A
Anon
Does anyone know how to add users to the log on locally list in User
Rights Management inside Local Security settings.
Thanks
Rights Management inside Local Security settings.
Thanks
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Urgent: Adding users to log on locally list programmatically using C#
G
Guest
Your question really has little to do with C# programming (that's the subject
of this group) but here goes:
open Local Security Settings from Administrative Tools, Computer Management
in Control Panel.
open the User Rights Assigment tree node.
Find the Log on Locally item in the Policy (right) window.
Double-click on this, and you can then add users or groups.
Next time, try to post to the relevant newsgroup. You're more likely to get
help.
--Peter
of this group) but here goes:
open Local Security Settings from Administrative Tools, Computer Management
in Control Panel.
open the User Rights Assigment tree node.
Find the Log on Locally item in the Policy (right) window.
Double-click on this, and you can then add users or groups.
Next time, try to post to the relevant newsgroup. You're more likely to get
help.
--Peter
G
Guest
My apologies, you did say "programmatically". need to find the appropriate
WMI class to do this. For that, I can't help.
Peter
WMI class to do this. For that, I can't help.
Peter
W
Willy Denoyette [MVP]
Does anyone know how to add users to the log on locally list in User
Rights Management inside Local Security settings.
Thanks
All members of the "users", "administrators" and "guest" groups are
automatically allowed to log on locally. What other users were you thinking
off?
Willy.
A
Anon
well. I am required to create a function that automates the following
start -> settings -> control panel -> administrative tools -> local
security policy -> user assignment rights -> find 'log on
locally' (open up properties) -> add users or workgroups to that list.
hope that makes my question clear.
thanks
start -> settings -> control panel -> administrative tools -> local
security policy -> user assignment rights -> find 'log on
locally' (open up properties) -> add users or workgroups to that list.
hope that makes my question clear.
thanks
A
Anon
Oh and I had test users in mind, so basically - "testuser1" for
example.
example.
W
Willy Denoyette [MVP]
Oh and I had test users in mind, so basically - "testuser1" for
example.
Well, actually there is nothing in the Framework that helps you with this.
So you will have to call into some WIn32 LSA API's using PInvoke.
Basically what you need to do is:
1. Get a LSA Policy handle for the target system, by calling LsaOpenPolicy.
2. Get the SID of the user account, by calling LsaLookupNames2
3. Add the "SeInteractiveLogonRight" for the account, by means of a call to
LsaAddAccountRights.
Note that LSA_UNICODE_STRING type as used in these API's is not a CLR
string, it's a structure you need to initialize correctly before you call
the API's, watch out!.
But again, before you can grant this privilege to an account, the account
MUST exist, why not simply create the account and make it a member of the
"users" group or a group which already has the "Allow Logon Locally"
privilege"?
Willy.
A
Anon
Thanks for the response Willy.
My initial plan was to add the user to a workgroup that was pre-
existing in the list, but then those workgroups might have privleges
which I would not want the users I create to have.
My initial plan was to add the user to a workgroup that was pre-
existing in the list, but then those workgroups might have privleges
which I would not want the users I create to have.
W
Willy Denoyette [MVP]
Thanks for the response Willy.
My initial plan was to add the user to a workgroup that was pre-
existing in the list, but then those workgroups might have privleges
which I would not want the users I create to have.
But you are talking about local accounts, I don't think you have tens of
these on a local machine don't you?
If you are running in a Windows domain, you can achieve what you want by
applying Group Policy Management.
Willy.
A
Anon
Well, actually there is nothing in the Framework that helps you with this.
So you will have to call into some WIn32 LSA API's using PInvoke.
Basically what you need to do is:
1. Get a LSA Policy handle for the target system, by calling LsaOpenPolicy.
2. Get the SID of the user account, by calling LsaLookupNames2
3. Add the "SeInteractiveLogonRight" for the account, by means of a call to
LsaAddAccountRights.
Note that LSA_UNICODE_STRING type as used in these API's is not a CLR
string, it's a structure you need to initialize correctly before you call
the API's, watch out!.
But again, before you can grant this privilege to an account, the account
MUST exist, why not simply create the account and make it a member of the
"users" group or a group which already has the "Allow Logon Locally"
privilege"?
Willy.
I did that and it says -- "specified privilege does not exist" for
"SeInteractiveLogonRight"
W
Willy Denoyette [MVP]
I did that and it says -- "specified privilege does not exist" for
"SeInteractiveLogonRight"
"SeInteractiveLogonRight" should exist, could you please post some code.
Willy.
A
Anon
I did that and it says -- "specified privilege does not exist" for
"SeInteractiveLogonRight"- Hide quoted text -
- Show quoted text -
whoops pressed the wrong button. Sorry about that
A
Anon
whoops pressed the wrong button. Sorry about that- Hide quoted text -
- Show quoted text -
Thanks for all the help. Never mind replying to my previous message.
It was a really stupid mistake. Its all working.
Thanks again!