List of Windows "real" users using Win32 API

Question

I'm trying to get a list of the real users on the local machine. By real I mean the users that can physically logon to the system and use it, excluding remote only accounts and the like.

This is what I do already.

• Call NetUserEnum() with FILTER_NORMAL_ACCOUNT.

  I get the following users:

  • __ vmware_user __
  • Administrator
  • Help Assistant
  • ASPNET
  • Guest
  • SUPPORT_xxxxxx

  Note that this are the same users that I get when calling net user from the command line, but in the logon dialog I can only select Administrator. This is what I want.

• From the return list on NetUserEnum(), I can tell which accounts are disabled. That leaves:

  • __ vmware_user __
  • Administrator
  • ASPNET
  • SUPPORT_xxxxxx

• Then I run LsaEnumerateAccountRights() to check which accounts have the SeInteractiveLogonRight.

  All of them have it. Except the real one, Administrator. Some of them have SeDenyInteractiveLogonRight. That leaves me with:

  • __ vmware_user __
  • Administrator (no SeInteractiveLogonRight)

I found somewhere that maybe I should be checking group permissions first, as my user account might be inheriting SeInteractiveLogonRight. So far, I haven't found a way to list the groups for a given account (SID or name). Tried with NetUserGetGroups() but it turns out that this one only returns domain groups (in my case, "None").

Right now I don't know what else to try. Looks like everything will be easier if I had an 'Access Token' but there seems to be no way of getting that for a user other than the currently logged on. There are like 20 different APIs related to authentication and this is crazy.

I appreciate your help

Answer 1

As you said, the last step probably is just filter the users which belong to Administrators or Users group.

Try the method NetUserGetLocalGroups for enumerating the groups an user belongs to.