Re: Systemkonto ermitteln

From: "Günter Prossliner" <nospam@xxxxxxxx>
Date: Tue, 14 Apr 2009 11:57:29 +0200

Hallo Stefans!

Ich würde hier eher auf die SID gehen, damit bist Du u.a.
sprachunabhängig.
http://www.gruppenrichtlinien.de/Grundlagen/WellKnown_SIDs.htm
http://support.microsoft.com/kb/243330/en-us

Auf jeden Fall würde ich die Konstanten / Konfigurationswerte ebenfalls als
SID auslegen.

Solltest Du den Namen dann aber ebenfalls noch als String benötigen, kannst
Du die SID in einen String umformen.

Nachfolgender Code stammt noch aus DOTNET 1.1. Inzwischen dürfte einiges
(oder alles) auch mittels der Klassen in System.Security.Principal wie z.b.
SecurityIdentifier bzw. WellKnownAccountType erreichen.

1.1. Code:

string NTAuthorityName =
SidToName(WellknownSecurityIdentifiers.NTAuthoritySid);

public static string SidToName(byte[] sid){

StringBuilder name = new StringBuilder();
uint cchName = (uint)name.Capacity;
StringBuilder referencedDomainName = new StringBuilder();
uint cchReferencedDomainName = (uint)referencedDomainName.Capacity;
SID_NAME_USE sidUse;

int err = NO_ERROR;
if(!LookupAccountSid(null, sid, name, ref cchName, referencedDomainName,
ref cchReferencedDomainName, out sidUse)) {
err = System.Runtime.InteropServices.Marshal.GetLastWin32Error();
if(err == ERROR_INSUFFICIENT_BUFFER) {
name.EnsureCapacity((int)cchName);
referencedDomainName.EnsureCapacity((int)cchReferencedDomainName);
err = NO_ERROR;
if(!LookupAccountSid(null, sid, name, ref cchName,
referencedDomainName, ref cchReferencedDomainName, out sidUse))
err = System.Runtime.InteropServices.Marshal.GetLastWin32Error();
}
}
if(err == 0)
if (referencedDomainName.Length > 0)
return referencedDomainName.ToString() + "\\" + name.ToString();
else
return name.ToString();
else
throw new Win32Exception(err);

}

public class WellknownSecurityIdentifiers {

public static readonly byte[] NullSid = new
byte[]{01,01,00,00,00,00,00,00,00,00,00,00};
public static readonly byte[] EveryoneSid = new
byte[]{01,01,00,00,00,00,00,01,00,00,00,00};
public static readonly byte[] LocalSid = new
byte[]{01,01,00,00,00,00,00,02,00,00,00,00};
public static readonly byte[] CreatorOwnerSid = new
byte[]{01,01,00,00,00,00,00,03,00,00,00,00};
public static readonly byte[] CreatorGroupSid = new
byte[]{01,01,00,00,00,00,00,03,01,00,00,00};
public static readonly byte[] CreatorOwnerServerSid = new
byte[]{01,01,00,00,00,00,00,03,02,00,00,00};
public static readonly byte[] CreatorGroupServerSid = new
byte[]{01,01,00,00,00,00,00,03,03,00,00,00};
public static readonly byte[] NTAuthoritySid = new
byte[]{01,00,00,00,00,00,00,05};
public static readonly byte[] DialupSid = new
byte[]{01,01,00,00,00,00,00,05,01,00,00,00};
public static readonly byte[] NetworkSid = new
byte[]{01,01,00,00,00,00,00,05,02,00,00,00};
public static readonly byte[] BatchSid = new
byte[]{01,01,00,00,00,00,00,05,03,00,00,00};
public static readonly byte[] InteractiveSid = new
byte[]{01,01,00,00,00,00,00,05,04,00,00,00};
public static readonly byte[] ServiceSid = new
byte[]{01,01,00,00,00,00,00,05,06,00,00,00};
public static readonly byte[] AnonymousSid = new
byte[]{01,01,00,00,00,00,00,05,07,00,00,00};
public static readonly byte[] ProxySid = new
byte[]{01,01,00,00,00,00,00,05,08,00,00,00};
public static readonly byte[] EnterpriseControllersSid = new
byte[]{01,01,00,00,00,00,00,05,09,00,00,00};
public static readonly byte[] SelfSid = new
byte[]{01,01,00,00,00,00,00,05,10,00,00,00};
public static readonly byte[] AuthenticatedUserSid = new
byte[]{01,01,00,00,00,00,00,05,11,00,00,00};
public static readonly byte[] RestrictedCodeSid = new
byte[]{01,01,00,00,00,00,00,05,12,00,00,00};
public static readonly byte[] TerminalServerSid = new
byte[]{01,01,00,00,00,00,00,05,13,00,00,00};
public static readonly byte[] RemoteLogonIdSid = new
byte[]{01,01,00,00,00,00,00,05,14,00,00,00};
public static readonly byte[] LocalSystemSid = new
byte[]{01,01,00,00,00,00,00,05,18,00,00,00};
public static readonly byte[] LocalServiceSid = new
byte[]{01,01,00,00,00,00,00,05,19,00,00,00};
public static readonly byte[] NetworkServiceSid = new
byte[]{01,01,00,00,00,00,00,05,20,00,00,00};
public static readonly byte[] BuiltinDomainSid = new
byte[]{01,01,00,00,00,00,00,05,32,00,00,00};
public static readonly byte[] BuiltinAdministratorsSid = new
byte[]{01,02,00,00,00,00,00,05,32,00,00,00,32,02,00,00};
public static readonly byte[] BuiltinUsersSid = new
byte[]{01,02,00,00,00,00,00,05,32,00,00,00,33,02,00,00};
public static readonly byte[] BuiltinGuestsSid = new
byte[]{01,02,00,00,00,00,00,05,32,00,00,00,34,02,00,00};
public static readonly byte[] BuiltinPowerUsersSid = new
byte[]{01,02,00,00,00,00,00,05,32,00,00,00,35,02,00,00};
public static readonly byte[] BuiltinAccountOperatorsSid = new
byte[]{01,02,00,00,00,00,00,05,32,00,00,00,36,02,00,00};
public static readonly byte[] BuiltinSystemOperatorsSid = new
byte[]{01,02,00,00,00,00,00,05,32,00,00,00,37,02,00,00};
public static readonly byte[] BuiltinPrintOperatorsSid = new
byte[]{01,02,00,00,00,00,00,05,32,00,00,00,38,02,00,00};
public static readonly byte[] BuiltinBackupOperatorsSid = new
byte[]{01,02,00,00,00,00,00,05,32,00,00,00,39,02,00,00};
public static readonly byte[] BuiltinReplicatorSid = new
byte[]{01,02,00,00,00,00,00,05,32,00,00,00,40,02,00,00};
public static readonly byte[] BuiltinPreWindows2000CompatibleAccessSid =
new byte[]{01,02,00,00,00,00,00,05,32,00,00,00,42,02,00,00};
public static readonly byte[] BuiltinRemoteDesktopUsersSid = new
byte[]{01,02,00,00,00,00,00,05,32,00,00,00,43,02,00,00};
public static readonly byte[] BuiltinNetworkConfigurationOperatorsSid =
new byte[]{01,02,00,00,00,00,00,05,32,00,00,00,44,02,00,00};

}

const int NO_ERROR = 0;
const int ERROR_INSUFFICIENT_BUFFER = 122;

enum SID_NAME_USE {
SidTypeUser = 1,
SidTypeGroup,
SidTypeDomain,
SidTypeAlias,
SidTypeWellKnownGroup,
SidTypeDeletedAccount,
SidTypeInvalid,
SidTypeUnknown,
SidTypeComputer
}

[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
static extern bool LookupAccountSid(
string lpSystemName,
[MarshalAs(UnmanagedType.LPArray)] byte[] Sid,
System.Text.StringBuilder lpName,
ref uint cchName,
System.Text.StringBuilder ReferencedDomainName,
ref uint cchReferencedDomainName,
out SID_NAME_USE peUse);
}

mfg GP

.

References:
- Systemkonto ermitteln
  - From: Stefan Simon
- Re: Systemkonto ermitteln
  - From: Stefan Falz [MVP]

Prev by Date: Re: Systemkonto ermitteln
Next by Date: RE: Systemkonto ermitteln
Previous by thread: Re: Systemkonto ermitteln
Next by thread: RE: Systemkonto ermitteln
Index(es):
- Date
- Thread

Relevant Pages

Re: modify sIDHistory
... try using the clone principal scripts from MS. (reskit or supp. ... > selected sidHistory and pasted the octet value of the user sid that I ... >> Public Sub ClonePrincipal(ByVal srcDC As String, ByVal srcDom As String, ...
(microsoft.public.windows.server.active_directory)
Re: modify sIDHistory
... The source domain is SAMBA3 and the destination is Server 2003 AD Native Mode. ... > selected sidHistory and pasted the octet value of the user sid that I wanted ... > old SID? ... >> Public Sub ClonePrincipal(ByVal srcDC As String, ByVal srcDom As String, ...
(microsoft.public.windows.server.active_directory)
Re: Need help with DirectorySearcher FILTER using SID.
... The problem is obviously my SID format in the search filter. ... public static string GetWinName(DirectoryEntry de, ...
(microsoft.public.dotnet.security)
Re: modify sIDHistory
... selected sidHistory and pasted the octet value of the user sid that I wanted ... >> Whether it is possible modify attribute sIDHistory by means of ADSI Edit? ... > Public Sub ClonePrincipal(ByVal srcDC As String, ByVal srcDom As String, ...
(microsoft.public.windows.server.active_directory)