Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 400
  • Last Modified:

How to pogrammatically add/remove users to/from "Log On Locally" ?

I need to programmatically add/remove users to/from "Log On Locally" of local security settings and I need this to be done using C#. Any ideas experts? (OS: Win 2000/2003)
0
ExcUsr2008
Asked:
ExcUsr2008
  • 3
  • 3
1 Solution
 
arnoldCommented:
Setup groups, then add/remove the user to/from the group.
Allow local login groupname

then you can programatically add or remove the user from this group.
 
0
 
ExcUsr2008Author Commented:
thanks for suggestion, it would help in a situation where we're allowed to create a group and there are just few servers. We need this to be done without creating groups and find a way to add/remove user to "Log On Locally" setting directly (Local Security Policy). Thanks again for taking time to offer the idea.
0
 
arnoldCommented:
Lets try this way, what access do you have? Can you apply GPOs?
can you create user OU?

Are users defined with specific systems to which they can login?  If there is a GPO that denies access to the local system, altering the local security policy might not help since the domain policy will be the one to enforce access restrictions.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
ExcUsr2008Author Commented:
Good questions arnold. We do not have control over GPO as it is handled by a separate team. However GPO does not denies access to local system and it is confirmed by that team, so no rules were setup in GPO that restores/overwrites Log On Locally users/groups. We have admin access to the servers and we receive user requests that they be added to Log On Locally settings of Local Security Policy. We're trying to write up a script that we can execute remotely to add/remove users. thanks
0
 
arnoldCommented:
That is not possible.  Domain users often have access to any system except for Domain controller or if the user has a specific limitation dealing with which systems they can login into. windows 2000 pro being the only exception.

I think the below is what you are looking for:
http://stackoverflow.com/questions/21514/enumerate-windows-user-group-members-on-remote-system-using-c
0
 
ExcUsr2008Author Commented:
I found a solution here ... That is what i was looking for, now I have to write up a wrapper to add an acocunt to the "Log On Locally" setting. Appreciate your help though.

http://www.hightechtalks.com/csharp/lsa-functions-276626.html
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now