Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 643
  • Last Modified:

Windows NT Domains and Local System Account

Greetings


Does anyone know how I can make a clear destinction between a user that logged into an NT domain and one that logs unto a local system account.

With my Microsoft client, I have the option to either log onto the domain or log in with a local system account.

I would like some code that will indicate whether I am on the domain or a local account.

Any pointers or samples will be greatly appreciated.

Thanks in advance.
 Engwi
0
Engwi
Asked:
Engwi
1 Solution
 
geobulCommented:
Hi,

There should be an environment variable USERDOMAIN that shows the domain name (or local computer name) you are currently logged on. Get it like:

function GetEnvStr(EnvName: AnsiString): AnsiString;
var
  Buffer: Array[1..256] of Char;
begin
  EnvName:='%'+EnvName+'%'+#0;
  ExpandEnvironmentStrings(@EnvName[1],@Buffer,SizeOf(Buffer));
  Result:=StrPas(@Buffer);
  if (Result+#0=EnvName) then Result:='';
end;

procedure TForm1.Button1Click(Sender: TObject);
begin
  ShowMessage(GetEnvStr('USERDOMAIN'));
end;

Regards, Geo
0
 
Wim ten BrinkSelf-employed developerCommented:
The best way would be by using GetTokenInformation to get the user token and then use LookupAccountSid to convert the token to a username/domain name pair. Something like:

var
  hAccessToken: THandle;
  UserToken: PSIDAndAttributes;
  InfoBufferSize: DWORD;
  dwInfoBufferSize: DWORD;
  vName, vDomain: PChar;
  cbName, cbDomain: DWORD;
  peUse: SID_NAME_USE;
begin
  if OpenThreadToken(GetCurrentThread, TOKEN_QUERY, True, hAccessToken) then begin
    UserToken := nil;
    GetTokenInformation(hAccessToken, TokenUser, UserToken, 0, InfoBufferSize);
    GetMem(UserToken, InfoBufferSize);
    if GetTokenInformation(hAccessToken, TokenUser, UserToken, InfoBufferSize, dwInfoBufferSize) then begin
      cbName := 0;
      cbDomain := 0;
      vName := nil;
      vDomain := nil;
      LookupAccountSid(nil, SID, vName, cbName, vDomain, cbDomain, peUse);
      LastError := GetLastError;
      if (LastError = ERROR_INSUFFICIENT_BUFFER) then begin
        GetMem(vName, cbName);
        GetMem(vDomain, cbDomain);
        if LookupAccountSid(nil, SID, vName, cbName, vDomain, cbDomain, peUse) then begin
        WriteLn(Log, 'User ', UserName, ' (', DisplayName, ') on domain ', Domain, '.');
      end;
    end;
  end;
end;

LookupAccountSid provides three types of information. The username and length of the username, the domain name and the length of the domain name and finally, the type of the account. Now, the domain name can be equal to the computer name, in which case it's a local account. Or it is the name of the domain.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now