Checking Window accounts with blank passwords using LogonUser in .Net
Posted on 2006-03-29
Using VB .NET, I am attempting to see if the current user has logged onto the local system with a password using a call to the LogonUser function in the Lib "advapi32.dll". My code works fine for accounts that have a password ( I test this by creating a local XP account, assign a non-blank passwd and attempt to logon with the user using the aforementioned command). This is confirmed by auditing on logon events in the event viewer.
My issue is that when I create a user with a Blank passwd (i.e no assigned passwd), the LogonUser function with a blank Passwd does not logon successfully and fails. Again, the logon failure is reflected in Event Viewer.
The call syntax I'm using is
BLANKPASSWD = ""
Dim returnValue As Boolean = LogonUser(strUserName, strDomainName, BLANKPASSWD, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, tokenHandle)
Why can't I get LogonUser to accept a blank Passwd (3rd field)? Please respond in VB .NET terms.