Re: Invalid characters for WTSQuerySessionInformation?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Characters that allows for ambiguity between the `NTLM` fully
qualified names and the SPN-styles names, and the separators of those.
For example, the $ at the end of a name is normally reserved for
the machine domain account (assuming a Kerberos based environment).
`@` separates a name from it's domain.
The `\` is used for NTLM domain, and the `/` can be used
for explicitily registered principal names.
There are a few other restrictions for the last 2 characters of a NTLM name,
caused by the Browser Service implementation in the NTLM days,
and all the compatibilty issues from that onward.

--
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm


"Norman Diamond" <ndiamond@xxxxxxxxxxxxxxxx> wrote in message
news:%234nXUzBmHHA.3952@xxxxxxxxxxxxxxxxxxxxxxx
Windows XP, probably SP2.

We have been told that in some foreign versions of Windows XP, the Unicode
version of WTSQuerySessionInformationW is failing to retrieve a username
if the name includes an at sign "@".

I am thinking of preparing a test to find which characters
WTSQuerySessionInformationW can't deal with. Intuitively I feel that
Unicode characters "$", backslash, forward slash, quotation mark, and a
few others might also be troublesome. But first I tried to find if
there's any documentation on such restrictions, and couldn't find any.

Also intuitively I think there are probably other APIs that need testing
too. We've already abandoned use of WTSQuerySessionInformationA, instead
calling WTSQuerySessionInformationW and WideCharToMultiByte instead. (I
attempted to describe that workaround twice in postings that have been
censored from this newsgroup.) Does anyone know what characters are
troublesome for any APIs, whether ANSI or Unicode, that deal with
usernames?


.

Relevant Pages

  • Re: Invalid characters for WTSQuerySessionInformation?
    ... and '/' from being used in a username. ... Characters such as '$' and '@' are problematic, ... (By the way this is with the Unicode version WTSQuerySessionInformationW. ... WTSQuerySessionInformationW and WideCharToMultiByte.) ...
    (microsoft.public.win32.programmer.kernel)
  • RE: XP password and encryption
    ... :> increases the encryption in a non-linear way... ... This depends on the type of passphrase you use. ... it does not matter how many characters you use it is going to be trivial ... So you can not disable NTLM in this case you most suggest using ...
    (Security-Basics)
  • NTLM v2 implementation
    ... This is a follow up of an ongoing thread but I made it a new thread as the ... After working with pwdump and L0phtcrack, i would like to implement NTLM v2 ... others people no matter how long, how many special characters you use, how ... Q147706 - How to Disable LM Authentication on Windows NT ...
    (Focus-Microsoft)
  • Re: Password statistics and standards
    ... Rainbow tables have been generated for 14-character NTLM passwords. ... If you're referring to NTLM, over 14 characters is pointless, because the algorithm truncates your password at 14 characters anyway. ... Precomputing tables for 14+ character passwords is time- and space-prohibitive, ...
    (Security-Basics)
  • Re: Unicode Support
    ... >> (I know this is a poor example, but think about other languages, eg ... First things first, when you register your RosAsm windows classes, you ... the messages with ANSI / UNICODE parameters in ANSI or UNICODE form... ... with their alphabet characters, as with the numbers and punctuation...so, ...
    (alt.lang.asm)