Trusting Domain List
Keywords: Trusting domain list wntLsaPolGet() wntPrivList() wntMemberGrps()
Question:
- Is there a way to find list of "Trusting" domain in NT 4.0
- All domain account policy
- All User right from a machine
Answer:
- I'm pretty sure that #3 can be satisifed with a combination of wntMemberGrps() and wntPrivList(). Please
note that since global groups can be members of local groups on a workstation, it will be necessary to use
wntMemberGrps() on each global group to determine local group membership. Then, wntPrivList() can be
used on the user account and all local groups and global groups to determine what privileges have been
granted to any of the objects that comprise the user's access token. Adding all of the resulting privileges
together into one big list, sorting the list and removing duplicates will give the effective privileges that any
user has on a given workstation. This seems like a candidate for a UDF instead of new extender function.
- It looks like #2 can be satisfied by the use of wntLsaPolGet(), unless I've got a mistaken understanding of
what's being asked for.
- Item #1 in the list is trickier but still doable with existing functions AFAIK. Specifically, the function
wntUserList() must be used with a flag value of 8 (eight) to list all of the domain trust accounts. Each name
that is retrieved should be examined further with wntUserGetDat() to verify that the flag bit mask includes
the value 2048, which indicates that the trust account is used for an interdomain trust relationship.
Article ID: W14886
File Created: 2001:11:08:12:40:48
Last Updated: 2001:11:08:12:40:48