VB/WinAPI/Networks, Checking Group membership from low-security user accounts.

Checking Group membership from low-security user accounts.

Author	Message
Andy Dingl #1 / 3	Checking Group membership from low-security user accounts. I have two groups of users, with different "application" security restrictions. Neither of them has much in terms of "system" admin rights. I'd like to control their application security in an integrated manner, based on their membership of NT domain Global Groups. At present it's working, based on some downloaded code that enumerates the groups for a named user, and a wrapper of my own that simply checks this list for inclusion of the target group. My question is, Is this reliable ? As usual I'm developing it from a developer account that has considerable access rights to the whole machine. Will this still work if I give it to a user who has barely any rights ? -- how much access does an account need to be able to list the membership groups ? Am I right to assume this will work OK, provided the user is listing only their own groups -- or does it require some degree of admin access to be able to list them ? All machines are NT, including the desktops Thanks, -- Smert' Spamionam
Sun, 09 Sep 2001 03:00:00 GMT

Andy Dora #2 / 3	Checking Group membership from low-security user accounts. What functions are you using? I believe NetUserGetGroups will work for a non-admin account providing the current username is used (ie they cannot get information about other users). I don't think you can use NetUserGetLocalGroups unless you are an administrator... Cheers, Andy Quote: >I have two groups of users, with different "application" security >restrictions. Neither of them has much in terms of "system" admin >rights. I'd like to control their application security in an >integrated manner, based on their membership of NT domain Global >Groups. >At present it's working, based on some downloaded code that enumerates >the groups for a named user, and a wrapper of my own that simply >checks this list for inclusion of the target group. >My question is, Is this reliable ? As usual I'm developing it from a >developer account that has considerable access rights to the whole >machine. Will this still work if I give it to a user who has barely >any rights ? -- how much access does an account need to be able to >list the membership groups ? Am I right to assume this will work OK, >provided the user is listing only their own groups -- or does it >require some degree of admin access to be able to list them ? >All machines are NT, including the desktops >Thanks, >-- >Smert' Spamionam
Sun, 09 Sep 2001 03:00:00 GMT

Andy Dingl #3 / 3	Checking Group membership from low-security user accounts. Quote: >What functions are you using? NetUserGetGroups Quote: >I don't think you can use NetUserGetLocalGroups unless you are an >administrator... Ah. I think that explains the bug I saw that made me worried initially. Thanks
Sun, 09 Sep 2001 03:00:00 GMT

Page 1 of 1

[ 3 post ]