真实用户和系统用户帐户之间的区别

发布于 2024-12-09 01:18:52 字数 232 浏览 3 评论 0原文

当我获取计算机或 Active Directory 域的 UserPrincipal/DirectoryEntry 记录时，是否有办法区分系统帐户和真实用户？

例如，jsmith 是真实用户，而 ASPNET 或 IUSR_machine 则不是。但依赖硬编码的已知名称似乎并不是过滤系统用户的最佳方法，因为也可能存在其他帐户。有更好的办法吗？

例如，可能存在“可以交互登录”标志，或者通过检查密码是否设置等进行检测。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

萌辣 2024-12-16 01:18:52

出于所有意图和目的，您列出的示例帐户在功能上与您为指定人员创建的用户帐户相同。

回复收藏 0 原文

等风来 2024-12-16 01:18:52

尝试 Win32 LookupAccountName 和 LookupAccountSid 方法。当函数返回时，最后一个参数（称为 accountType）将填充帐户类型。

 [SecurityPermission(SecurityAction.Demand, UnmanagedCode = true)]
 [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
 [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
 [return: MarshalAs(UnmanagedType.Bool)]
 public static extern bool LookupAccountSid(
        [In] string systemName,
        [In, MarshalAs(UnmanagedType.LPArray)] byte[] sid,
        [Out] StringBuilder name,
        [In, Out] ref uint nameLength,
        [Out] StringBuilder referencedDomainName,
        [In, Out] ref uint referencedDomainNameLength,
        [Out] out AccountType accountType);

 [SecurityPermission(SecurityAction.Demand, UnmanagedCode = true)]
 [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
 [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
 [return: MarshalAs(UnmanagedType.Bool)]
 public static extern bool LookupAccountName(
        [In] string systemName,
        [In] string accountName,
        [Out, MarshalAs(UnmanagedType.LPArray)] byte[] sid,
        [In, Out] ref uint sidSize,
        [Out] StringBuilder referencedDomainName,
        [In, Out] ref uint referencedDomainNameLength,
        [Out] out AccountType accountType);


/// <summary>
/// Defines the various account types of a Windows accunt
/// </summary>
public enum AccountType
{
    /// <summary>
    /// No account type
    /// </summary>
    None = 0,
    /// <summary>
    /// The account is a user
    /// </summary>
    User,
    /// <summary>
    /// The account is a security group
    /// </summary>
    Group,
    /// <summary>
    /// The account defines a domain
    /// </summary>
    Domain,
    /// <summary>
    /// The account is an alias
    /// </summary>
    Alias,
    /// <summary>
    /// The account is a well-known group, such as BUILTIN\Administrators
    /// </summary>
    WellknownGroup,
    /// <summary>
    /// The account was deleted
    /// </summary>
    DeletedAccount,
    /// <summary>
    /// The account is invalid
    /// </summary>
    Invalid,
    /// <summary>
    /// The type of the account is unknown
    /// </summary>
    Unknown,
    /// <summary>
    /// The account is a computer account
    /// </summary>
    Computer,
    Label
}

Try the Win32 LookupAccountName and LookupAccountSid methods. The last parameter (called accountType) is filled with the type of account, when the function returns.

 [SecurityPermission(SecurityAction.Demand, UnmanagedCode = true)]
 [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
 [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
 [return: MarshalAs(UnmanagedType.Bool)]
 public static extern bool LookupAccountSid(
        [In] string systemName,
        [In, MarshalAs(UnmanagedType.LPArray)] byte[] sid,
        [Out] StringBuilder name,
        [In, Out] ref uint nameLength,
        [Out] StringBuilder referencedDomainName,
        [In, Out] ref uint referencedDomainNameLength,
        [Out] out AccountType accountType);

 [SecurityPermission(SecurityAction.Demand, UnmanagedCode = true)]
 [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
 [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
 [return: MarshalAs(UnmanagedType.Bool)]
 public static extern bool LookupAccountName(
        [In] string systemName,
        [In] string accountName,
        [Out, MarshalAs(UnmanagedType.LPArray)] byte[] sid,
        [In, Out] ref uint sidSize,
        [Out] StringBuilder referencedDomainName,
        [In, Out] ref uint referencedDomainNameLength,
        [Out] out AccountType accountType);


/// <summary>
/// Defines the various account types of a Windows accunt
/// </summary>
public enum AccountType
{
    /// <summary>
    /// No account type
    /// </summary>
    None = 0,
    /// <summary>
    /// The account is a user
    /// </summary>
    User,
    /// <summary>
    /// The account is a security group
    /// </summary>
    Group,
    /// <summary>
    /// The account defines a domain
    /// </summary>
    Domain,
    /// <summary>
    /// The account is an alias
    /// </summary>
    Alias,
    /// <summary>
    /// The account is a well-known group, such as BUILTIN\Administrators
    /// </summary>
    WellknownGroup,
    /// <summary>
    /// The account was deleted
    /// </summary>
    DeletedAccount,
    /// <summary>
    /// The account is invalid
    /// </summary>
    Invalid,
    /// <summary>
    /// The type of the account is unknown
    /// </summary>
    Unknown,
    /// <summary>
    /// The account is a computer account
    /// </summary>
    Computer,
    Label
}

回复收藏 0 原文