Why the LogonUser function always return true using the LOGON32_LOGON_NETWORK mode?

Question

I need to use the LogonUser WinApi function on my Server App, but this function always returns true no matter if the user and password match or exists. This only happens when the mode passed to the function is LOGON32_LOGON_NETWORK

{$APPTYPE CONSOLE}


uses
  SysUtils,
  Windows;
var
  hUser : THandle;
  res   : Boolean;
begin
    try
      res := LogonUser(LPWSTR('user'),
                              LPWSTR(nil),
                              LPWSTR('password'),
                              LOGON32_LOGON_NETWORK,
                              LOGON32_PROVIDER_DEFAULT,
                              hUser);


    finally
      if hUser>0 then
      CloseHandle(hUser);
    end;
    Writeln(BoolToStr(res, true));
    readln;
end.

If I use LOGON32_LOGON_INTERACTIVE instead, the function works properly (returns true or false depending of the user and password passed).

Note : I'm using the LOGON32_LOGON_NETWORK logon type because the documentation says which is the fastest.

Why the LogonUser function always return true using the LOGON32_LOGON_NETWORK mode?

UPDATE

The issue occurs in Windows 7 64 bits Ultimate

In Windows 7 32 bits professional works fine.

Answer 1

I can reproduce your issue, it seems related to the guest account and the security policies. First when you uses the LogonUser function a New event security is generated. You can check the user account logged in that window.

Check the next image (Invitado=Guest in spanish)

So in this case no matter which user you uses the guest user is used to log on. You can fix this behavior modifying the local security policies, disabling the guest account status.