List of Windows "real" users using Win32 API

I'm trying to get a list of the real users on the local machine. By real I mean the users that can physically logon to the system and use it, excluding remote only accounts and the like.

This is what I do already.

• Call NetUserEnum() with FILTER_NORMAL_ACCOUNT.

  I get the following users:

  • __ vmware_user __
  • Administrator
  • Help Assistant
  • ASPNET
  • Guest
  • SUPPORT_xxxxxx

  Note that this are the same users that I get when calling net user from the command line, but in the logon dialog I can only select Administrator. This is what I want.

• From the return list on NetUserEnum(), I can tell which accounts are disabled. That leaves:

  • __ vmware_user __
  • Administrator
  • ASPNET
  • SUPPORT_xxxxxx

• Then I run LsaEnumerateAccountRights() to check which accounts have the SeInteractiveLogonRight.

  All of them have it. Except the real one, Administrator. Some of them have SeDenyInteractiveLogonRight. That leaves me with:

  • __ vmware_user __
  • Administrator (no SeInteractiveLogonRight)

I found somewhere that maybe I should be checking group permissions first, as my user account might be inheriting SeInteractiveLogonRight. So far, I haven't found a way to lis开发者_JS百科t the groups for a given account (SID or name). Tried with NetUserGetGroups() but it turns out that this one only returns domain groups (in my case, "None").

Right now I don't know what else to try. Looks like everything will be easier if I had an 'Access Token' but there seems to be no way of getting that for a user other than the currently logged on. There are like 20 different APIs related to authentication and this is crazy.

I appreciate your help

As you said, the last step probably is just filter the users which belong to Administrators or Users group.

Try the method NetUserGetLocalGroups for enumerating the groups an user belongs to.