We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

How to know in code if a windows network user is member of a network group?

icad01
icad01 asked
on
Medium Priority
394 Views
Last Modified: 2010-04-04
Dear experts,
I need to use Windows identification to assign user rights in my software.
How can i know if the current user is a member of a certain group,
in order to allow him some rights allowed only to this group?
I need some sample code in Delphi 3 if possible.
Thanks in advance
Comment
Watch Question

Software Engineer, Advisory
CERTIFIED EXPERT
Top Expert 2005
Commented:

Example user group listing done and tested in D3. Requires admin or account operator privs to execute.

Regards,
Russell

----

example usage:

var listGroup: TStringList;
begin
 
  listGroup:=TStringList.Create;
  try
     GetUserGroups('administrator', listGroup);
     ShowMessage(listGroup.Text);
  finally
     listGroup.Free;
  end;

end;

--- the code ---

////////////////////////////////////////////////////////////////////////////////
//   LanMan constants
////////////////////////////////////////////////////////////////////////////////
const
  MAX_PREFERRED_LENGTH       =  DWORD(-1);
  LG_INCLUDE_INDIRECT        = $0001;

////////////////////////////////////////////////////////////////////////////////
//   LanMan types
////////////////////////////////////////////////////////////////////////////////
type
  NET_API_STATUS             =  DWORD;

  LOCALGROUP_USERS_INFO_0    =  packed record
     lgrui0_name:            LPWSTR;
  end;
  LPLOCALGROUP_USERS_INFO_0  =  ^LOCALGROUP_USERS_INFO_0;
  TLocalGroupUserInfo0       = LOCALGROUP_USERS_INFO_0;
  PLocalGroupUserInfo0       =  ^TLocalGroupUserInfo0;

////////////////////////////////////////////////////////////////////////////////
//   LanMan functions
////////////////////////////////////////////////////////////////////////////////
function   NetUserGetLocalGroups(ServerName: LPCWSTR; UserName: LPCWSTR; Level: DWORD; Flags: DWORD; var BufPtr: Pointer; PrefMaxLen: DWORD; EntriesRead: PDWORD; TotalEntries: PDWORD): NET_API_STATUS; stdcall; external 'netapi32.dll';
function   NetApiBufferFree(pBuf: Pointer): NET_API_STATUS; stdcall; external 'netapi32.dll';

////////////////////////////////////////////////////////////////////////////////
//   DomainUserName should be passed in the format of DOMAIN\USERNAME unless the user
//   account is local to the system executing the function. Local accounts
//   should be passed in as USERNAME only
////////////////////////////////////////////////////////////////////////////////
function GetUserGroups(DomainUserName: String; GroupList: TStrings): Integer;
var  lpBuffer:      PLocalGroupUserInfo0;
     lpGroup:       PLocalGroupUserInfo0;
     dwRead:        DWORD;
     dwTotal:       DWORD;
     dwIndex:       Integer;
begin

  // Check list
  if Assigned(GroupList) then
  begin
     // Lock the list
     GroupList.BeginUpdate;
     // Resource protection
     try
        // Clear the list
        GroupList.Clear;
        // Get the local groups that this user / group might belong to
        if (NetUserGetLocalGroups(nil, PWideChar(WideString(DomainUserName)), 0, LG_INCLUDE_INDIRECT, Pointer(lpBuffer), MAX_PREFERRED_LENGTH, @dwRead, @dwTotal) = 0) then
        begin
           // Resource protection
           try
              // Save start of pointer
              lpGroup:=lpBuffer;
              // Enumerate the groups
              for dwIndex:=0 to Pred(dwRead) do
              begin
                 // Copy the account name
                 GroupList.Add(WideCharToString(lpGroup^.lgrui0_name));
                 // Push next group name
                 Inc(lpGroup);
              end;
           finally
              // Free the allocated buffer
              NetApiBufferFree(lpBuffer);
           end;
        end;
     finally
        // Unlock list
        GroupList.EndUpdate;
     end;
     // Return list count
     result:=GroupList.Count;
  end
  else
     // No list passed
     result:=(-1);

end;

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Dear rllibby,
Sorry for the delay.
Thanks a lot for sharing this great and helpfull  code!


Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.