Wilson WindowWare Tech Support

WinBatch WinBatch+Compiler WebBatch
Home | Tech Database | Tech BBS | White Papers | Purchase

Trusting Domain List 

Keywords: 	  Trusting domain list  wntLsaPolGet() wntPrivList() wntMemberGrps()

Question:

  1. Is there a way to find list of "Trusting" domain in NT 4.0
  2. All domain account policy
  3. All User right from a machine

Answer:

  1. I'm pretty sure that #3 can be satisifed with a combination of wntMemberGrps() and wntPrivList(). Please note that since global groups can be members of local groups on a workstation, it will be necessary to use wntMemberGrps() on each global group to determine local group membership. Then, wntPrivList() can be used on the user account and all local groups and global groups to determine what privileges have been granted to any of the objects that comprise the user's access token. Adding all of the resulting privileges together into one big list, sorting the list and removing duplicates will give the effective privileges that any user has on a given workstation. This seems like a candidate for a UDF instead of new extender function.

  2. It looks like #2 can be satisfied by the use of wntLsaPolGet(), unless I've got a mistaken understanding of what's being asked for.

  3. Item #1 in the list is trickier but still doable with existing functions AFAIK. Specifically, the function wntUserList() must be used with a flag value of 8 (eight) to list all of the domain trust accounts. Each name that is retrieved should be examined further with wntUserGetDat() to verify that the flag bit mask includes the value 2048, which indicates that the trust account is used for an interdomain trust relationship. 
Article ID:   W14886