Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 308
  • Last Modified:

Is it authenticated domain user?

Hi,

I have a token (hAccessToken) belonged to a current user:

::OpenThreadToken(::GetCurrentThread(), TOKEN_QUERY, TRUE, &hAccessToken));

Is it possible to determine whether a user is authenticated in domain or not? How?
0
NetwrkGuru
Asked:
NetwrkGuru
  • 2
  • 2
  • 2
2 Solutions
 
jkrCommented:
The easy way is: Compare the value of the "USERDOMAIN" env. variable to the local computer name. If they're identical, you have a local logon. The hard way: Use 'LsaQueryInformationPolicy()' as described in http://win32.mvps.org/lsa/lqip2.html
0
 
NetwrkGuruAuthor Commented:
I can't obtain "USERDOMAIN" because my code will work on the other machine using DCOM protocal. I have only security token.
0
 
jkrCommented:
Then you'll have to go the hard way. Get the Token's UserSID and use the code at http://win32.mvps.org/lsa/lsa_lqip2.cpp
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
Milind00Commented:
When ever you get an access token, it is always after autheticaion. The user is already authenticated in your case.  Why do you want to check this again?
0
 
NetwrkGuruAuthor Commented:
User can be authenticated within workgroup or within domain. I want know exactly that user is authenticated within domain.

Code at http://win32.mvps.org/lsa/lsa_lqip2.cpp works only for workstations. The question is still open.
0
 
Milind00Commented:
http://win32.mvps.org/lsa/lsa_lqip2.cpp  this code only tells you that where the machine is. By this you will not know if the user is logged on to machine or domain. The user could be a domain user or machine local user. You can use GetTokenInformation by specifying  " TokenUser" and get the SID of the user. And from the SID you can seperate out RID. Remainig will be domain SID or machine SID. You can verify that.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now