Database Search
TechHome
 | |
|
- Cancel Connection Information
- Change NT Password from Win95 Machine
- Change User Rights
- Create a List of Available Workstations
- Deleting Orphan Shares
- Determine if 95 User is Logged into a Network
- Determine if a Server is a PDC
- Determine if a User is Connected to a Server
- Determine NT Admin Rights
- Display a policy statement before logon
- Distinguish between NT 4 Server and Workstation
- Enable MSClient
- Get a List of Attached Servers to NT Server
- Get NT Users Primary Domain
- Get remote user name
- How to Create NT Groups
- How to Get Domain Controller of Authenticating Server
- Install apps on NT without system admin priviledge
- Itemize Network Services
- List Members in an NT Domain
- List of Users Who Have Group Access
- Listing Hidden Shares
- Look up Access Permissions to an NT Resource
- Map Drive to NetLogon Share Handles Z Drive
- Map Root and Map to Share under NT and 95
- Network invalid error
- NTFS - POSIX subsystem and Case Sensitivity
- NTFS Detection
- Only Map Drive when Its Not
- Refresh Group Policy using SecEdit
- Remove Workstation from a Domain
- Retrieve a List of Computer Accounts on NT Domain
- Set up User with Grant DialIn Permissions Set
- UDF -GetUserNameEx
- Why Do Certain Win32 Apps Misbehave in NT Services
- WWNET32I Extender with Older WinBatch
- wxxFileUsers Functions
- wXXGetUser and Netname
Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
wXXGetUser and Netname
Keywords: w95getuser wntgetuser netname
Question:
This is the case:- We're using WinNT workstations with the Novell Req. installed.
- Novell Req. is configured to use workstation manager.
- The users authenticate to a WinNT domain and map drives manually from CLI or Explorer.
This should be a simple job for WinBatch I thought, but I may have been wrong. WB can look at expire times, last logons etc, but I can't figure out a way to get the username that was used for the domain authentication. The only username I can find is for logon to the local machine.
Can this be done? The documentation regarding wntGetUser() doesn't really tell me much. It refers to "the network", but which parameters are acceptable? Could "the network" be NT domain names for instance?
Answer:
The most common netname is "Microsoft Windows Network" (for Windows NT) or "NetWare Services" (for NetWare).Question (cont'd):
So what you're saying is that the "network" could be "Client Network" on a Metaframe server?Anyway - how come a query using "Netware Services" returns the WinNT logon name?
Answer:
The Workstation Manager service that is part of the Novell Client for WinNT works as follows:- You login to NDS with the credentials for an NDS user object (username & password).
- The workstation manager takes your NDS credentials and, running as a service in the background, adds a
local user to the workstation's SAM database with the same username/password as your NDS credentials
(minus the context & tree information). Optionally, the Workstation Manager will just reset the password on
an existing local user account.
- The Novell Client now passes the username and password portion of your NDS credentials to the local
workstation and requests that they be used to logon to the local workstation.
- WinNT sees that the credentials being given to it for the local logon match those stored in the local SAM
database so it allows the logon to complete successfully.
- Now you are logged in to the local workstation and nobody ever had to manually create a local user account for you to use.
Since it is quite probable that you are not logging in to the NT domain then it is not likely that you will get password expiration notices for the user accounts in the domain. If the username/password on the local workstation is the same as the username/password in the domain then you get passthru authentication (sort of like an implicit trust) to the domain controllers. Thus, you can access shared file and printer shares on the domain controllers w/o having to logon to the domain. However, once your NDS password (and thus your local WinNT account password) has been changed, the domain account's password is now out of sync with the NDS account password. At this point you lose your passthru authentication and access to resources on the domain controllers will fail.
You could use the Win32 network extender to explicity interrogate your domain account to find out how soon the password expires. I do this quite often since my development WinNT/Win2K workstation is in a workgroup yet I use it to manage a WinNT server that is a PDC in its own domain. You will need to explicity identify the domain name when using the extender functions so that the domain SAM is accessed instead of the local workstation SAM.
Question (cont'd):
All of this is quite clear. The problem is figuring out what domain account was used. I thought that using the "Netware Services" did work until I remembered that the PC I tested this on was in fact member of the domain. :)I guess I'd get the correct answer if I could do this:
wntGetUser("Microsoft Windows Network\DOMAIN")
Seems like using only "Microsoft Windows Network" returns the local machine account (the one created by
Workstation Mananger).
Answer:
You are going to have to determine how the Workstation Manager is set up in your environment. Is it actually creating a local user account dynamically and then logging you on to the local workstation with the local account or is it just passing your NDS credentials to a domain controller and then logging you on to the local workstation with a domain account?Judging by your issues with determining the password expiration date, I'd have to guess that you are signed on to the local workstation with a local account. This can be done even if the workstation is part of a domain. As long as the credentials are the same as a domain account you can access resources on the domain controllers w/o logging on to the domain. Where you might have a problem is trying to access domain resources on member server (not a domain controller) in the domain.
There should be no question about what account was used to access domain resources. If the workstation is in a workgroup then domain resources were accessed via passthru authentication. If the workstation is part of the domain then you either used a local account with passtru authentication to the domain or you logged on to the domain with a domain account and accessed domain resources via the domain account. The environment variable "USERDOMAIN" and the environment variable "USERNAME" get defined upon a successful logon to the local workstation regardless of whether a local account or domain account was used to perform the local logon. This means that you can interrogate the environment variable "USERDOMAIN" and determine if it is a workstation name or a domain name. If it is a workstation name then you know that you are accessing domain resources on domain controllers via passthru authentication and that you need to explicitly check the password expiration date on the domain account.
Article ID: W14639
Filename: wXXGetUser and Netname.txt
File Created: 2000:10:05:11:07:42
Last Updated: 2000:10:05:11:07:42