How to open LSA API on Win2k in order to determine if a computer is member of domain

Discussion in 'Security Software' started by Nick Dakoronias, Oct 17, 2007.

  1. Hello Microsoft Security forum readers,

    I would appreciate if someone could advise how to use Local Security
    Authority (LSA) API on Win2000 SP4 Server
    in order to determine if the specific computer is a member of a domain, a
    member of a workgroup, or a stand-alone computer.
    The input I have so far, is that I need to follow these steps:
    1. Open the Policy object of the local computer by using
    LsaOpenPolicy.

    2. Use LsaQueryInformationPolicy to retrieve domain information.
    3. Check the value of the security identifier (SID) field.
    If the value is NULL, the computer is either a stand-alone computer or
    part of a workgroup.
    If the Name field points to a string that matches the local workstation
    name, the computer is a stand-alone computer.
    Otherwise, the Name field points to the workgroup name.
    4. If the SID pointer has a value, the computer is part of a domain. The
    domain name is stored in the Name field.

    Do these steps above refer on Local security policy -> Security options ?
    If this is the case which is the setting for SID?

    Many thanks in advance for your time and support.

    Regards, Nick
    ITS Athens
     
    Nick Dakoronias, Oct 17, 2007
    #1
    1. Advertisements

  2. Nick Dakoronias

    jwgoerlich Guest

    Hello Nick,

    This looks like a lot of work to get the computer's domain. There are
    more direct methods in .Net and scripting. What language are you
    writing in?

    J Wolfgang Goerlich
     
    jwgoerlich, Oct 17, 2007
    #2
    1. Advertisements

  3. Hello Wolfrag,
    Pls let me clarify the following:
    I am not a developer or programmer (at least for a long time).
    I just receive a security vulnerabilty notification from my company's
    security team that alerted me to fix it.
    We have such periodical scan reports in our company.
    The issue is how to resolve this..
    Is there any clear article or step by step guidance?

    Thanks in advance for your time and support
    ]Nick
     
    Nick Dakoronias, Oct 18, 2007
    #3
  4. Nick Dakoronias

    jwgoerlich Guest

    I use the following VBScript to get the domain information. It prints
    this two ways: the Windows NT domain name and the longer fully
    qualified domain name. To test, copy the text below into a file such
    as whatdomain.vbs. Double-click whatdomain.vbs, and it will display
    the domain name in message boxes.

    '--------------------------------------------------------------------------------
    Set objSysInfo = CreateObject("ADSystemInfo")
    domain = objSysInfo.DomainShortName
    MsgBox "WinNT://" + domain
    MsgBox objSysInfo.DomainDNSName
    '--------------------------------------------------------------------------------

    For auditing purposes, you might edit this to write output to a file
    or a report. Look to Microsoft's web site and the "Hey Scripting Guy"
    articles to provide more information on scripting.

    Regards,

    J Wolfgang Goerlich


     
    jwgoerlich, Oct 18, 2007
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.