Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Get SID of logged user

1 view
Skip to first unread message

lallous

unread,
Feb 11, 2004, 9:54:24 AM2/11/04
to
Hello

How can to retrieve the SID of the logged in user from a device driver?

The SID of the user that has logged on to the system and not the SID of a
thread or a process that could have been ran through impersonation.

I don't know even how to do it in user mode though.

--
Elias


Don Burn

unread,
Feb 11, 2004, 10:31:14 AM2/11/04
to
Which user, even before terminal services and multiple sessions, there was
the desktop user, users running services, and users logged on to access
files remotely. There is no such thing as a single logged on user in
Windows.

At best you can potentially determine for a non-terminal services system
(warning: there have been mutterings about XP SP2 allowing 2 sessions, i.e.
terminal services) which user is running the windows explorer. But, this is
not a good idea.


--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

"lallous" <lal...@lgwm.org> wrote in message
news:uqJWF$K8DHA...@TK2MSFTNGP10.phx.gbl...

lallous

unread,
Feb 11, 2004, 10:45:22 AM2/11/04
to
Hello

I was referring to the interactive user or the user that put his user name
and password in GINA.

I can think of writing my own GINA and in WlxLoggedOutSAS() I translate the
htoken into an SID string then pass it to my driver throught custom IOCTL.
On another Wlx event I would invalidate this SID and replace with a new one
if any.

Is that optimal though?

--
Elias


"Don Burn" <bu...@stopspam.acm.org> wrote in message
news:102kimh...@corp.supernews.com...

Don Burn

unread,
Feb 11, 2004, 11:06:35 AM2/11/04
to
Again, with terminal services you will have multiple people do this. If
the rumors are correct that means Windows 2000 server, Windows XP and
Windows 2003 server will support this.

I am not sure what would happen with someone logging in from an EMS console
(i.e. serial port, CMD only). Also, what will you do if no one is logged
on?

This might be ok for a test driver, but you don't want to be doing this in
production.

--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply


"lallous" <lal...@lgwm.org> wrote in message

news:uAjSkbL8...@TK2MSFTNGP11.phx.gbl...

Tim Robinson

unread,
Feb 12, 2004, 11:43:14 AM2/12/04
to
"lallous" <lal...@lgwm.org> wrote in message
news:uqJWF$K8DHA...@TK2MSFTNGP10.phx.gbl...

You could write a small user-mode program which runs at startup, looks up
its own SID, then tells the driver about it through an IOCTL.

But, as Don says, this would still break under Terminal Services as you can
have more than one interactive user.

--
Tim Robinson (MVP, Windows SDK)
http://www.themobius.co.uk/


Maxim S. Shatskih

unread,
Feb 12, 2004, 11:53:31 PM2/12/04
to
Get the token pointer from IO_SECURITY_CONTEXT
Then ObOpenObjectByPointer
Then ZwQueryInformationToken

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
ma...@storagecraft.com
http://www.storagecraft.com

"lallous" <lal...@lgwm.org> wrote in message
news:uqJWF$K8DHA...@TK2MSFTNGP10.phx.gbl...

stacy

unread,
Feb 14, 2004, 10:28:32 AM2/14/04
to
Yes indeed, you can indeed determine sid of the "logged on" user, with
loggedonuser being defined as the human being that last logged on and is
still logged on.

I found some code somewhere several months ago that does part of this. I
modified it so that it can run in background(no mmi) for our purposes, put
it in loop so as to throw out all service type accounts, with the remaining
account being the actual "interactive" logged on user..

works great.

The above code I mention gets the info from AD, if memory serves, so must be
ran under a domain authenticated account. However, we now have some code
that allows a local account to determine sid of who is logged ,on as that
info is stored on local machine.

The currently logged on user always has their copy of current user settings
of registry stored in HKCU, AND/or a seperate copy stored in HK_U(in here,
it is stored under their SID).

I'm not certain how it would work if there are two active loggedon sessons
as per what is said below about XP SP2 perhaps allowing.

Stacy
mcse

"Don Burn" <bu...@stopspam.acm.org> wrote in message
news:102kimh...@corp.supernews.com...

0 new messages