发表新帖
发表新帖

How can I get the local group name for guests/administrators?

后端 未结
关注
5 795
死守一世寂寞
死守一世寂寞 2020-12-29 08:21

Question:

I use the code found at http://support.microsoft.com/kb/306273

to add a windows user. The problem is i need to add the user to a group, but the gro

相关标签:
5条回答
  • 生来不讨喜
    2020-12-29 08:53

    Looking up the account by SID is the best way to go. It's a bit contrived, but the way it works is this:

    • The Administrator account's SID always starts with S-1-5-21 and ends with -500. Everything else in-between is random (the domain's SID).

    • The Guest account's SID always starts with S-1-5-21 and ends with -501.

    The Microsoft KB article describing this is available here.

    To find these accounts, you'd have to enumerate all of the accounts on the local machine and find which SIDs start with and end with those numbers. Once they match, you've got the built-in accounts. Not the nicest way to do it, but it works.

    There is also a group policy setting under Security Settings\Local Policies\Security Options called Accounts: Rename administrator account and Accounts: Rename guest account. I wasn't able to find where in the registry these settings are stored, but if you are able to find out and you look them up, you will most likely be able to get the "official" names of these two accounts.

    0 讨论(0)
  • 猫巷女王i
    2020-12-29 08:56

    You can use this code, the returned value is correct for non-english systems:

    var guestsGroup = new SecurityIdentifier(WellKnownSidType.BuiltinGuestsSid, null).Translate(typeof(NTAccount)).Value;
    0 讨论(0)
  • 南方客
    2020-12-29 08:56

    You should be able to use the WindowsIdentity and WindowsPrincipal classes:

    Dim currentIdentity as WindowsIdentity = WindowsIdentity.GetCurrent()
Dim currentPrincipal as WindowsPrincipal = New WindowsPrincipal(currentIdentity)

If currentPrincipal.IsInRole(WindowsBuiltInRole.Guest) Then
   Foobar()
End If

    Nevermind, I see you were actually trying to ADD a user to the group.

    0 讨论(0)
  • 余生分开走
    2020-12-29 08:59

    This page has some code for getting user details and checking them.

    This code:

    public IdentityReferenceCollection GetUserGroups()
{
    System.Security.Principal.WindowsIdentity currentUser =
                      System.Security.Principal.WindowsIdentity.GetCurrent();
    return currentUser.Groups;
}

    returns the current user's groups.

    More details on the WindowsIdentityclass as a whole can be found here, with the Groups property here.

    0 讨论(0)
  • 暗喜
    2020-12-29 09:09

    As you have pointed out, the names of groups are localised depending on system language.

    For 'well known' groups like 'Administrators' and 'Guests' you should retrieve based on the SID. The SID for Guests is:

    S-1-5-32-546

    There is a list of well known SIDs here:

    http://support.microsoft.com/kb/243330

    Code to get the group name from the SID can be found here

    0 讨论(0)
 看不清?
提交回复
热议问题