local security policy", such as rights to "log on as > a > service", "log on locally"? LsaEnumerateUserRights() doesn't work well > since > it doesn't include any rights inherited from parent groups. > > And this is a long, more detailed version of my question: > On win2k each user has his own "local security policy" settings, and among > them there are several "logon rights", such as "log on as a service", "log > on locally", etc. Adding or removing such a privilege can be easily done > by > calling functions like "LsaAdd/RemoveAccountRights()". These privileges > have > names like "SeServiceLogonRight", "SeDenyInteractiveLogonRight", etc. > > There is also a function called "LsaEnumerateAccountRights()" - it, > however, > only goes through the privileges the user DIRECTLY owns, i.e., it does NOT > return those rights inherited from the groups the user belongs to. So my > question is, is there any simple way to find out all privileges, directly > owned or inherited, without iterating through all parent (and grandparent) > groups? > > Thanks, > Tim > > >
- Previous message: Jordan Samulaitis: "IPSec Policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
