#128935 - 2004-11-03 11:42 AM
Re: How can I identify administrator groups?
|
Richard H.
Administrator
Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
|
Something else 
If I knew the Domains SID I could (probably) use SidToName() to find the groups, but I don't want to hard-code any of this information if I can help it.
Actually, the link got me thinking, and a couple of links further on and a bit of searching around led me to the conclusion that I'm not going to be able to get there.
I can get the SID of the groups, but as it is in byte array form there is not much else I can do with it using native KiXtart - I don't want the aggro of installing SDK DLLs on all machine of all the users who will use the tool.
|
|
Top
|
|
|
|
|
#128936 - 2004-11-03 01:29 PM
Re: How can I identify administrator groups?
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
Richard, could you reiterate your end goal again?
1) You want to identify the current name of the builtin\administrators or other Builtin group regardless of local language or renaming.
2) You wan this to run as a non-Admin.
3) You want this to run as a logon script on clients using only native KiXtart.
You do not need to know the domain sid for various domains and hard coded anything that is not a constant as I see it.
local administrators group = "S-1–5-32-500"
Domain Admins = "S-1–5-32-544"
Well-Known SIDs : http://support.microsoft.com/default.aspx?scid=kb;en-us;243330
I am not sure why this tool must tbe run locally. I can provide you a DLL which you can remotely obtain this information without admin permissions. You would only need to install it in one location.
SidToName() does not seem to be a good choice for this as it only works in the local context.
Edited by Howard Bullock (2004-11-03 01:35 PM)
|
|
Top
|
|
|
|
|
#128937 - 2004-11-03 03:02 PM
Re: How can I identify administrator groups?
|
Richard H.
Administrator
Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
|
Err...no.
I run a tool on my PC which audits the many NT domains that I have a trust in place for.
This is a requirement because as our company is a subsiduary of a parent which is based in the US we have to comply with Sarbanes-Oxley (thank-you dear cousins for that one!).
This tool will be run on a regular basis, probably on Friday night as it can take a very long time to run due to many of the trusted domains and domain controllers being located at the end of slow international links.
I was interested in a way of identifying the (say) Administrators group for each domain as it was being audited.
I came across various tools including your own, but I was keen to avoid any additional installations as I just want to be able to distribute the script to users who need it.
I can get hold of the SID during the audit process, but as this is a byte array I thought I was stumped.
This requirement has forced me to to develop a method of converting byte arrays to integer arrays (and back again) which may be of general interest to the community which should solve my immediate need 
I'll post the UDFs shortly...
|
|
Top
|
|
|
|
Moderator: Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart
|
0 registered
and 302 anonymous users online.
|
|
|
