Solved

Windows NT Domains and Local System Account

Posted on 2003-11-23
2
600 Views
Last Modified: 2012-05-04
Greetings


Does anyone know how I can make a clear destinction between a user that logged into an NT domain and one that logs unto a local system account.

With my Microsoft client, I have the option to either log onto the domain or log in with a local system account.

I would like some code that will indicate whether I am on the domain or a local account.

Any pointers or samples will be greatly appreciated.

Thanks in advance.
 Engwi
0
Comment
Question by:Engwi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 17

Accepted Solution

by:
geobul earned 50 total points
ID: 9809761
Hi,

There should be an environment variable USERDOMAIN that shows the domain name (or local computer name) you are currently logged on. Get it like:

function GetEnvStr(EnvName: AnsiString): AnsiString;
var
  Buffer: Array[1..256] of Char;
begin
  EnvName:='%'+EnvName+'%'+#0;
  ExpandEnvironmentStrings(@EnvName[1],@Buffer,SizeOf(Buffer));
  Result:=StrPas(@Buffer);
  if (Result+#0=EnvName) then Result:='';
end;

procedure TForm1.Button1Click(Sender: TObject);
begin
  ShowMessage(GetEnvStr('USERDOMAIN'));
end;

Regards, Geo
0
 
LVL 17

Expert Comment

by:Wim ten Brink
ID: 9810388
The best way would be by using GetTokenInformation to get the user token and then use LookupAccountSid to convert the token to a username/domain name pair. Something like:

var
  hAccessToken: THandle;
  UserToken: PSIDAndAttributes;
  InfoBufferSize: DWORD;
  dwInfoBufferSize: DWORD;
  vName, vDomain: PChar;
  cbName, cbDomain: DWORD;
  peUse: SID_NAME_USE;
begin
  if OpenThreadToken(GetCurrentThread, TOKEN_QUERY, True, hAccessToken) then begin
    UserToken := nil;
    GetTokenInformation(hAccessToken, TokenUser, UserToken, 0, InfoBufferSize);
    GetMem(UserToken, InfoBufferSize);
    if GetTokenInformation(hAccessToken, TokenUser, UserToken, InfoBufferSize, dwInfoBufferSize) then begin
      cbName := 0;
      cbDomain := 0;
      vName := nil;
      vDomain := nil;
      LookupAccountSid(nil, SID, vName, cbName, vDomain, cbDomain, peUse);
      LastError := GetLastError;
      if (LastError = ERROR_INSUFFICIENT_BUFFER) then begin
        GetMem(vName, cbName);
        GetMem(vDomain, cbDomain);
        if LookupAccountSid(nil, SID, vName, cbName, vDomain, cbDomain, peUse) then begin
        WriteLn(Log, 'User ', UserName, ' (', DisplayName, ') on domain ', Domain, '.');
      end;
    end;
  end;
end;

LookupAccountSid provides three types of information. The username and length of the username, the domain name and the length of the domain name and finally, the type of the account. Now, the domain name can be equal to the computer name, in which case it's a local account. Or it is the name of the domain.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this tutorial I will show you how to use the Windows Speech API in Delphi. I will only cover basic functions such as text to speech and controlling the speed of the speech. SAPI Installation First you need to install the SAPI type library, th…
Introduction Raise your hands if you were as upset with FireMonkey as I was when I discovered that there was no TListview.  I use TListView in almost all of my applications I've written, and I was not going to compromise by resorting to TStringGrid…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question