Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
NetUserGetGroups() returning less information than ImpersonateLogon/ImpersonateLoggedOnUser/GetTokenInformation(.., TokenGroups) ?
157 views
Skip to first unread message
Xavier Roche
Mar 20, 2013, 12:19:03 PM3/20/13
to
Hi folks!
Is there any reason why NetUserGetGroups() is not returning all groups
whose user is member of ?
Ie. the groups returned by NetUserGetGroups() would typically include
certain groups for a given domain, but not all of them. When
impersonating (ImpersonateLogon()/ImpersonateLoggedOnUser()) and
querying the token for groups (GetTokenInformation()), all groups are
returned.
[ The strange thing is that the missing SID are on the same domain (same
GUID prefix) than other SID included by the function - ie. this is not a
"missing SID from a given domain" issue. ]
Is there a reason why an impersonated token would return more group SID
that the NetUserGetGroups() function (same behavior wether the user is
the one being logged or not)
Regards,
Is there any reason why NetUserGetGroups() is not returning all groups
whose user is member of ?
Ie. the groups returned by NetUserGetGroups() would typically include
certain groups for a given domain, but not all of them. When
impersonating (ImpersonateLogon()/ImpersonateLoggedOnUser()) and
querying the token for groups (GetTokenInformation()), all groups are
returned.
[ The strange thing is that the missing SID are on the same domain (same
GUID prefix) than other SID included by the function - ie. this is not a
"missing SID from a given domain" issue. ]
Is there a reason why an impersonated token would return more group SID
that the NetUserGetGroups() function (same behavior wether the user is
the one being logged or not)
Regards,
Xavier Roche
Mar 22, 2013, 5:33:27 AM3/22/13
to
On 03/20/2013 05:19 PM, Xavier Roche wrote:
> Is there any reason why NetUserGetGroups() is not returning all groups
> whose user is member of ?
More precisely, NetUserGetGroups() does only return global groups, not
> Is there any reason why NetUserGetGroups() is not returning all groups
> whose user is member of ?
"subgroups" within these groups. The NetUserGetLocalGroups() function
has a LG_INCLUDE_INDIRECT flag which can be used to retrieve indirect
groups, but not NetUserGetGroups().
I suppose going through the AD is mandatory to achieve this goal ?
0 new messages