1. 首頁
  2. 問答
  3. 真實用戶和系統用戶帳戶之間的差異

真實用戶和系統用戶帳戶之間的差異

2011-10-10 93 views
3

當我獲得計算機或Active Directory域的UserPrincipal/DirectoryEntry記錄時,是否有辦法區分系統帳戶和真實用戶?真實用戶和系統用戶帳戶之間的差異

例如,jsmith是一個真正的用戶,而ASPNET或IUSR_machine則不是。但依靠硬編碼的已知名稱似乎不是過濾系統用戶的最佳方式,因爲還可以有其他帳戶。有沒有更好的辦法?

例如,也許有「可交互方式登錄」的標誌,或者,通過檢查檢測密碼設置等

來源

2011-10-10 queen3

回答

0

嘗試的Win32 LookupAccountName和方法執行LookupAccountSid。當函數返回時,最後一個參數(稱爲accountType)填充了帳戶的類型。

[SecurityPermission(SecurityAction.Demand, UnmanagedCode = true)] 
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] 
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] 
[return: MarshalAs(UnmanagedType.Bool)] 
public static extern bool LookupAccountSid(
     [In] string systemName, 
     [In, MarshalAs(UnmanagedType.LPArray)] byte[] sid, 
     [Out] StringBuilder name, 
     [In, Out] ref uint nameLength, 
     [Out] StringBuilder referencedDomainName, 
     [In, Out] ref uint referencedDomainNameLength, 
     [Out] out AccountType accountType); 

[SecurityPermission(SecurityAction.Demand, UnmanagedCode = true)] 
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] 
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] 
[return: MarshalAs(UnmanagedType.Bool)] 
public static extern bool LookupAccountName(
     [In] string systemName, 
     [In] string accountName, 
     [Out, MarshalAs(UnmanagedType.LPArray)] byte[] sid, 
     [In, Out] ref uint sidSize, 
     [Out] StringBuilder referencedDomainName, 
     [In, Out] ref uint referencedDomainNameLength, 
     [Out] out AccountType accountType); 


/// <summary> 
/// Defines the various account types of a Windows accunt 
/// </summary> 
public enum AccountType 
{ 
    /// <summary> 
    /// No account type 
    /// </summary> 
    None = 0, 
    /// <summary> 
    /// The account is a user 
    /// </summary> 
    User, 
    /// <summary> 
    /// The account is a security group 
    /// </summary> 
    Group, 
    /// <summary> 
    /// The account defines a domain 
    /// </summary> 
    Domain, 
    /// <summary> 
    /// The account is an alias 
    /// </summary> 
    Alias, 
    /// <summary> 
    /// The account is a well-known group, such as BUILTIN\Administrators 
    /// </summary> 
    WellknownGroup, 
    /// <summary> 
    /// The account was deleted 
    /// </summary> 
    DeletedAccount, 
    /// <summary> 
    /// The account is invalid 
    /// </summary> 
    Invalid, 
    /// <summary> 
    /// The type of the account is unknown 
    /// </summary> 
    Unknown, 
    /// <summary> 
    /// The account is a computer account 
    /// </summary> 
    Computer, 
    Label 
}

來源

2011-10-10 20:38:43

+0

對於真實用戶和系統用戶,返回的AccountType是否不相同 - 即AccountType.User是否會被返回? –

+0

它會爲內置管理員組返回類似「別名」的內容。但我想你是正確的ASPNET用戶或IUSR_machine ...交互式登錄特權*可能*是一個線索,然後.. –

1

對於所有意圖和目的,您列出的樣本帳戶在功能上與您爲指定人創建的用戶帳戶相同。

來源

2011-10-11 23:55:46

相關問題

 相關問題