/*
* =====================================================================================
* Filename: userGroup.cpp
* Description: add user
* Created: 2014年11月22日15:27:18
* Author: wzy
*
* lpServerName: 传入参数, 域名, 不带双反斜杠
* lpUserName: 传入参数, 用户, 以杠零结束的字符串
* lpUserPwd: 传入参数, 密码, 以杠零结束的字符串
* other:
* =====================================================================================
*/
CREATE_RETURN_RES createNewUser(LPTSTR lpServerName, LPTSTR lpUserName, LPTSTR lpUserPwd, BOOL bAdmin)
{
WriteLog("createNewUser: domain is %s, username is %s, userpwd is %s\n", WideCharToChar(lpServerName), WideCharToChar(lpUserName), WideCharToChar(lpUserPwd));
USER_INFO_4 ui = {};
DWORD dwLevel = ;
DWORD dwError = ;
LPBYTE lpBuf = NULL;
LPTSTR pwServerName = NULL;
NET_API_STATUS nStatus;
int err = ; CREATE_RETURN_RES cRes = e_CREATE_FAILED; do
{ if (NULL == lpUserName)
{
break ;
} DWORD dwLen = _tcslen(lpServerName); TCHAR buffer[] = {};
DWORD dwSize = sizeof(buffer);
GetComputerNameEx(ComputerNameDnsDomain, buffer, &dwSize);// buffer本机所属域名 CString str;
str.SetString(buffer); TCHAR chServerName[] = _T("\\\\");
pwServerName = lstrcat(chServerName, str.GetBuffer()); do
{
if ( == _tcscmp(lpServerName, _T("NULL")) || (NULL == lpServerName))
{
pwServerName = NULL;
lpServerName = NULL;
WriteLog("域名字段填的为无,将创建本地用户\n");
break ;
} if (FALSE == IsDomainUser()) // 本地计算机名 == 本机所属域名
{
pwServerName = NULL;
WriteLog("本机不在域中,无法创建域用户,将创建本地用户\n");
break ;
}
else // 在域中
{
if ( != _tcscmp((buffer), lpServerName)) // 判断用户输入的域名是否合法
{
WriteLog("用户所输入的域名和本机所在的域不一致,将创建本地用户. 本机所属域名=%s, 用户输入的域名=%s\n", WideCharToChar(buffer), WideCharToChar(lpServerName));
break;
}
}
} while (); ui.usri4_name = lpUserName;
ui.usri4_password = lpUserPwd;
ui.usri4_priv = USER_PRIV_USER;
ui.usri4_home_dir = NULL;
ui.usri4_comment = NULL;
ui.usri4_full_name = lpUserName;
ui.usri4_flags = UF_SCRIPT;
ui.usri4_profile = NULL; nStatus = NetUserGetInfo(lpServerName, ui.usri4_name, , (LPBYTE *)&lpBuf); //If this parameter1 is NULL, then the local computer is used
DWORD asdf = nStatus; if (ERROR_ACCESS_DENIED == nStatus)
{
MessageBox(NULL,_T("访问拒绝"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_ACCESS_DENIED;
break ;
}
else if (ERROR_BAD_NETPATH == nStatus)
{
MessageBox(NULL,_T("网络路径不可用"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_BAD_NETPATH;
break ;
}
else if (ERROR_INVALID_LEVEL == nStatus)
{
MessageBox(NULL,_T("无效的级别"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_INVALID_LEVEL;
break ;
}
else if (NERR_InvalidComputer == nStatus)
{
MessageBox(NULL,_T("无效的电脑"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_InvalidComputer;
break ;
}
else if (NERR_Success == nStatus) // 已存在
{ MessageBox(NULL,_T("用户已存在,请重新输入用户名"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_USER_EXIST;
break ;
}
else if (NERR_UserNotFound == nStatus) // 不存在,创建
{
ui.usri4_primary_group_id = DOMAIN_GROUP_RID_USERS;
ui.usri4_flags = UF_DONT_EXPIRE_PASSWD;
ui.usri4_acct_expires = TIMEQ_FOREVER;
//ui.usri4_priv = USER_PRIV_USER;
ui.usri4_priv = USER_PRIV_ADMIN;
ui.usri4_logon_hours = NULL;
ui.usri4_script_path = NULL; //int n = NetUserSetInfo(lpServerName, lpUserName, 4, (LPBYTE)&ui, &dwError); nStatus = NetUserAdd(lpServerName, dwLevel, (LPBYTE)&ui, &dwError);//If this parameter1 is NULL, then the local computer is used TakeOwnshipOfDiretory(ui.usri4_home_dir, ui.usri4_name, pwServerName); if (NERR_Success == nStatus)// 创建成功,移入User和Remote Desktop Users组
{
cRes = e_CREATE_SUCCESS; if (!SetUserToUserGroup(pwServerName, ui.usri4_name, bAdmin))
{
ui.usri4_flags |= UF_DONT_EXPIRE_PASSWD;
break;
}
}
else if (NERR_Success != nStatus) // 创建失败
{
if (NERR_UserNotInGroup == nStatus)
{ }
if(NERR_PasswordTooShort == nStatus)
{
MessageBox(NULL,_T("Password Not Match Policy"),_T("错误"),MB_OK|MB_ICONERROR);
WriteLog("Crate Failed Because PasswordTooShort, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus);
cRes = e_CREATE_PasswordTooShort;
break ;
}
else if (NERR_UserNotInGroup == nStatus)
{
MessageBox(NULL,_T("UserNotInGroup"),_T("错误"),MB_OK|MB_ICONERROR);
WriteLog("Crate Failed Because UserNotInGroup, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus);
cRes = e_CREATE_UserNotInGroup;
break ;
}
else if (NERR_UserExists == nStatus)
{
MessageBox(NULL,_T("UserExists"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_USER_EXIST;
break ;
} else if(NERR_GroupExists == nStatus)
{
MessageBox(NULL,_T("GroupExists"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_GroupExists;
}
else if (NERR_NotPrimary == nStatus)
{
MessageBox(NULL,_T("NotPrimary"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_NotPrimary;
break ;
}
else if (NERR_InvalidComputer == nStatus)
{
MessageBox(NULL,_T("InvalidComputer"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_InvalidComputer;
break ;
}
else if (ERROR_ACCESS_DENIED == nStatus)
{
MessageBox(NULL,_T("ACCESS_DENIED"),_T("错误"),MB_OK|MB_ICONERROR);
WriteLog("Crate Failed, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus);
cRes = e_CREATE_ACCESS_DENIED;
break ;
}
else
{
MessageBox(NULL,_T("创建用户失败"),_T("错误"),MB_OK|MB_ICONERROR);
WriteLog("Crate Failed Because PasswordTooShort, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus);
err = GetLastError();
cRes = e_CREATE_FAILED;
break ;
}
} // endif
}
else
{
break ;
} } while (); if (NULL != ui.usri4_name)
{
ui.usri4_name = NULL;
}
if (NULL != ui.usri4_password)
{
ui.usri4_password = NULL;
}
if (NULL != ui.usri4_home_dir)
{
ui.usri4_home_dir = NULL;
}
if(NULL != ui.usri4_comment)
{
ui.usri4_comment = NULL;
}
if (NULL != ui.usri4_full_name)
{
ui.usri4_full_name = NULL;
}
if (NULL != ui.usri4_profile)
{
ui.usri4_profile = NULL;
}
if (NULL != ui.usri4_script_path)
{
ui.usri4_script_path = NULL;
} return cRes;
}
BOOL IsDomainUser()
{
TCHAR *pDomainName = NULL;
DWORD dwDomainNameSize = ; TCHAR compName[] = {};
DWORD dwCompNameLen = ;
do
{
//Minimum supported client: Windows Vista
//Minimum supported server: Windows Server 2003
BOOL bRes = WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE,WTS_CURRENT_SESSION,WTSDomainName,&pDomainName,&dwDomainNameSize);
if (bRes == FALSE)
{
return FALSE;
}
GetComputerName(compName, &dwCompNameLen);
int ret = lstrcmpi(pDomainName,compName);
WTSFreeMemory(pDomainName); if ( != ret)
{
return TRUE; // 域名 != 计算机名, 在域中
} } while (); return FALSE; // 域名 == 计算机名, 不在域中
}
BOOL TakeOwnshipOfDiretory(wchar_t *pwDir,wchar_t *pwUserName,wchar_t *pwServerName)
{
USER_INFO_4 *pUserInfo4 = NULL;
DWORD nStatus;
BOOL bRet = FALSE;
PSID pSIDAdmin = NULL;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
EXPLICIT_ACCESS ea[] = {};
PACL pACL = NULL;
PSECURITY_DESCRIPTOR pSD = NULL; do
{
nStatus = NetUserGetInfo(pwServerName, pwUserName, , (LPBYTE *)&pUserInfo4);
if(NERR_Success != nStatus)
{
printf("NetUserGetInfo failed\n");
break;
}
nStatus = GetNamedSecurityInfoW(pwDir, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD);
if(NERR_Success != nStatus)
{
printf("GetNamedSecurityInfo Failed\n");
break;
}
if(FALSE == SetSecurityDescriptorControl(pSD, SE_DACL_PROTECTED, SE_DACL_PROTECTED))
{
printf("SetSecurityDescriptorControl failed\n");
break;
}
if(FALSE == SetFileSecurityW(pwDir, DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION, pSD))
{
printf("SetFileSecurity failed\n");
break;
}
if(FALSE == AllocateAndInitializeSid(&SIDAuthNT, , SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, , , , , , , &pSIDAdmin))
{
printf("AllocataAndInitializeSid failed\n");
break;
} ea[].grfAccessPermissions = SPECIFIC_RIGHTS_ALL|STANDARD_RIGHTS_ALL;
ea[].grfAccessMode = GRANT_ACCESS;
ea[].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
ea[].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[].Trustee.TrusteeType = TRUSTEE_IS_USER;
ea[].Trustee.ptstrName = (LPTSTR)pUserInfo4->usri4_user_sid; // Set full control for Administrators.
ea[].grfAccessPermissions = SPECIFIC_RIGHTS_ALL|STANDARD_RIGHTS_ALL;
ea[].grfAccessMode = GRANT_ACCESS;
ea[].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
ea[].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[].Trustee.ptstrName = (LPTSTR)pSIDAdmin; if(NERR_Success != SetEntriesInAcl(, ea, NULL, &pACL))
{
printf("set entriesInAcl failed\n");
break;
}
if(NERR_Success != SetNamedSecurityInfoW(pwDir,SE_FILE_OBJECT,DACL_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION, NULL, pSIDAdmin,pACL,NULL))
{
printf("SetNamedSecurityInfo FAILED\n");
break;
}
bRet =TRUE; } while (); if(NULL != pUserInfo4)
{
NetApiBufferFree(pUserInfo4);
}
if(NULL != pSD)
{
LocalFree(pSD);
}
if(NULL == pSIDAdmin)
{
FreeSid(pSIDAdmin);
}
if(NULL != pACL)
{
LocalFree(pACL);
} return bRet;
} // lpServerName 是带双斜杠的域名
BOOL SetUserToUserGroup(LPTSTR lpServerName,LPTSTR lpUserName, BOOL bAdmin)
{
NET_API_STATUS netStatus;
BOOL bOK = FALSE; do
{
LOCALGROUP_MEMBERS_INFO_3 LGMInfo;
LGMInfo.lgrmi3_domainandname = lpUserName; netStatus = NetLocalGroupAddMembers(lpServerName, _T("Users"), ,(LPBYTE)&LGMInfo, );
if (NERR_Success != netStatus && ERROR_MEMBER_IN_ALIAS != netStatus)
{
TCHAR chErr[] = {};
wsprintf(chErr,_T("%s Users %s,%d"),_T("加入"), _T("失败"),GetLastError());
MessageBox(NULL,chErr,_T("错误"),MB_OK|MB_ICONERROR);
break;
} netStatus = NetLocalGroupAddMembers(lpServerName,_T("Remote Desktop Users"), , (LPBYTE)&LGMInfo, );
if (NERR_Success != netStatus && ERROR_MEMBER_IN_ALIAS != netStatus)
{
TCHAR chErr[] = {};
wsprintf(chErr,_T("%s Remote Desktop Users %s,%d"),_T("加入"), _T("失败"),GetLastError());
MessageBox(NULL,chErr,_T("错误"),MB_OK|MB_ICONERROR);
break;
} if (bAdmin)
{
netStatus = NetLocalGroupAddMembers(NULL,L"Administrators",,(LPBYTE)&LGMInfo,);
if (NERR_Success != netStatus && ERROR_MEMBER_IN_ALIAS != netStatus)
{
TCHAR chErr[] = {};
wsprintf(chErr,_T("%s Administrators s%s,%d"),_T("加入"), _T("失败"),GetLastError());
MessageBox(NULL,chErr,_T("错误"),MB_OK|MB_ICONERROR);
break;
}
}
bOK = TRUE; } while (); return bOK;
}
windows server 2008 - 创建域和本机用户的更多相关文章
-
Windows Server 2008创建域环境
介绍一下域环境搭建,域主要用于中大型企业,小型企业计算机数量不多,而中大型企业计算机比较多,使用域可以方便管理,安全性也比在工作组中安全 1.安装完操作系统默认都属于WORKGROUP工作组. 2.安 ...
-
Windows Server 2008搭建域控制器《转载51CTO.com》
Windows Server 2008搭建域控制器 引入 在小型网络中,管理员通常独立管理每一台计算机,如最为常用的用户管理.但当网络规模扩大到一定程度后,如超过 10 台计算机,而每台计算机上有 1 ...
-
Windows Server 2008 R2域控组策略设置禁用USB
问题: Windows Server 2008 R2域控服务器如何禁用客户端使用USB移动存储(客户端操作系统需要 Windows Vista以上的操作系统,XP以下的操作系统不能禁用USB移动存储) ...
-
windows server 2008 R2域中的DC部署 分类: AD域 Windows服务 2015-06-06 21:09 68人阅读 评论(0) 收藏
整个晚上脑子都有点呆滞,想起申请注册好的博客还从来都不曾打理,上来添添生机.从哪里讲起呢,去年有那么一段时间整个人就陷在域里拔不出来,于是整理了一些文档,害怕自己糊里糊涂的脑子将这些东西会在一觉醒来全 ...
-
Windows Server 2008搭建域控制器
前言 1.为什么要建域 工作组的分散管理模式不适合大型的网络环境下工作,域模式就是针对大型的网络管理需求设计的,就是共享用户账号,计算机账号和安全策略的计算机集合.域中集中存储用户账号的计算机就是域控 ...
-
Windows Server 2008 R2 域控制器部署指南
一.域控制器安装步骤: 1.装 Windows Server 2008 R2并配置计算机名称和IP地址(见 附录一) 2.点击“开始”,在“搜索程序和文件”中输入Dcpromo.exe后按回车键: 3 ...
-
(转)Windows Server 2008 R2 域控制器部署指南
转自:https://technet.microsoft.com/zh-cn/cloud/gg462955.aspx 一.域控制器安装步骤: 1.装 Windows Server 2008 R2并配置 ...
-
windows server 2008 远程桌面(授权、普通用户登录)~ .
大家好,因公司上ERP系统,用户端需要远程到服务器,但大家都知道微软默认只有2个,所以没有办法达到我公司的要求. 在网上找了很久也没有找到合适的文章,要不就这里说一点,那里说一点,没有一个全的,还有很 ...
-
Windows Server 2008防火墙问题及Sql Server2005用户登录问题
一.Windows Server 2008防火墙问题 1. 问题: 1.在 Windows 安全中心中单击“立即打开”以打开 Windows 防火墙时,会收到以下错误消息:安全中心无法打开 Wind ...
随机推荐
-
LA 5713 秦始皇修路 MST
题目链接:http://vjudge.net/contest/144221#problem/A 题意: 秦朝有n个城市,需要修建一些道路使得任意两个城市之间都可以连通.道士徐福声称他可以用法术修路,不 ...
-
Singleton in C++11 style
#include <iostream> #include <memory> #include <mutex> class SingletonOld { static ...
-
IT人 转型
IT人 转型 转自: http://blog.sina.com.cn/s/blog_88534dff0101232b.html “35岁,技术生涯即告终结.”这种说法在it界得到众多人认可, ...
-
Linux Free命令各数字含义及Buffer和Cache的区别
Linux Free命令各数字含义及Buffer和Cache的区别 Free 命令的各数字含义 命令演示 [root@vm1 ~]# free total used free shared buffe ...
-
BZOJ4157 : 星际瘟疫
首先剔除所有从$R$不可到达的点,然后用Lengauer-Tarjan算法建立出以$R$为起点的Dominator Tree. 那么对于每个询问,求出那些点的父亲的LCA,那么答案就是LCA到根路径上 ...
-
jquery extend中
var $=123; <src="jquery.js"> //加载jquery.js的时候 里面有句 _$=window.$,保存123的 //no ...
-
Keywords Search
Keywords Search Time Limit: 2000/1000 MS (Java/Others) Memory Limit: 65536/32768 K (Java/Others) ...
-
i18next-页面层语言国际化js框架介绍
因为工作需要,最近研究了下网站语言国际化的问题,根据当前项目架构,寻求一种较好的解决方案.首先总结下项目中语言切换实现方式大概有以下几种: 1,一种语言一套页面,如:index_CN.html,ind ...
-
解决 Ubuntu 开机 Waiting for 60 seconds more for network configuration
sudo vim /etc/network/interfaces, 将该文件的内容修改为如下:(也就是说删掉其他的什么auto eth0.auto wlan0) auto lo iface lo in ...
-
C# 自定义排序
/// <summary> /// 实体 /// </summary> public class Product { public int ID { get; set; } p ...