User/Domain Name & Password verification

I would like to retrieve the UserID and Domain Name, of someone logged onto an NT domain, from an NT workstation, then prompt the user for there password and verify it.
Thanks in advance.
wu071697Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ESICommented:
You can retrieve the username and define if (s)he is logged thanks to the mpr dll. Have a look at the mprsvr.dll, for server-host facilities.
Define : Declare Function WNetGetUser Lib "mpr" Alias "WNetGetUserA" (ByVal lpName As String, ByVal lpUserName As String, lpnLength As Long) As Long

Then in code / a sub :
dim sUserName As String * 255
dummy = WNetGetUser("", sUserName, 255)
If dummy = 0 Then
    '-- Trim trailing Null char
    sGotName = Left$(sUserName, InStr(sUserName, Chr$(0)) - 1)
Else
    '-- User not logged
    sGotName = ""
End If

-
Hope it helps ! Bye
0
y96andhaCommented:
Could you describe a little more about your application, what do you want to do? I know of a way to verify NT passwords, but it requires a special user right for the logged on user.
0
wu071697Author Commented:
The user running the problem will be an account operator.

I want to ensure that someone can not just sit down at the workstation, if the account operator has stepped away, and run the program themselves.

The program will be used to maintain certain aspects of user accounts.  I want the userID and domain to be dynamic in case it changes.  (User manager for Domains not used to limited ability to reak havoc).
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

y96andhaCommented:
This is how to do a user validation under Windows NT. In order for this to work, the user account which runs the program must either be the SYSTEM account or an account with the SeTcbPrivilege - "Act as part of the operating system" user right.

The user account which is validated must have the appropriate privilege too, depending on whether you will use
LOGON32_LOGON_BATCH, LOGON32_LOGON_INTERACTIVE or LOGON32_LOGON_SERVICE.

In hope this will work in your case, I haven't tried it with verifying the same user that is currently logged on. It might be that you have to use some other switch than LOGON32_LOGON_INTERACTIVE, as that user is already interactively logged on.

Declarations:


Private Declare Function LogonUser Lib "advapi32" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function GetLastError Lib "kernel32" () As Long
Private Const LOGON32_PROVIDER_DEFAULT = 0
Private Const LOGON32_LOGON_BATCH = 4
Private Const LOGON32_LOGON_INTERACTIVE = 2
Private Const LOGON32_LOGON_SERVICE = 5



Validation function:

Replace username, domain and password with the values to be verified. Use either LOGON32_LOGON_BATCH, LOGON32_LOGON_INTERACTIVE or LOGON32_LOGON_SERVICE. In this example I use LOGON32_LOGON_BATCH, which means that the user account which is being verified must have the "Logon as a batch job" user right.


Private Sub Command1_Click()
 Dim token As Long, status As Long
 token = 0
 status = LogonUser("username", "domain", "password", _
LOGON32_LOGON_BATCH, _
LOGON32_PROVIDER_DEFAULT, token)
 If status = 0 Then
 MsgBox "Logon Failed"
 Else
 MsgBox "Logon successful"
 CloseHandle token
 End If
End Sub
0
y96andhaCommented:
To get the current user:

Declare Function GetUserName Lib "advapi32" Alias "GetUserNameA" (ByVal name as String, namelen as Long) As Long

Dim a as String
Dim alen as Long
alen = 256
a = string(256,0)
if GetUserName( a, alen)  = 0 then
 Print "Could not get user name"
else
 print "User name is " & a
End if


0
y96andhaCommented:
To get the domain of a user:

Declare Function LookupAccountName Lib "advapi32.dll" Alias "LookupAccountNameA" (ByVal lpSystemName As String, ByVal lpAccountName As String, ByVal Sid As String, cbSid As Long, ByVal ReferencedDomainName As String, cbReferencedDomainName As Long, peUse As Long) As Long

dim dname as string
dim sid as string
dim sidlen as long
dim dlen as long
dim use as long

dname=string(256,0)
sid=string(256,0)
sidlen=256
dlen=256

if lookupaccountname(vbnullstring, "Username", sid, sidlen, dname, dlen, use) = 0 then
 print "Error looking up account"
else
 print "Domain of account is " & left(dname,instr(dname,chr(0)) - 1)
end if

0
wu071697Author Commented:
Does anyone know how the Windows NT screensaver validates the password before releasing the screensaver?
0
y96andhaCommented:
This is not done by the screen saver itself. A screen saver is not run on the current users desktop, but on a special desktop, and  the NT SYSTEM handles password verification automatically.

0
y96andhaCommented:
So, have you found any better answer?  I am interested in knowing if there's another way myself.
0
wu071697Author Commented:
I tried playing with the settings, but with no luck.  I am not comfortable giving the user SYSTEM priviledges.  Could you recommend somewhere that I can find out about how the screen saver works?  Thanks.
0
twardCommented:
In MPR.DLL there are a few password functions:

Private Declare Function PwdChangePassword Lib "MPR.DLL" Alias "PwdChangePasswordA" (ByVal lpProvider As String,
ByVal hWnd As Long, ByVal dwFlags As Long) As Long

For Screen Savers the Provider = "SCRSAVE"

Look up PWDPROVIDER in the Registry for other providers!

I've also been playing with the following:
Private Declare Function VerifyScreenSavePwd Lib "PASSWORD.CPL" ()

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
y96andhaCommented:
tward: I can't find neither PASSWORD.CPL nor PWDPROVIDER on my WinNT system. I can find them in Win95 though. Are you sure that it exists under WinNT?
0
twardCommented:
I am not sure...  There is very little information on them even under Windows 95...  I have been able to make a Screen Saver that uses the Windows 95 standard Change Password and Verify Password when the user tries to quit the Screen Saver using both PASSWORD.CPL and MPR.DLL under Windows 95..

PWPROVIDER is in the Windows 95 registry, I'll have to check on the NT System that I have here...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Visual Basic Classic

From novice to tech pro — start learning today.