How to open LSA API on Win2k in order to determine if a computer is member of domain

N

Nick Dakoronias

Hello Microsoft Security forum readers,

I would appreciate if someone could advise how to use Local Security
Authority (LSA) API on Win2000 SP4 Server
in order to determine if the specific computer is a member of a domain, a
member of a workgroup, or a stand-alone computer.
The input I have so far, is that I need to follow these steps:
1. Open the Policy object of the local computer by using
LsaOpenPolicy.

2. Use LsaQueryInformationPolicy to retrieve domain information.
3. Check the value of the security identifier (SID) field.
If the value is NULL, the computer is either a stand-alone computer or
part of a workgroup.
If the Name field points to a string that matches the local workstation
name, the computer is a stand-alone computer.
Otherwise, the Name field points to the workgroup name.
4. If the SID pointer has a value, the computer is part of a domain. The
domain name is stored in the Name field.

Do these steps above refer on Local security policy -> Security options ?
If this is the case which is the setting for SID?

Many thanks in advance for your time and support.

Regards, Nick
ITS Athens
 
J

jwgoerlich@gmail.com

Re: How to open LSA API on Win2k in order to determine if a computer is member of domain

Hello Nick,

This looks like a lot of work to get the computer's domain. There are
more direct methods in .Net and scripting. What language are you
writing in?

J Wolfgang Goerlich

On Oct 17, 5:45 am, "Nick Dakoronias" <dakor...@gr.ibm.com> wrote:
> Hello Microsoft Security forum readers,
>
> I would appreciate if someone could advise how to use Local Security
> Authority (LSA) API on Win2000 SP4 Server
> in order to determine if the specific computer is a member of a domain, a
> member of a workgroup, or a stand-alone computer.
> The input I have so far, is that I need to follow these steps:
> 1. Open the Policy object of the local computer by using
> LsaOpenPolicy.
>
> 2. Use LsaQueryInformationPolicy to retrieve domain information.
> 3. Check the value of the security identifier (SID) field.
> If the value is NULL, the computer is either a stand-alone computer or
> part of a workgroup.
> If the Name field points to a string that matches the local workstation
> name, the computer is a stand-alone computer.
> Otherwise, the Name field points to the workgroup name.
> 4. If the SID pointer has a value, the computer is part of a domain. The
> domain name is stored in the Name field.
>
> Do these steps above refer on Local security policy -> Security options ?
> If this is the case which is the setting for SID?
>
> Many thanks in advance for your time and support.
>
> Regards, Nick
> ITS Athens
 
N

Nick Dakoronias

Re: How to open LSA API on Win2k in order to determine if a computer is member of domain

Hello Wolfrag,
Pls let me clarify the following:
I am not a developer or programmer (at least for a long time).
I just receive a security vulnerabilty notification from my company's
security team that alerted me to fix it.
We have such periodical scan reports in our company.
The issue is how to resolve this..
Is there any clear article or step by step guidance?

Thanks in advance for your time and support
]Nick

<jwgoerlich@gmail.com> wrote in message
news:1192639756.587980.111410@y27g2000pre.googlegroups.com...
> Hello Nick,
>
> This looks like a lot of work to get the computer's domain. There are
> more direct methods in .Net and scripting. What language are you
> writing in?
>
> J Wolfgang Goerlich
>
> On Oct 17, 5:45 am, "Nick Dakoronias" <dakor...@gr.ibm.com> wrote:
> > Hello Microsoft Security forum readers,
> >
> > I would appreciate if someone could advise how to use Local Security
> > Authority (LSA) API on Win2000 SP4 Server
> > in order to determine if the specific computer is a member of a domain,
a
> > member of a workgroup, or a stand-alone computer.
> > The input I have so far, is that I need to follow these steps:
> > 1. Open the Policy object of the local computer by using
> > LsaOpenPolicy.
> >
> > 2. Use LsaQueryInformationPolicy to retrieve domain information.
> > 3. Check the value of the security identifier (SID) field.
> > If the value is NULL, the computer is either a stand-alone computer
or
> > part of a workgroup.
> > If the Name field points to a string that matches the local
workstation
> > name, the computer is a stand-alone computer.
> > Otherwise, the Name field points to the workgroup name.
> > 4. If the SID pointer has a value, the computer is part of a domain.
The
> > domain name is stored in the Name field.
> >
> > Do these steps above refer on Local security policy -> Security options
?
> > If this is the case which is the setting for SID?
> >
> > Many thanks in advance for your time and support.
> >
> > Regards, Nick
> > ITS Athens
>
>
 
J

jwgoerlich@gmail.com

Re: How to open LSA API on Win2k in order to determine if a computer is member of domain

I use the following VBScript to get the domain information. It prints
this two ways: the Windows NT domain name and the longer fully
qualified domain name. To test, copy the text below into a file such
as whatdomain.vbs. Double-click whatdomain.vbs, and it will display
the domain name in message boxes.

'--------------------------------------------------------------------------------
Set objSysInfo = CreateObject("ADSystemInfo")
domain = objSysInfo.DomainShortName
MsgBox "WinNT://" + domain
MsgBox objSysInfo.DomainDNSName
'--------------------------------------------------------------------------------

For auditing purposes, you might edit this to write output to a file
or a report. Look to Microsoft's web site and the "Hey Scripting Guy"
articles to provide more information on scripting.

Regards,

J Wolfgang Goerlich


On Oct 18, 2:13 am, "Nick Dakoronias" <dakor...@gr.ibm.com> wrote:
> Hello Wolfgang,
> Pls let me clarify the following:
> I am not a developer or programmer (at least for a long time).
> I just receive a security vulnerabilty notification from my company's
> security team that alerted me to fix it.
> We have such periodical scan reports in our company.
> The issue is how to resolve this..
> Is there any clear article or step by step guidance?
>
> Thanks in advance for your time and support
> ]Nick
>
> <jwgoerl...@gmail.com> wrote in message
>
> news:1192639756.587980.111410@y27g2000pre.googlegroups.com...
>
>
>
> > Hello Nick,
>
> > This looks like a lot of work to get the computer's domain. There are
> > more direct methods in .Net and scripting. What language are you
> > writing in?
>
> > J Wolfgang Goerlich
>
> > On Oct 17, 5:45 am, "Nick Dakoronias" <dakor...@gr.ibm.com> wrote:
> > > Hello Microsoft Security forum readers,
>
> > > I would appreciate if someone could advise how to use Local Security
> > > Authority (LSA) API on Win2000 SP4 Server
> > > in order to determine if the specific computer is a member of a domain,
> a
> > > member of a workgroup, or a stand-alone computer.
> > > The input I have so far, is that I need to follow these steps:
> > > 1. Open the Policy object of the local computer by using
> > > LsaOpenPolicy.
>
> > > 2. Use LsaQueryInformationPolicy to retrieve domain information.
> > > 3. Check the value of the security identifier (SID) field.
> > > If the value is NULL, the computer is either a stand-alone computer
> or
> > > part of a workgroup.
> > > If the Name field points to a string that matches the local
> workstation
> > > name, the computer is a stand-alone computer.
> > > Otherwise, the Name field points to the workgroup name.
> > > 4. If the SID pointer has a value, the computer is part of a domain.
> The
> > > domain name is stored in the Name field.
>
> > > Do these steps above refer on Local security policy -> Security options
> ?
> > > If this is the case which is the setting for SID?
>
> > > Many thanks in advance for your time and support.
>
> > > Regards, Nick
> > > ITS Athens- Hide quoted text -
>
> - Show quoted text -
 
N

Nick Dakoronias

Re: How to open LSA API on Win2k in order to determine if a computer is member of domain

Dear Wolfgang,
At first, my appreciation for your time and effort.
I have performed the exact steps as per your advise, but I receive an error
msg:
The specified domain either doesn't exist or could not be cotancted.
Below is the attached error snapshot
Does this error mean something to you? Is this a valid error?
Many thanks once more for your support.

Regards, Nick.

<jwgoerlich@gmail.com> wrote in message
news:1192709317.726926.282970@q3g2000prf.googlegroups.com...
> I use the following VBScript to get the domain information. It prints
> this two ways: the Windows NT domain name and the longer fully
> qualified domain name. To test, copy the text below into a file such
> as whatdomain.vbs. Double-click whatdomain.vbs, and it will display
> the domain name in message boxes.
>
>
'---------------------------------------------------------------------------
-----
> Set objSysInfo = CreateObject("ADSystemInfo")
> domain = objSysInfo.DomainShortName
> MsgBox "WinNT://" + domain
> MsgBox objSysInfo.DomainDNSName
>
'---------------------------------------------------------------------------
-----
>
> For auditing purposes, you might edit this to write output to a file
> or a report. Look to Microsoft's web site and the "Hey Scripting Guy"
> articles to provide more information on scripting.
>
> Regards,
>
> J Wolfgang Goerlich
>
>
> On Oct 18, 2:13 am, "Nick Dakoronias" <dakor...@gr.ibm.com> wrote:
> > Hello Wolfgang,
> > Pls let me clarify the following:
> > I am not a developer or programmer (at least for a long time).
> > I just receive a security vulnerabilty notification from my company's
> > security team that alerted me to fix it.
> > We have such periodical scan reports in our company.
> > The issue is how to resolve this..
> > Is there any clear article or step by step guidance?
> >
> > Thanks in advance for your time and support
> > ]Nick
> >
> > <jwgoerl...@gmail.com> wrote in message
> >
> > news:1192639756.587980.111410@y27g2000pre.googlegroups.com...
> >
> >
> >
> > > Hello Nick,
> >
> > > This looks like a lot of work to get the computer's domain. There are
> > > more direct methods in .Net and scripting. What language are you
> > > writing in?
> >
> > > J Wolfgang Goerlich
> >
> > > On Oct 17, 5:45 am, "Nick Dakoronias" <dakor...@gr.ibm.com> wrote:
> > > > Hello Microsoft Security forum readers,
> >
> > > > I would appreciate if someone could advise how to use Local Security
> > > > Authority (LSA) API on Win2000 SP4 Server
> > > > in order to determine if the specific computer is a member of a
domain,
> > a
> > > > member of a workgroup, or a stand-alone computer.
> > > > The input I have so far, is that I need to follow these steps:
> > > > 1. Open the Policy object of the local computer by using
> > > > LsaOpenPolicy.
> >
> > > > 2. Use LsaQueryInformationPolicy to retrieve domain information.
> > > > 3. Check the value of the security identifier (SID) field.
> > > > If the value is NULL, the computer is either a stand-alone
computer
> > or
> > > > part of a workgroup.
> > > > If the Name field points to a string that matches the local
> > workstation
> > > > name, the computer is a stand-alone computer.
> > > > Otherwise, the Name field points to the workgroup name.
> > > > 4. If the SID pointer has a value, the computer is part of a
domain.
> > The
> > > > domain name is stored in the Name field.
> >
> > > > Do these steps above refer on Local security policy -> Security
options
> > ?
> > > > If this is the case which is the setting for SID?
> >
> > > > Many thanks in advance for your time and support.
> >
> > > > Regards, Nick
> > > > ITS Athens- Hide quoted text -
> >
> > - Show quoted text -
>
>
 
You must log in or register to reply here.

Similar threads

R
Local password policy is off; password does not meet complexity requirements
Replies
0
Views
39
Rob_723
R
A
How to do a profile from a server, but that the system's hidden (domain) would show workgroup?
Replies
0
Views
33
Adomas Kamunavičius
A
A
How to do settings a profile from a server, but that the system a hidden (domain) would show workgroup?
Replies
0
Views
32
Adomas Kamunavičius
A
D
Disabled a computer account and then enabled it but still cannot log in to the domain
Replies
0
Views
45
DesiganReddy
D
P
Some computers are not able to process group policy after local domain controller is shut down
Replies
0
Views
40
Patfan1970
P
Back
Top Bottom