Archived from groups: microsoft.public.win2000.group_policy (
More info?)
That example did help. Thanks again for all the help! I've got this
working now.
Anthony
"Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote in message
news:egrR$TVgEHA.704@TK2MSFTNGP09.phx.gbl...
> Check out this sample--maybe it will help:
>
>
> --
> Darren Mar-Elia
> MS-MVP-Windows Management
>
http://www.gpoguy.com
>
>
>
> "Anthony Hunter" <anthony.hunter@_NOSPAM_.invensys.com> wrote in message
> news:O$N%23u2UgEHA.2896@TK2MSFTNGP11.phx.gbl...
> > Ok, I'm getting a lot closer, thanks for all the help.
> >
> > My last problem to solve, is how you properly access an array of
> > LSA_UNICODE_STRING structures. I'm calling the api
> > LsaEnumerateAccountRights(), which is returning successfully, and I can
> > access the first value, but not the rest.
> >
> > //======================================
> > PLSA_UNICODE_STRING userRights;
> > userRights = NULL;
> > ULONG count = 0;
> > returnValue = LsaEnumerateAccountRights( policyHandle, pSid,
&userRights,
> > &count );
> > if ( returnValue != 0 )
> > {
> > return;
> > }
> >
> > DWORD i;
> > char p[256] = "";
> > for ( i = 0; i < count; ++ i )
> > {
> > wchar_t *pPolicy = userRights->Buffer;
> > WideCharToMultiByte( CP_ACP, 0, pPolicy, -1, p, sizeof( p ), NULL,
> > NULL );
> > printf( "priv %u: %s\n", i, p );
> > }
> > //======================================
> >
> >
> > Thanks,
> > Anthony
> >
> > "Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote in
message
> > news:unN%23iaIgEHA.3292@TK2MSFTNGP10.phx.gbl...
> >> Anthony-
> >> Ok, that is a completely different thing that you're after. There is no
> > way
> >> to query the contents of a GPO programmatically to ask if a particular
> > user
> >> is assigned to a particular policy. What you can do is either:
> >>
> >> -- use RSoP to determine what effective policy is on a XP or Win2k3 box
> >> -- query the local SAM on the machine in question to see if your user
in
> >> question has been granted the specific right you're after.
> >>
> >> In your case, you're probably better off with the 2nd approach. There
are
> >> APIs available for this--check out
> >>
> >
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmgmt/security/managing_account_permissions.asp
> >> --
> >> Darren Mar-Elia
> >> MS-MVP-Windows Management
> >>
http://www.gpoguy.com
> >>
> >>
> >>
> >> "Anthony Hunter" <anthony.hunter@_NOSPAM_.invensys.com> wrote in
message
> >> news:u5bM6JGgEHA.236@tk2msftngp13.phx.gbl...
> >> > pSid = <void> yet LookupAccountName() returns success, and
pGPOList
> > =
> >> > null. Something is definately wrong, just not sure what.
> >> >
> >> > What I want to find out is if a specified user (domain account) is
> > part
> >> > of the "Log on as a service" policy on the local machine.
> >> > I hope this clarifies what I'm looking for.
> >> >
> >> >
> >> >
> >> > Thanks,
> >> > Anthony
> >> >
> >> > "Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote in
> > message
> >> > news:eM%23a9$9fEHA.1428@TK2MSFTNGP10.phx.gbl...
> >> >> So do you get back any kind of GPO struct or just nothing? In other
> >> >> words,
> >> >> you should get a bunch of structs which are the individual GPOs that
> >> > apply.
> >> >> In the code below you're asking for any security policy that applies
> >> >> to
> > a
> >> >> particular domain user, however most security policy (except for
stuff
> >> > like
> >> >> public key policy or software restriction) is typically
> > machine-specific.
> >> >> Are you sure you're asking for the right thing?
> >> >> --
> >> >> Darren Mar-Elia
> >> >> MS-MVP-Windows Management
> >> >>
http://www.gpoguy.com
> >> >>
> >> >>
> >> >>
> >> >> "Anthony Hunter" <anthony.hunter@_NOSPAM_.invensys.com> wrote in
> > message
> >> >> news:e3rmo69fEHA.2324@TK2MSFTNGP10.phx.gbl...
> >> >> > Ok, I think I have it coded, but I not sure if it is working
> > right.
> >> > The
> >> >> > GROUP_POLICY_OBJECT, doesn't seem to contain any details, but it
> >> >> > returns
> >> >> > success. And ideas?
> >> >> >
> >> >> > //===================================
> >> >> > void GroupPolicyCheck()
> >> >> > {
> >> >> > char domain[256] = "";
> >> >> > DWORD domainSize = sizeof( domain );
> >> >> > DWORD size = 256;
> >> >> > PSID pSid;
> >> >> > pSid = (PSID) new BYTE[size];
> >> >> > if ( pSid == NULL)
> >> >> > return;
> >> >> > memset(pSid, 0, size);
> >> >> > SID_NAME_USE eSidName;
> >> >> > DWORD err = LookupAccountName( NULL, "DOMAIN\\user", pSid,
&size,
> >> >> > domain,
> >> >> > &domainSize, &eSidName );
> >> >> > if ( err == 0 )
> >> >> > err = GetLastError();
> >> >> > if ( IsValidSid( pSid ) == FALSE )
> >> >> > return;
> >> >> >
> >> >> > GROUP_POLICY_OBJECT *pGPOList;
> >> >> > // {827D319E-6EAC-11D2-A4EA-00C04F79F83A} // Security
> >> >> >
> >> >> >
> > //{0x00000000,0x0000,0x0000,{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}}
> >> >> > GUID guid =
> >> >> >
{0x827D319E,0x6EAC,0x11D2,{0xA4,0xEA,0x00,0xC0,0x4F,0x79,0xF8,0x3A}};
> >> >> > DWORD error = GetAppliedGPOList( GPO_LIST_FLAG_MACHINE, NULL,
> >> >> > pSid,
> >> >> > &guid, &pGPOList );
> >> >> > if ( error == ERROR_SUCCESS )
> >> >> > {
> >> >> > FreeGPOList( pGPOList );
> >> >> > }
> >> >> >
> >> >> > FreeSid( pSid );
> >> >> > }
> >> >> >
> >> >> > //===================================
> >> >> >
> >> >> >
> >> >> >
> >> >> > Thanks,
> >> >> > Anthony
> >> >> >
> >> >> > "Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote in
> >> > message
> >> >> > news:e%23fFE27fEHA.2984@tk2msftngp13.phx.gbl...
> >> >> >> This GUID variable is referring to the client side extension you
> > want
> >> > to
> >> >> >> return information on. For example, if you want to find out what
> >> > Software
> >> >> >> Installation policy was applied, you would pass the GUID of the
> >> > Software
> >> >> >> Installation CSE. All CSE GUIDs are registered on any Windows 2K
> >> >> >> and
> >> >> >> above
> >> >> >> box under:
> >> >> >> HKLM\Software\Microsoft\Windows
> >> >> >> NT\CurrentVersion\Winlogon\GPExtensions
> >> >> >>
> >> >> >>
> >> >> >> --
> >> >> >> Darren Mar-Elia
> >> >> >> MS-MVP-Windows Management
> >> >> >>
http://www.gpoguy.com
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> "Anthony Hunter" <anthony.hunter@_NOSPAM_.invensys.com> wrote in
> >> > message
> >> >> >> news:u9kg9Z6fEHA.3536@TK2MSFTNGP12.phx.gbl...
> >> >> >> > I'm going to try and use the GetAppliedGPOList(), but I'm
not
> >> >> >> > sure
> >> >> > how
> >> >> >> > to set the GUID. I've seen in other postings about get the
> >> >> >> > correct
> >> > guid
> >> >> >> > from
> >> >> >> > the registry, but how do I set the variable? It's probably
> >> >> >> > fairly
> >> >> > simple,
> >> >> >> > just something I've never had to do before.
> >> >> >> >
> >> >> >> >
> >> >> >> > Thanks,
> >> >> >> > Anthony
> >> >> >> >
> >> >> >> > "Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote
> >> >> >> > in
> >> >> > message
> >> >> >> > news:u8tQ04vfEHA.1428@TK2MSFTNGP10.phx.gbl...
> >> >> >> >> Well, if you just want to get a list of the GPOs that are
> > applying
> >> > to
> >> >> >> >> a
> >> >> >> >> particular user you could query
> >> >> >> >>
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group
> >> >> >> >> Policy\History using standard C++ registry APIs. Of course,
this
> >> >> >> >> has
> >> >> >> >> to
> >> >> >> > run
> >> >> >> >> in the context of the currently logged on user. Under the
> >> >> >> >> History
> >> > key,
> >> >> >> >> you
> >> >> >> >> get a set of keys organized by Client Side Extension that
> > enumerate
> >> >> >> >> the
> >> >> >> > GPOs
> >> >> >> >> that have run for each CSE for that user.
> >> >> >> >>
> >> >> >> >> Also, you could try calling GetAppliedGPOList(). I've not used
> >> >> >> >> it
> >> >> > before
> >> >> >> > but
> >> >> >> >> I suppose that its as good as any other mechanism. Its
> >> >> >> >> documented
> >> >> >> >> here:
> >> >> >> >>
> >> >> >> >
> >> >> >
> >> >
> >
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/policy/policy/getappliedgpolist.asp
> >> >> >> >> --
> >> >> >> >> Darren Mar-Elia
> >> >> >> >> MS-MVP-Windows Management
> >> >> >> >>
http://www.gpoguy.com
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> "Anthony Hunter" <anthony.hunter@_NOSPAM_.invensys.com> wrote
in
> >> >> > message
> >> >> >> >> news:%23LoqpxvfEHA.2012@TK2MSFTNGP10.phx.gbl...
> >> >> >> >> >I need code that will work on Win2000 and higher. I looked
up
> > the
> >> >> >> >> > RSoPCreateSession() and it only works onWinXP and higher.
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > Anthony
> >> >> >> >> >
> >> >> >> >> > "Anthony Hunter" <anthony.hunter@_NOSPAM_.invensys.com>
wrote
> > in
> >> >> >> >> > message
> >> >> >> >> > news:OHqD0vvfEHA.1652@TK2MSFTNGP09.phx.gbl...
> >> >> >> >> >> You wouldn't happen to know where I could find some C++
> >> >> >> >> >> examples
> >> >> >> >> >> of
> >> >> >> >> > what
> >> >> >> >> >> I want to do?
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >> Thanks,
> >> >> >> >> >> Anthony
> >> >> >> >> >>
> >> >> >> >> >> "Darren Mar-Elia" <dmanonymous@discussions.microsoft.com>
> > wrote
> >> > in
> >> >> >> >> >> message
> >> >> >> >> >> news:eMvLr8ufEHA.2020@TK2MSFTNGP10.phx.gbl...
> >> >> >> >> >> > If you're really talking APIs, then you can call
> >> >> >> >> >> > RSoPCreateSession
> >> >> >> >> >> > to
> >> >> >> >> >> > generate WMI RSoP logging data yourself, and then you can
> > get
> >> > at
> >> >> > the
> >> >> >> >> > RSoP
> >> >> >> >> >> > data that way. If you just want to get the list of GPOs
> >> > processed
> >> >> > by
> >> >> >> > a
> >> >> >> >> >> user,
> >> >> >> >> >> > you can query the registry for that information. Let me
> >> >> >> >> >> > know
> >> >> >> >> >> > if
> >> >> > you
> >> >> >> >> >> > want
> >> >> >> >> >> > details on the keys to look at.
> >> >> >> >> >> >
> >> >> >> >> >> > --
> >> >> >> >> >> > Darren Mar-Elia
> >> >> >> >> >> > MS-MVP-Windows Management
> >> >> >> >> >> >
http://www.gpoguy.com
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > "Christopher Maloney" <ctmal@nni.com> wrote in message
> >> >> >> >> >> > news:OUqgJUtfEHA.3016@tk2msftngp13.phx.gbl...
> >> >> >> >> >> > > Go to a command prompt on the computer that the user is
> >> > logged
> >> >> > in
> >> >> >> > on
> >> >> >> >> > and
> >> >> >> >> >> > > type "gpresult"(without quotes). This will list all
> >> >> >> >> >> > > settings
> >> >> >> > applied
> >> >> >> >> > by
> >> >> >> >> >> > > each group policy.
> >> >> >> >> >> > >
> >> >> >> >> >> > >
> >> >> >> >> >> > > "Anthony Hunter" <anthony.hunter@_NOSPAM_.invensys.com>
> >> >> >> >> >> > > wrote
> >> >> >> >> >> > > in
> >> >> >> >> > message
> >> >> >> >> >> > > news:u8GyZEtfEHA.3964@TK2MSFTNGP12.phx.gbl...
> >> >> >> >> >> > >> What API's would I use to check to see if the
> > currently
> >> >> >> >> >> > >> logged
> >> >> >> >> >> > >> in
> >> >> >> >> >> > >> user
> >> >> >> >> >> > >> is part of a specific policy?
> >> >> >> >> >> > >>
> >> >> >> >> >> > >>
> >> >> >> >> >> > >>
> >> >> >> >> >> > >> Thanks,
> >> >> >> >> >> > >> Anthony
> >> >> >> >> >> > >> --
> >> >> >> >> >> > >> Product Availability Developer
> >> >> >> >> >> > >> Invensys Avantis - www.avantis.net
> >> >> >> >> >> > >>
> >> >> >> >> >> > >>
> >> >> >> >> >> > >
> >> >> >> >> >> > >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >>
> >> >> >> >>
> >> >> >> >
> >> >> >> >
> >> >> >>
> >> >> >>
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>
Facebook
Twitter
Instagram