wu071697
asked on
User/Domain Name & Password verification
I would like to retrieve the UserID and Domain Name, of someone logged onto an NT domain, from an NT workstation, then prompt the user for there password and verify it.
Thanks in advance.
Thanks in advance.
Could you describe a little more about your application, what do you want to do? I know of a way to verify NT passwords, but it requires a special user right for the logged on user.
ASKER
The user running the problem will be an account operator.
I want to ensure that someone can not just sit down at the workstation, if the account operator has stepped away, and run the program themselves.
The program will be used to maintain certain aspects of user accounts. I want the userID and domain to be dynamic in case it changes. (User manager for Domains not used to limited ability to reak havoc).
I want to ensure that someone can not just sit down at the workstation, if the account operator has stepped away, and run the program themselves.
The program will be used to maintain certain aspects of user accounts. I want the userID and domain to be dynamic in case it changes. (User manager for Domains not used to limited ability to reak havoc).
This is how to do a user validation under Windows NT. In order for this to work, the user account which runs the program must either be the SYSTEM account or an account with the SeTcbPrivilege - "Act as part of the operating system" user right.
The user account which is validated must have the appropriate privilege too, depending on whether you will use
LOGON32_LOGON_BATCH, LOGON32_LOGON_INTERACTIVE or LOGON32_LOGON_SERVICE.
In hope this will work in your case, I haven't tried it with verifying the same user that is currently logged on. It might be that you have to use some other switch than LOGON32_LOGON_INTERACTIVE,
Declarations:
Private Declare Function LogonUser Lib "advapi32" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function GetLastError Lib "kernel32" () As Long
Private Const LOGON32_PROVIDER_DEFAULT = 0
Private Const LOGON32_LOGON_BATCH = 4
Private Const LOGON32_LOGON_INTERACTIVE = 2
Private Const LOGON32_LOGON_SERVICE = 5
Validation function:
Replace username, domain and password with the values to be verified. Use either LOGON32_LOGON_BATCH, LOGON32_LOGON_INTERACTIVE or LOGON32_LOGON_SERVICE. In this example I use LOGON32_LOGON_BATCH, which means that the user account which is being verified must have the "Logon as a batch job" user right.
Private Sub Command1_Click()
Dim token As Long, status As Long
token = 0
status = LogonUser("username", "domain", "password", _
LOGON32_LOGON_BATCH, _
LOGON32_PROVIDER_DEFAULT, token)
If status = 0 Then
MsgBox "Logon Failed"
Else
MsgBox "Logon successful"
CloseHandle token
End If
End Sub
The user account which is validated must have the appropriate privilege too, depending on whether you will use
LOGON32_LOGON_BATCH, LOGON32_LOGON_INTERACTIVE or LOGON32_LOGON_SERVICE.
In hope this will work in your case, I haven't tried it with verifying the same user that is currently logged on. It might be that you have to use some other switch than LOGON32_LOGON_INTERACTIVE,
Declarations:
Private Declare Function LogonUser Lib "advapi32" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function GetLastError Lib "kernel32" () As Long
Private Const LOGON32_PROVIDER_DEFAULT = 0
Private Const LOGON32_LOGON_BATCH = 4
Private Const LOGON32_LOGON_INTERACTIVE = 2
Private Const LOGON32_LOGON_SERVICE = 5
Validation function:
Replace username, domain and password with the values to be verified. Use either LOGON32_LOGON_BATCH, LOGON32_LOGON_INTERACTIVE or LOGON32_LOGON_SERVICE. In this example I use LOGON32_LOGON_BATCH, which means that the user account which is being verified must have the "Logon as a batch job" user right.
Private Sub Command1_Click()
Dim token As Long, status As Long
token = 0
status = LogonUser("username", "domain", "password", _
LOGON32_LOGON_BATCH, _
LOGON32_PROVIDER_DEFAULT, token)
If status = 0 Then
MsgBox "Logon Failed"
Else
MsgBox "Logon successful"
CloseHandle token
End If
End Sub
To get the current user:
Declare Function GetUserName Lib "advapi32" Alias "GetUserNameA" (ByVal name as String, namelen as Long) As Long
Dim a as String
Dim alen as Long
alen = 256
a = string(256,0)
if GetUserName( a, alen) = 0 then
Print "Could not get user name"
else
print "User name is " & a
End if
Declare Function GetUserName Lib "advapi32" Alias "GetUserNameA" (ByVal name as String, namelen as Long) As Long
Dim a as String
Dim alen as Long
alen = 256
a = string(256,0)
if GetUserName( a, alen) = 0 then
Print "Could not get user name"
else
print "User name is " & a
End if
To get the domain of a user:
Declare Function LookupAccountName Lib "advapi32.dll" Alias "LookupAccountNameA" (ByVal lpSystemName As String, ByVal lpAccountName As String, ByVal Sid As String, cbSid As Long, ByVal ReferencedDomainName As String, cbReferencedDomainName As Long, peUse As Long) As Long
dim dname as string
dim sid as string
dim sidlen as long
dim dlen as long
dim use as long
dname=string(256,0)
sid=string(256,0)
sidlen=256
dlen=256
if lookupaccountname(vbnullst
print "Error looking up account"
else
print "Domain of account is " & left(dname,instr(dname,chr
end if
Declare Function LookupAccountName Lib "advapi32.dll" Alias "LookupAccountNameA" (ByVal lpSystemName As String, ByVal lpAccountName As String, ByVal Sid As String, cbSid As Long, ByVal ReferencedDomainName As String, cbReferencedDomainName As Long, peUse As Long) As Long
dim dname as string
dim sid as string
dim sidlen as long
dim dlen as long
dim use as long
dname=string(256,0)
sid=string(256,0)
sidlen=256
dlen=256
if lookupaccountname(vbnullst
print "Error looking up account"
else
print "Domain of account is " & left(dname,instr(dname,chr
end if
ASKER
Does anyone know how the Windows NT screensaver validates the password before releasing the screensaver?
This is not done by the screen saver itself. A screen saver is not run on the current users desktop, but on a special desktop, and the NT SYSTEM handles password verification automatically.
So, have you found any better answer? I am interested in knowing if there's another way myself.
ASKER
I tried playing with the settings, but with no luck. I am not comfortable giving the user SYSTEM priviledges. Could you recommend somewhere that I can find out about how the screen saver works? Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
tward: I can't find neither PASSWORD.CPL nor PWDPROVIDER on my WinNT system. I can find them in Win95 though. Are you sure that it exists under WinNT?
I am not sure... There is very little information on them even under Windows 95... I have been able to make a Screen Saver that uses the Windows 95 standard Change Password and Verify Password when the user tries to quit the Screen Saver using both PASSWORD.CPL and MPR.DLL under Windows 95..
PWPROVIDER is in the Windows 95 registry, I'll have to check on the NT System that I have here...
PWPROVIDER is in the Windows 95 registry, I'll have to check on the NT System that I have here...
Define : Declare Function WNetGetUser Lib "mpr" Alias "WNetGetUserA" (ByVal lpName As String, ByVal lpUserName As String, lpnLength As Long) As Long
Then in code / a sub :
dim sUserName As String * 255
dummy = WNetGetUser("", sUserName, 255)
If dummy = 0 Then
'-- Trim trailing Null char
sGotName = Left$(sUserName, InStr(sUserName, Chr$(0)) - 1)
Else
'-- User not logged
sGotName = ""
End If
-
Hope it helps ! Bye