Link to home
Start Free TrialLog in
Avatar of Engwi
Engwi

asked on

Windows NT Domains and Local System Account

Greetings


Does anyone know how I can make a clear destinction between a user that logged into an NT domain and one that logs unto a local system account.

With my Microsoft client, I have the option to either log onto the domain or log in with a local system account.

I would like some code that will indicate whether I am on the domain or a local account.

Any pointers or samples will be greatly appreciated.

Thanks in advance.
 Engwi
ASKER CERTIFIED SOLUTION
Avatar of geobul
geobul
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Wim ten Brink
Wim ten Brink
Flag of Netherlands image
The best way would be by using GetTokenInformation to get the user token and then use LookupAccountSid to convert the token to a username/domain name pair. Something like:

var
  hAccessToken: THandle;
  UserToken: PSIDAndAttributes;
  InfoBufferSize: DWORD;
  dwInfoBufferSize: DWORD;
  vName, vDomain: PChar;
  cbName, cbDomain: DWORD;
  peUse: SID_NAME_USE;
begin
  if OpenThreadToken(GetCurrentThread, TOKEN_QUERY, True, hAccessToken) then begin
    UserToken := nil;
    GetTokenInformation(hAccessToken, TokenUser, UserToken, 0, InfoBufferSize);
    GetMem(UserToken, InfoBufferSize);
    if GetTokenInformation(hAccessToken, TokenUser, UserToken, InfoBufferSize, dwInfoBufferSize) then begin
      cbName := 0;
      cbDomain := 0;
      vName := nil;
      vDomain := nil;
      LookupAccountSid(nil, SID, vName, cbName, vDomain, cbDomain, peUse);
      LastError := GetLastError;
      if (LastError = ERROR_INSUFFICIENT_BUFFER) then begin
        GetMem(vName, cbName);
        GetMem(vDomain, cbDomain);
        if LookupAccountSid(nil, SID, vName, cbName, vDomain, cbDomain, peUse) then begin
        WriteLn(Log, 'User ', UserName, ' (', DisplayName, ') on domain ', Domain, '.');
      end;
    end;
  end;
end;

LookupAccountSid provides three types of information. The username and length of the username, the domain name and the length of the domain name and finally, the type of the account. Now, the domain name can be equal to the computer name, in which case it's a local account. Or it is the name of the domain.