Database Search
If you can't find the information using the categories below, post a question over in our WinBatch Tech Support Forum.
TechHome
wNT
 |
- 1219 Error with AddDrive
- Account Expires after wntUserAddDat
- Add Domain Group to Local Administrator Remotely
- Add Everyone to Administrators Group
- Add Global Groups in Domain
- Adding Domain to Workstation
- Adding Users and Setting Flags
- Adds User Account to Local Administrator Group
- Allow Inheritable Permissions from Parent
- Builtin Group SID convert to Name
- Bypass NT Ctrl Alt Del to Logon
- Changing Computer Name and Machine Account
- Changing Domain Passwords Sample Code
- Check For Disabled Computer Account
- Check if You Have Local Admin Rights
- Checking an Accounts Password
- Checking for Old Users
- Convert SID to User ID
- Converting SID to Domain - Account Name
- Create Directories and Set NT Access Permissions
- Dealling With Inheritiable Permissions
- Decode Logon Hours
- Determine if Computer is in a Workgroup or Domain
- Determine if PC is Member of Domain
- Determine Inheritance
- Determining if Current User is Authenticated
- Disable Allow Inheritable Permissions
- Domain Trusts Explained
- Error 673 WntPrivAdd
- Error 684 using wntAccess functions
- Find Domain for a Computer
- Foreign Language support of the Win32 Network Extender
- Get a Users Primary Group
- Get Domain User Info
- Get Machine Administrator Userid
- Get SID from Username
- Get the Currently Logged on User in NT
- Get the SID of a Workstation
- Get User Name and wntUserProps
- How to determine if a file is in use on LAN
- How to disable Allow inheritable permissions
- How to Get the Local Adminstrator Account
- How WntServerList Determines a Server
- Inherit NTFS Persmissions
- Interpreting Access Rights
- Is Domain User a Local Admin
- Is User Logged into Domain or Local Account
- Is wntChgPswd Encrypted
- Issue with AccessMod on Remote Machine
- Keeping Track of Last User Login
- List only Windows 2000 Systems
- List Open Connections
- List Terminal Servers
- Listing Directory Shares with Permissions
- Losing Mapped Drive Connections in XP
- Matching SID to ProfileList folder
- NT Auditing
- NT Extender and NT4 No Service Packs
- NT Network Extender and UPN Account Names
- Obtain Share Permissions
- Obtain user sid
- Port Required for WntUserGetDat
- Problems caused by ADMT
- Pull Trusted Domain List
- Reboot user with no shutdown privileges
- Remotely Reboot and wntShutDown
- Remove Everyone Access from D
- Rename User in an AD Domain
- Reset Passwords in Active Directory
- Reset Permissions when Inheritable is Enabled
- Rights to use wntFileUsers
- Runwithlogon and Bad Username
- RunWithLogon Parameter Size
- RunWithLogon versus RunAsUser
- Searching NT Users and Find by Last Name
- Server Description Field
- Setting File Permissions with wntAccessAdd
- Setting NT Policies
- Setting Service Permissions
- Shutdown All NT Servers
- SID values - AD - round tripping and ADMT
- Synchronize password from NT Domain to Novell
- The NT extender functions in Active Directories
- Trouble determining admin rights
- Trusting Domain List
- Unlock Account with wntUserSetDat
- User Login and Log out Information
- User Profile Last Logon
- Win 2000 AutoAdminLogon
- wntAccess... and Specifying Remote Drives
- WntAccessAdd and Change Modify Registry
- wntAccessAdd and Inherited Rights
- WntAccessAdd and Inheritence
- wntAccessAdd and Invalid User - Group
- wntAccessAdd and NTFS
- WntAccessAdd error 546 Invalid file directory name
- wntAccessAdd Inheritable Permissions
- wntAccessAdd Problem on NT 4
- wntAccessAdd Share Problem on Windows 7
- wntAccessAdd versus w95AccessAdd Tips
- wntAccessDel Error 599 Invalid Level
- wntAccessGet and Username Parameter
- WntAccessList DFS share
- wntAccessList Problem
- wntAccessMod Registry Issue
- wntAcctList Returns Incorrect Flag Values
- wntAcctPolSet Error
- wntAddDrive and Unicode
- WntAddDrive launches an Explorer window
- wntAddPrinter after WntRunAsUser
- wntauditadd and inheritance
- wntAuditAdd and MS Patch
- WntCancelCon Error 511 Device in Use
- wntChgPswd 562 Invalid User Name
- wntChgPswd and Error 586
- wntChgPswd and Error 589 Error Changing Password
- wntChgPswd and Error 677
- wntChgPswd behavior different between W2K and NT4
- wntCurrUsers Behavior
- wntDomainSync Error 695
- wntEventLog Problem
- wntGetCon Error 509 Network component is Not Started or Invalid
- wntMemberDel- error 571
- wntMemberGrps returns 0 on DC running AD
- wntMemberGrps wntMemberSet - 562 invalid user name
- wntMemberList Behavior
- wntMemberList Error 522
- wntMemberList Problems
- wntOwnerGet - wntOwnerSet Tips
- wntOwnerSet Error 547
- wntRemoteTime and 530 Access Denied Error
- wntRemoteTime and Daylight Savings Time
- wntRunAsUser -- Security Side Effects
- wntRunAsUser 713 Unable to Set Window Station Access
- wntRunAsUser and Act as Part of OS Clarification
- wntRunAsUser and Called Scripts
- wntRunAsUser and Debugging Problem
- wntRunAsUser and No Permission on Local Machine
- wntRunAsUser Discussion in French
- wntRunAsUser Error 637
- wntRunAsUser Error 638
- wntRunAsUser Function - 1
- wntRunAsUser Function - 2
- wntRunAsUser Function - 3
- wntRunAsUser Function Used Twice in Script
- wntRunAsUser RunWithLogon Security Context
- wntRunAsUser to AutoAdminLogon after Reboot
- wntRunAsUser Windowstation and Desktop Permissions on WinXP
- wntServerList and wntServiceAt
- wntServerType
- wntShutDown Error 694
- wntUser... and Update User Accounts
- wntUserAdd Adding a Domain User
- wntUserAdd Bug
- WntUserAddDat and Max_storage
- wntUserGetDat 524 Unable to Access Specified Server
- wntUserGetDat and Logon_hours Flag
- wntUserSetDat and Logon Hours
- wNTUserXXXDat Function and Flags
- wxxUserGetDat and Last Logon Date
Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Trouble determining admin rights
Keywords: Trouble determine admin rights 562 error Invalid User Name
Question:
Here is my script:
AddExtender("WWWNT34i.DLL")
user=wntGetUser(@default)
response=wntUserProps("", user, 7)
message("The Privilege level is:",response)
When I run it, I get an error:
WIL Extender Error 562: Invalid User NameI want to find out if the currently logged on ID has admin rights. Right now I am logged on with a domain ID that is in the local admin group, and I am getting this error.
Answer:
The problem is the Definition of Admin rights, especially on a complicated network.Any old Admin, local machine admin, network admin, god-like admin?
The only method I have ever seen to reliably work is to attempt the desired operation and trap for errors.
Question (cont'd):
Local Admin should do. I need to know whether I'll be able to do the following things:1) Copy two files into the Windows directory, per DirWindows(0).
2) Change DACs (file permissions) on one of the two to give everyone Change permission.
3) Add items to the Common Start Menu.
Answer:
>1) Copy two files into the >Windows directory, per >DirWindows(0). tempname=strcat(DirWindows(0),"aaatest.txt") ErrorMode(@off) handle=FileOpen(tempname,"WRITE") ErrorMode(@cancel) if handle!=0 FileClose(handle) FileDelete(tempname) endifif handle is equal to 0 then you can't write to the DirWindows(0) directory or the machine has died.
> >2) Change DACs (file >permissions) on one of the two >to give everyone Change >permission. Errormore(@off) flag=wntAccessAdd(...) ErrorMode(@cancel) if flag==0 it did not workI usually see if I can to a wrtie to HHEY_LOCAL_SYSTEM to check for this.
> >3) Add items to the Common >Start Menu.
ErrorMode(@off) flag=RegSetValue(@REGMACHINE,"some\innocious\place",0) ErrorMode(@cancel)Actually this is a pretty good all around admin test. Theoretically imperfect, but I have never seen it fail in practice.
Continuation of Discussion
Question:
I have been investigating the use of wntuserprops. I found this article here that talks about the exact problem I'm having, and several answers are given on how to deal with this. I wanted to see if I could discuss this some more and perhaps get some additional useful tips out of the topic.Ultimately the answer to that question comes down the the fact that wntuserprops does not work in a complicated network environment. I guess that is true in my case, as I get the same error the original poster did. Our users log onto their computers with a domain account that is in one of the local groups (power users, in this case) and seemingly that is enough to confuse wntuserprops. I'm guessing it only works when the user one is testing is a local account on the machine?
So I have two questions/thoughts on this:
- How does wntuserprops work with regards to the group "power users"? The syntax/help file only lists the potential results of "guest" "user" and "admin". This isn't that important a question to me since the call isn't working anyway, so I'm not getting any results.
- Given that I cannot get the call to work directly anyway, I like the idea of actually performing a test to check for the presence of the necessary privs to do something admin-like. The third choice listed in the article:
ErrorMode(@off) flag=RegSetValue(@REGMACHINE,"some\innocious\place",0) ErrorMode(@cancel)Actually this is a pretty good all around admin test. Theoretically imperfect, but I have never seen it fail in practice. "
That's an excellent idea, and I intend to use it in my script. This is a good test because after elevating a user (from Power User to Administrator) they in theory are admins (a test that simply looks to see if they are in the admin group will say they are an admin, even immediately after elevation) but in practice, they must logoff/logon before they have the actual rights, so a direct test will be very useful. What I'm curious about is can you elaborate on why you think this test is theoretically imperfect? I am glad to hear that you've never had it fail in practice, that's encouraging.. :D
My thanks for a great product.
Answer:
Theoretically imperfect since an Admin *could* change the Security to the registry to allow some people, groups or everyone to update protected sections of the registry.If this was done, then the simple test of seeing if you could write to HKEY_LOCAL_MACHINE would indicate that yes you can, and thus the technique would make the program think it had admin rights.
But I have never seen a machine where the admin let this happen.
The general idea is just to test the operation that you want to do, trap errors and see if it worked.
Article ID: W15201
File Created: 2002:11:06:14:12:24
Last Updated: 2002:11:06:14:12:24