在使用简单域用户进行模拟后,我有一个问题是获取Windows Server 2016计算机的SID [英] I have a problem to get SID of the machine that is Windows Server 2016 after impersonation with the simple domain user
问题描述
全部!
Hi, All!
我有问题得到机器的SID Windows Server 2016 模仿以下域用户后:
I have a problem to get SID of the machine that is Windows Server 2016 after impersonation with the following domain user:
User is域中具有本地"高级用户"的简单用户&安培; "备份操作员"会员资格。
我用dwLevel = 2调用以下函数以获取机器的SID:
I am calling the following function with dwLevel = 2 in order to get SID of the machine:
nStatus = NetUserModalsGet ( m_ip , dwLevel ,
( LPBYTE *)
& tmpBuf );
nStatus = NetUserModalsGet( m_ip, dwLevel, (LPBYTE *) &tmpBuf);
并收到错误 0x00000005 ERROR_ACCESS_DENIED -
用户无权访问所请求的信息。
and receiving the error 0x00000005 ERROR_ACCESS_DENIED - The user does not have access to the requested information.
此功能适用于同一用户 Windows Server 2008 ,但是对于 Windows
服务器2016 它不起作用。如果模拟与 Domain Admins group,该函数可以正常工作
。
This function worked fine for the same user for Windows Server 2008, but for Windows Server 2016 it doesn’t work. In case impersonation with the user who is member of Domain Admins group, the function works fine.
我的问题是用户调用 NetUserModalsGet 功能
,如果 Windows Server 2016 ?也许我可以创建另一个可以获取此信息的用户(Domain Admins用户除外)?
My question is what are user’s restriction for calling the NetUserModalsGet function in case Windows Server 2016? Maybe I can create another user (other than Domain Admins user) that can get this information?
提前谢谢。
Thanks in advance.
推荐答案
您好Daniel_TechNet,
Hi Daniel_TechNet,
感谢您在此处发帖。
>>"我的问题是在Windows Server 2016中调用NetUserModalsGet功能的用户限制是什么?" ;
>>" My question is what are user’s restriction for calling the NetUserModalsGet function in case Windows Server 2016? "
安全数据库是用户的限制,它是安全帐户管理器(SAM)数据库,或者在域控制器的情况下, Active Directory。
Security database is user's restriction, which is the security accounts manager (SAM) database or, in the case of domain controllers, the Active Directory.
如果在运行Active Directory的域控制器上调用此函数,则根据
的访问控制列表(ACL)允许或拒绝访问a href ="https://msdn.microsoft.com/en-us/library/windows/desktop/aa379557(v=vs.85).aspx">
安全对象。默认ACL允许所有经过身份验证的用户和" Pre-Windows 的成员; 2000兼容的ac塞斯"组查看信息。
If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the access control list (ACL) for the securable object. The default ACL permits all authenticated users and members of the "Pre-Windows 2000 compatible access" group to view the information.
如果在成员服务器或工作站上调用此函数,则所有经过身份验证的用户都可以查看信息。
If you call this function on a member server or workstation, all authenticated users can view the information.
安全描述符Domain对象用于执行此功能的访问检查。
The security descriptor of the Domain object is used to perform the access check for this function.
有关详细信息,请参阅
文档,我希望它会有所帮助。
For more information, please see the documentation, I hope it would be helpful.
最诚挚的问候,
Hart
这篇关于在使用简单域用户进行模拟后,我有一个问题是获取Windows Server 2016计算机的SID的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
