netwiz
asked on
Adding and Deleting user in a Windows NT system at runtime
I want to write a program that will run on a Windows NT Server and it will add users to the system taking the username and password from the user of the program...the program obviously will run with administrator priviledge ,i.e, only administrator can run the program....
I want complete source code....
regards,
netwiz
I want complete source code....
regards,
netwiz
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Or find
"NetSmple: Creating a User and Local Group" in MSDN
Good Luck
"NetSmple: Creating a User and Local Group" in MSDN
Good Luck
here is code:
#ifndef UNICODE
#define UNICODE
#endif
#include <stdio.h>
#include <windows.h>
#include <lm.h>
BOOL AddUser(WCHAR* wchUser, WCHAR* wchPassw)
{
USER_INFO_1 ui;
DWORD dwLevel = 1;
DWORD dwError = 0;
NET_API_STATUS nStatus;
//
// Set up the USER_INFO_1 structure.
// USER_PRIV_USER: name identifies a user,
// rather than an administrator or a guest.
// UF_SCRIPT: required for LAN Manager 2.0 and
// Windows NT/Windows 2000.
//
ui.usri1_name = wchUser;
ui.usri1_password = wchPassw;
ui.usri1_priv = USER_PRIV_USER;
ui.usri1_home_dir = NULL;
ui.usri1_comment = NULL;
ui.usri1_flags = UF_SCRIPT;
ui.usri1_script_path = NULL;
//
// Call the NetUserAdd function, specifying level 1.
//
nStatus = NetUserAdd(NULL,
dwLevel,
(LPBYTE)&ui,
&dwError);
return nStatus == NERR_Success;
}
BOOL DelUser(WCHAR* wchUser)
{
DWORD dwError = 0;
NET_API_STATUS nStatus;
//
// Call the NetUserDel function to delete the share.
//
nStatus = NetUserDel(NULL, wchUser);
return nStatus == NERR_Success;
}
#ifndef UNICODE
#define UNICODE
#endif
#include <stdio.h>
#include <windows.h>
#include <lm.h>
BOOL AddUser(WCHAR* wchUser, WCHAR* wchPassw)
{
USER_INFO_1 ui;
DWORD dwLevel = 1;
DWORD dwError = 0;
NET_API_STATUS nStatus;
//
// Set up the USER_INFO_1 structure.
// USER_PRIV_USER: name identifies a user,
// rather than an administrator or a guest.
// UF_SCRIPT: required for LAN Manager 2.0 and
// Windows NT/Windows 2000.
//
ui.usri1_name = wchUser;
ui.usri1_password = wchPassw;
ui.usri1_priv = USER_PRIV_USER;
ui.usri1_home_dir = NULL;
ui.usri1_comment = NULL;
ui.usri1_flags = UF_SCRIPT;
ui.usri1_script_path = NULL;
//
// Call the NetUserAdd function, specifying level 1.
//
nStatus = NetUserAdd(NULL,
dwLevel,
(LPBYTE)&ui,
&dwError);
return nStatus == NERR_Success;
}
BOOL DelUser(WCHAR* wchUser)
{
DWORD dwError = 0;
NET_API_STATUS nStatus;
//
// Call the NetUserDel function to delete the share.
//
nStatus = NetUserDel(NULL, wchUser);
return nStatus == NERR_Success;
}
ASKER
Thanks, it worked!!!
>> Thanks, it worked!!!
Hi netwiz,
You written entire program ?
Regards
Roshan
Hi netwiz,
You written entire program ?
Regards
Roshan
NetGetDCName can be used to obtain the computer name of the primary domain controller.
NetUserAdd can be used for creating a new computer account.
NetUserDel can be used to delete an existing computer account.
NetUserSetInfo can be used to modify the password of an existing computer account. This is useful for resetting a computer account to a known state.
NetUserEnum can be used to enumerate existing computer accounts. This API can return a list of accounts based on account type through the use of the filter parameter.
Sample Code
// works compiled ansi or unicode
#define UNICODE
#define _UNICODE
#define RTN_OK 0
#define RTN_USAGE 1
#define RTN_ERROR 13
/*++
The following sample code adds the specified workstation computer account to the specified domain. If no domain is specified, the computer account is created on the local computer.
If the computer account creation fails with GetLastError == ERROR_ACCESS_DENIED, the sample attempts to enable the SeMachineAccountPrivilege for the caller. If the privilege is enabled successfully, the computer account add operation is re-tried.
The following import libraries are required:
netapi32.lib
advapi32.lib
#include <windows.h>
#include <stdio.h>
#include <lm.h>
BOOL
AddMachineAccount(
LPWSTR wTargetComputer,
LPWSTR MachineAccount,
DWORD AccountType
);
BOOL SetCurrentPrivilege(
LPWSTR TargetComputer, // target of privilege operation
LPCWSTR Privilege, // Privilege to enable/disable
BOOL bEnablePrivilege // to enable or disable privilege
);
int wmain(int argc, wchar_t *argv[])
{
LPWSTR wMachineAccount;
LPWSTR wPrimaryDC;
LPWSTR wMachineAccountPrivilege = L"SeMachineAccountPrivileg
DWORD dwError;
BOOL bSuccess;
if (argc < 2)
{
fprintf(stderr, "Usage: %ls <machineaccountname> [domain]\n",
argv[0]);
return RTN_USAGE;
}
wMachineAccount = argv[1];
//
// default will operate on local machine. Non-NULL wPrimaryDC will
// cause buffer to be freed
//
wPrimaryDC = NULL;
//
// if a domain name was specified, fetch the computer name of the
// primary domain controller
//
if (argc == 3) {
dwError = NetGetDCName(NULL, argv[2], (LPBYTE *)&wPrimaryDC);
if(dwError != NO_ERROR) {
fprintf(stderr,"NetGetDCNa
return RTN_ERROR;
}
}
bSuccess=AddMachineAccount
wPrimaryDC, // primary DC computer name
wMachineAccount, // computer account name
UF_WORKSTATION_TRUST_ACCOU
);
if(!bSuccess && GetLastError() == ERROR_ACCESS_DENIED ) {
//
// try to enable the SeMachineAccountPrivilege
//
if(SetCurrentPrivilege(
wPrimaryDC, wMachineAccountPrivilege, TRUE )) {
//
// enabled the privilege. retry the add operation
//
bSuccess=AddMachineAccount
wPrimaryDC,
wMachineAccount,
UF_WORKSTATION_TRUST_ACCOU
);
//
// disable the privilege
//
SetCurrentPrivilege(
wPrimaryDC, wMachineAccountPrivilege, FALSE);
}
}
//
// free the buffer allocated for the PDC computer name
//
if(wPrimaryDC) NetApiBufferFree(wPrimaryD
if(!bSuccess)
{
fprintf(stderr,"AddMachine
GetLastError());
return RTN_ERROR;
}
return RTN_OK;
}
BOOL
AddMachineAccount(
LPWSTR wTargetComputer,
LPWSTR MachineAccount,
DWORD AccountType
)
{
LPWSTR wAccount;
LPWSTR wPassword;
USER_INFO_1 ui;
DWORD cbAccount;
DWORD cbLength;
DWORD dwError;
//
// ensure a valid computer account type was passed
// TODO SetLastError
//
if (AccountType != UF_WORKSTATION_TRUST_ACCOU
AccountType != UF_SERVER_TRUST_ACCOUNT &&
AccountType != UF_INTERDOMAIN_TRUST_ACCOU
) {
SetLastError(ERROR_INVALID
return FALSE;
}
//
// obtain number of chars in computer account name
//
cbLength = cbAccount = lstrlenW(MachineAccount);
//
// ensure computer name doesn't exceed maximum length
//
if(cbLength > MAX_COMPUTERNAME_LENGTH) {
SetLastError(ERROR_INVALID
return FALSE;
}
//
// allocate storage to contain Unicode representation of
// computer account name + trailing $ + NULL
//
wAccount=(LPWSTR)HeapAlloc
(cbAccount + 1 + 1) * sizeof(WCHAR) // Account + '$' + NULL
);
if(wAccount == NULL) return FALSE;
//
// password is the computer account name converted to lowercase
// you will convert the passed MachineAccount in place
//
wPassword = MachineAccount;
//
// copy MachineAccount to the wAccount buffer allocated while
// converting computer account name to uppercase.
// convert password (inplace) to lowercase
//
while(cbAccount--) {
wAccount[cbAccount] = towupper( MachineAccount[cbAccount] );
wPassword[cbAccount] = towlower( wPassword[cbAccount] );
}
//
// computer account names have a trailing Unicode '$'
//
wAccount[cbLength] = L'$';
wAccount[cbLength + 1] = L'\0'; // terminate the string
//
// if the password is greater than the max allowed, truncate
//
if(cbLength > LM20_PWLEN) wPassword[LM20_PWLEN] = L'\0';
//
// initialize USER_INFO_x structure
//
ZeroMemory(&ui, sizeof(ui));
ui.usri1_name = wAccount;
ui.usri1_password = wPassword;
ui.usri1_flags = AccountType | UF_SCRIPT;
ui.usri1_priv = USER_PRIV_USER;
dwError=NetUserAdd(
wTargetComputer, // target computer name
1, // info level
(LPBYTE) &ui, // buffer
NULL
);
//
// free allocated memory
//
if(wAccount) HeapFree(GetProcessHeap(),
//
// indicate whether it was successful
//
if(dwError == NO_ERROR)
return TRUE;
else {
SetLastError(dwError);
return FALSE;
}
}
BOOL SetCurrentPrivilege(
LPWSTR TargetComputer, // target of privilege operation
LPCWSTR Privilege, // Privilege to enable/disable
BOOL bEnablePrivilege // to enable or disable privilege
)
{
HANDLE hToken;
TOKEN_PRIVILEGES tp;
LUID luid;
TOKEN_PRIVILEGES tpPrevious;
DWORD cbPrevious=sizeof(TOKEN_PR
BOOL bSuccess=FALSE;
if(!LookupPrivilegeValueW(
return FALSE;
if(!OpenProcessToken(
GetCurrentProcess(),
TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
&hToken
)) return FALSE;
//
// first pass. get current privilege setting
//
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attribute
AdjustTokenPrivileges(
hToken,
FALSE,
&tp,
sizeof(TOKEN_PRIVILEGES),
&tpPrevious,
&cbPrevious
);
if(GetLastError() == ERROR_SUCCESS) {
//
// second pass. set privilege based on previous setting
//
tpPrevious.PrivilegeCount = 1;
tpPrevious.Privileges[0].L
if(bEnablePrivilege) {
tpPrevious.Privileges[0].A
(SE_PRIVILEGE_ENABLED);
}
else {
tpPrevious.Privileges[0].A
(SE_PRIVILEGE_ENABLED &
tpPrevious.Privileges[0].A
}
AdjustTokenPrivileges(
hToken,
FALSE,
&tpPrevious,
cbPrevious,
NULL,
NULL
);
if (GetLastError() == ERROR_SUCCESS) bSuccess=TRUE;
}
CloseHandle(hToken);
return bSuccess;
}