By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,988 Members | 1,367 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,988 IT Pros & Developers. It's quick & easy.

How to enumerate Windows user accounts?

P: n/a
I'm trying to get a list of user accounts on the local computer - the same
list you see when you are about to log in to Windows XP or Vista. This needs
to work on a home computer (not connected to a domain). It's for a parental
control app where I want the parent to be able to assign rules for each
child's account. I've tried using the Win32 API
LsaEnumerateAccountsWithUserRight with the SE_INTERACTIVE_LOGON_NAME
privilege, but it doesn't work. I tried passing in NULL as the UserRights
parameter, which is supposed to return ALL accounts, but I get back a list
which has the built-in accounts and a few others (see below), but not one
single normal user account. I just want the accounts for people who can log
on interactively. I'd prefer if there was a fully .NET C# solution but I'll
do Win32 if I have to. Should I be using LsaLookupNames2 instead?

NT AUTHORITY\SERVICE
BUILTIN\Remote Desktop Users
BUILTIN\Backup Operators
BUILTIN\Users
BUILTIN\Administrators
Justin-Laptop\Guest
Justin-Laptop\SQLServer2005MSSQLUser$Justin-Laptop$SQLEXPRESS
Justin-Laptop\SQLServer2005SQLBrowserUser$Justin-Laptop
NT AUTHORITY\NETWORK SERVICE
NT AUTHORITY\LOCAL SERVICE
Everyone
Apr 25 '07 #1
Share this Question
Share on Google+
2 Replies


P: n/a
This code seems to be heading in the right direction. But I really need the
SID for each account. And I'm not sure what groups to enumerate to match what
you see when you log in to Windows XP or Vista. This ActiveDirectory stuff is
new to me.

DirectoryEntry localMachine = new DirectoryEntry("WinNT://" +
Environment.MachineName);
DirectoryEntry admGroup = localMachine.Children.Find("administrators",
"group");
object members = admGroup.Invoke("members", null);
foreach (object groupMember in (IEnumerable)members) {
DirectoryEntry member = new DirectoryEntry(groupMember);
Console.WriteLine(member.Name);
}
"jmagaram" wrote:
I'm trying to get a list of user accounts on the local computer - the same
list you see when you are about to log in to Windows XP or Vista. This needs
to work on a home computer (not connected to a domain). It's for a parental
control app where I want the parent to be able to assign rules for each
child's account. I've tried using the Win32 API
LsaEnumerateAccountsWithUserRight with the SE_INTERACTIVE_LOGON_NAME
privilege, but it doesn't work. I tried passing in NULL as the UserRights
parameter, which is supposed to return ALL accounts, but I get back a list
which has the built-in accounts and a few others (see below), but not one
single normal user account. I just want the accounts for people who can log
on interactively. I'd prefer if there was a fully .NET C# solution but I'll
do Win32 if I have to. Should I be using LsaLookupNames2 instead?

NT AUTHORITY\SERVICE
BUILTIN\Remote Desktop Users
BUILTIN\Backup Operators
BUILTIN\Users
BUILTIN\Administrators
Justin-Laptop\Guest
Justin-Laptop\SQLServer2005MSSQLUser$Justin-Laptop$SQLEXPRESS
Justin-Laptop\SQLServer2005SQLBrowserUser$Justin-Laptop
NT AUTHORITY\NETWORK SERVICE
NT AUTHORITY\LOCAL SERVICE
Everyone
Apr 25 '07 #2

P: n/a
Try this inside the for loop:

string sid = new
SecurityIdentifier((byte[])member.Properties["objectSid"][0], 0).Value;
Console.WriteLine (sid);

This works with .NET 2.0 onwards.

"jmagaram" wrote:
This code seems to be heading in the right direction. But I really need the
SID for each account. And I'm not sure what groups to enumerate to match what
you see when you log in to Windows XP or Vista. This ActiveDirectory stuff is
new to me.

DirectoryEntry localMachine = new DirectoryEntry("WinNT://" +
Environment.MachineName);
DirectoryEntry admGroup = localMachine.Children.Find("administrators",
"group");
object members = admGroup.Invoke("members", null);
foreach (object groupMember in (IEnumerable)members) {
DirectoryEntry member = new DirectoryEntry(groupMember);
Console.WriteLine(member.Name);
}
"jmagaram" wrote:
I'm trying to get a list of user accounts on the local computer - the same
list you see when you are about to log in to Windows XP or Vista. This needs
to work on a home computer (not connected to a domain). It's for a parental
control app where I want the parent to be able to assign rules for each
child's account. I've tried using the Win32 API
LsaEnumerateAccountsWithUserRight with the SE_INTERACTIVE_LOGON_NAME
privilege, but it doesn't work. I tried passing in NULL as the UserRights
parameter, which is supposed to return ALL accounts, but I get back a list
which has the built-in accounts and a few others (see below), but not one
single normal user account. I just want the accounts for people who can log
on interactively. I'd prefer if there was a fully .NET C# solution but I'll
do Win32 if I have to. Should I be using LsaLookupNames2 instead?

NT AUTHORITY\SERVICE
BUILTIN\Remote Desktop Users
BUILTIN\Backup Operators
BUILTIN\Users
BUILTIN\Administrators
Justin-Laptop\Guest
Justin-Laptop\SQLServer2005MSSQLUser$Justin-Laptop$SQLEXPRESS
Justin-Laptop\SQLServer2005SQLBrowserUser$Justin-Laptop
NT AUTHORITY\NETWORK SERVICE
NT AUTHORITY\LOCAL SERVICE
Everyone
Apr 26 '07 #3

This discussion thread is closed

Replies have been disabled for this discussion.