|
-
Nov 9th, 2007, 04:37 AM
#1
Thread Starter
Fanatic Member
[Not Resolved] Local Security Settings
Hmm... about 2 weeks ago i posted a problem when trying to change a setting in the Local Security Settings.
The thread can be found Here.
So far i have tried everything to be able to edit it.
I've even downloaded RegMon and watched the registry hoping to find the registry setting that was changed when the Security Policy was applied.
But to no success =(.
I pretty much want to add "Interactive" to "Administrative Tools \ Local Security Settings > Security Settings \ Local Policies \ User Rights Assignment. > Force shutdown from a remote system"
I have tried using WMI, but then i'd have to download and install it onto every computer that i wanted to run this program from.
Is there any other way to change the Local Security Policy?
Last edited by Slyke; Nov 11th, 2007 at 04:49 AM.
-
Nov 9th, 2007, 04:43 AM
#2
Re: Local Security Settings
Like I had posted in the other thread, not all settings are registry settings for GPOs. WMI is on systems unless the net admin has a GPO disabling it. If you are going to be distributing your app then it shouldnt be much of an issue to ad WMI.
VB/Office Guru™ (AKA: Gangsta Yoda™ ®)
I dont answer coding questions via PM. Please post a thread in the appropriate forum. 
Microsoft MVP 2006-2011
Office Development FAQ (C#, VB.NET, VB 6, VBA)
Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
If a post has helped you then Please Rate it! 
• Reps & Rating Posts • VS.NET on Vista • Multiple .NET Framework Versions • Office Primary Interop Assemblies • VB/Office Guru™ Word SpellChecker™.NET • VB/Office Guru™ Word SpellChecker™ VB6 • VB.NET Attributes Ex. • Outlook Global Address List • API Viewer utility • .NET API Viewer Utility •
System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6 
-
Nov 9th, 2007, 06:17 AM
#3
Thread Starter
Fanatic Member
Re: Local Security Settings
Yeah, i believed you, but i decided to check any way.
To be honest with you. I don't know much about WMI, I learn as i go, i thought it was some SDK download from windows (saw something like this when i was searching for stuff about it), but i was wrong. It's already on all machines. Saw it when i was messing around with the admin accounts on the LAN also. Nahh it won't be disabled, since it's over my LAN, and over a few mates (We use Hamachi VPN).
I truly don't understand how to use it and I've been looking for ages. Nothing seems to make sense.
I checked the website that you gave me, but i didn't understand the code. Like it was saying that it had added 2 scripts to the startup or shutdown, but i didn't understand how it knew where the paths were or anything.
Any way, I'm just trying to figure out how to make changes to the Local Security Policy.
-
Nov 9th, 2007, 09:39 AM
#4
Thread Starter
Fanatic Member
Re: Local Security Settings
I found this:
1. Open the policy on the target machine with LsaOpenPolicy(). To grant privileges, open the policy with POLICY_CREATE_ACCOUNT and POLICY_LOOKUP_NAMES access. To revoke privileges, open the policy with POLICY_LOOKUP_NAMES access.
2. Obtain a SID (security identifier) representing the user/group of interest. The LookupAccountName() and LsaLookupNames() APIs can obtain a SID from an account name.
3. Call LsaAddAccountRights() to grant privileges to the user(s) represented by the supplied SID.
4. Call LsaRemoveAccountRights() to revoke privileges from the user(s) represented by the supplied SID.
5. Close the policy with LsaClose().
Private Declare Function LsaOpenPolicy Lib "Advapi32.dll" (ByRef Sname As String, ByRef ObjName As LSA_OBJECT_ATTRIBUTES, POLICY_VIEW_LOCAL_INFORMATION, PHandle As LSA_HANDLE) As Long
That's the best i can get. I haven't been able to find any examples or get that API call working. I'm hoping it's the correct one. I have however found that a lot of people also couldn't get it working too!
-
Nov 9th, 2007, 11:51 AM
#5
Re: Local Security Settings
VB/Office Guru™ (AKA: Gangsta Yoda™ ®)
I dont answer coding questions via PM. Please post a thread in the appropriate forum. 
Microsoft MVP 2006-2011
Office Development FAQ (C#, VB.NET, VB 6, VBA)
Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
If a post has helped you then Please Rate it! 
• Reps & Rating Posts • VS.NET on Vista • Multiple .NET Framework Versions • Office Primary Interop Assemblies • VB/Office Guru™ Word SpellChecker™.NET • VB/Office Guru™ Word SpellChecker™ VB6 • VB.NET Attributes Ex. • Outlook Global Address List • API Viewer utility • .NET API Viewer Utility •
System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6 
-
Nov 10th, 2007, 12:11 AM
#6
Thread Starter
Fanatic Member
Re: Local Security Settings
RobDog888, trying to work it out, but have come to a problem; With the ACCESS_MASK i'm trying to put This into something VB can understand, but my attempts aren't working. If you could show an example on how to convet one i'll be able to do the rest. It's written in C++ and i don't know it very well.
#define DELETE (0x00010000L)
#define READ_CONTROL (0x00020000L)
#define WRITE_DAC (0x00040000L)
#define WRITE_OWNER (0x00080000L)
#define SYNCHRONIZE (0x00100000L)
#define STANDARD_RIGHTS_REQUIRED (0x000F0000L)
#define STANDARD_RIGHTS_READ (READ_CONTROL)
#define STANDARD_RIGHTS_WRITE (READ_CONTROL)
#define STANDARD_RIGHTS_EXECUTE (READ_CONTROL)
#define STANDARD_RIGHTS_ALL (0x001F0000L)
#define SPECIFIC_RIGHTS_ALL (0x0000FFFFL)
Also, have no idea what to do with PHandle (LSAHandle), is this where "Force shutdown from a remote system" goes? It's asking for a pointer... as far as i know, they are only used in memory of running programs to point to another memory location.
Last edited by Slyke; Nov 10th, 2007 at 12:20 AM.
-
Nov 10th, 2007, 05:52 AM
#7
Thread Starter
Fanatic Member
Re: Local Security Settings
Code:
Const DELETE = &H10000
Const READ_CONTROL = &H20000
Const WRITE_DAC = &H40000
Const WRITE_OWNER = &H80000
Const SYNCHRONIZE = &H100000
Const STANDARD_RIGHTS_REQUIRED = &HF0000
Const STANDARD_RIGHTS_READ = READ_CONTROL
Const STANDARD_RIGHTS_WRITE = READ_CONTROL
Const STANDARD_RIGHTS_EXECUTE = READ_CONTROL
Const STANDARD_RIGHTS_ALL = &H1F0000
Const SPECIFIC_RIGHTS_ALL = &HFFFF
Ok, i think that's how it's done, but i can't test it as i haven't got the API figured out yet!
I still need help with the PHandle bit =(.
Once i get this, i use the LsaSetInformationPolicy API.
Also, how is this using WMI? I don't think WMI has much to do with it...
Last edited by Slyke; Nov 10th, 2007 at 06:31 AM.
-
Nov 11th, 2007, 12:12 AM
#8
Thread Starter
Fanatic Member
Re: Local Security Settings
Ok, so far i have this:
Code:
Private Declare Function LsaOpenPolicy Lib "advapi32.dll" (ByRef Sname As String, ByRef ObjName As Long, POLICY_VIEW_LOCAL_INFORMATION, PHandle As Long) As Long
Private Declare Function LsaSetInformationPolicy Lib "advapi32.dll" (ByVal PolicyHandle As Long, ByVal PolicyInformationClass As POLICY_INFORMATION_CLASS, varBuffer As Long) As Long
Private Declare Function LsaClose Lib "advapi32.dll" (PolicyHandle As Long) As Long
Private Enum POLICY_INFORMATION_CLASS
PolicyAuditLogInformation = 1
PolicyAuditEventsInformation
PolicyPrimaryDomainInformation
PolicyPdAccountInformation
PolicyAccountDomainInformation
PolicyLsaServerRoleInformation
PolicyReplicaSourceInformation
PolicyDefaultQuotaInformation
PolicyModificationInformation
PolicyAuditFullSetInformation
PolicyAuditFullQueryInformation
PolicyDnsDomainInformation = 12
End Enum
Const DELETE = &H10000
Const READ_CONTROL = &H20000
Const WRITE_DAC = &H40000
Const WRITE_OWNER = &H80000
Const SYNCHRONIZE = &H100000
Const STANDARD_RIGHTS_REQUIRED = &HF0000
Const STANDARD_RIGHTS_READ = READ_CONTROL
Const STANDARD_RIGHTS_WRITE = READ_CONTROL
Const STANDARD_RIGHTS_EXECUTE = READ_CONTROL
Const STANDARD_RIGHTS_ALL = &H1F0000
Const SPECIFIC_RIGHTS_ALL = &HFFFF
Public Function OpenHandle(Optional TheHandle As Integer = 0)
OpenHandle = LsaOpenPolicy(0&, 0&, SPECIFIC_RIGHTS_ALL, TheHandle)
End Function
Public Function SetPolicy(Optional TheHandle As Integer = 0)
SetPolicy = LsaSetInformationPolicy(TheHandle, PolicyModificationInformation, 1024)
End Function
Public Function CloseHandle(Optional TheHandle As Integer = 0)
CloseHandle = LsaClose(TheHandle)
End Function
I need to know how to find the handle that i want! Also, i don't know if I've even done it right. I get some massive number when getting the return value of LsaOpenPolicy and very small values when checking some of the properties of POLICY_INFORMATION_CLASS, but i don't know what they mean. The values are like 7 and 5 and that.
Also with LsaSetInformationPolicy, what buffer should be used? I just put 1024 to be safe...
-
Nov 11th, 2007, 01:33 AM
#9
Re: Local Security Settings
SE_REMOTE_SHUTDOWN_NAME
TEXT("SeRemoteShutdownPrivilege")
Required to shut down a system using a network request.
User Right: Force shutdown from a remote system.
i found this script that seems to get into the area you are after
Code:
DIM config_manager
DIM admin_role
' *******************************************************************
' Create and initialize a ConfigurationManager object.
SUB InitObject()
CALL WScript.Echo( "Create ConfigurationManager object...")
SET config_manager = CreateObject _
("Microsoft.RightsManagementServices.Admin.ConfigurationManager")
CheckError()
CALL WScript.Echo( "Initialize...")
admin_role=config_manager.Initialize(false,"localhost",80,"","","")
CheckError()
END SUB
' *******************************************************************
' Add user rights to the template.
SUB AddRights()
DIM template_manager
DIM templateColl
DIM templateObj
' Retrieve the RightsTemplatePolicy object.
SET template_manager = config_manager.RightsTemplatePolicy
CheckError()
' Retrieve the rights template collection.
SET templateColl = template_manager.RightsTemplateCollection
CheckError()
' Retrieve the first template in the collection.
SET templateObj = template_manager.RightsTemplateCollection.Item(0)
CheckError()
' Add rights information.
SET rights = CreateObject( _
"Microsoft.RightsManagementServices.Admin.UserRightsItem")
rights.UserId = "[email protected]"
''Now API add dependency rights if user does not do so
rights.WellKnownRights = _
config_manager.Constants.TemplateRightExtract + _
config_manager.Constants.TemplateRightPrint + _
config_manager.Constants.TemplateRightForward
rights.CustomRights.Add("CUSTOMRIGHTA")
rights.CustomRights.Add("CUSTOMRIGHTB")
Err.Clear()
templateObj.UserRightsItems.Add( rights )
CheckError()
' Update the templates on the server.
template_manager.RightsTemplateCollection.Update( templateObj )
CheckError()
END SUB
' *******************************************************************
' Error checking function.
FUNCTION CheckError()
CheckError = Err.number
IF Err.number <> 0 THEN
CALL WScript.Echo( vbTab & "*****Error Number: " _
& Err.number _
& " Desc:" _
& Err.Description _
& "*****")
WScript.StdErr.Write(Err.Description)
WScript.Quit( Err.number )
END IF
END FUNCTION
' *******************************************************************
' Generate a runtime error.
SUB RaiseError(errId, desc)
CALL Err.Raise( errId, "", desc )
CheckError()
END SUB
but i can't test
i do my best to test code works before i post it, but sometimes am unable to do so for some reason, and usually say so if this is the case.
Note code snippets posted are just that and do not include error handling that is required in real world applications, but avoid On Error Resume Next
dim all variables as required as often i have done so elsewhere in my code but only posted the relevant part
come back and mark your original post as resolved if your problem is fixed
pete
-
Nov 11th, 2007, 02:31 AM
#10
Thread Starter
Fanatic Member
Re: Local Security Settings
With the AddRights Function I get an error on this line:
The error is "Object Required".
Code:
Sub AddRights()
Dim template_manager
Dim templateColl
Dim templateObj
' Retrieve the RightsTemplatePolicy object.
Set template_manager = config_manager.RightsTemplatePolicy
'CheckError()
' Retrieve the rights template collection.
Set templateColl = template_manager.RightsTemplateCollection 'I'm sure the same error would happen here too.
'CheckError()
' Retrieve the first template in the collection.
Set templateObj = template_manager.RightsTemplateCollection.Item(0)
'CheckError()
' Add rights information.
Set rights = CreateObject( _
"Microsoft.RightsManagementServices.Admin.UserRightsItem")
rights.UserId = "[email protected]"
''Now API add dependency rights if user does not do so
rights.WellKnownRights = _
config_manager.Constants.TemplateRightExtract + _
config_manager.Constants.TemplateRightPrint + _
config_manager.Constants.TemplateRightForward
rights.CustomRights.Add ("CUSTOMRIGHTA")
rights.CustomRights.Add ("CUSTOMRIGHTB")
'Err.Clear()
templateObj.UserRightsItems.Add (rights)
'CheckError()
' Update the templates on the server.
template_manager.RightsTemplateCollection.Update (templateObj)
'CheckError()
End Sub
I get the same error in the InitObject Function, but on this line:
Code:
Sub InitObject()
Call WScript.Echo("Create ConfigurationManager object...")
Set config_manager = CreateObject _
("Microsoft.RightsManagementServices.Admin.ConfigurationManager")
'CheckError()
Call WScript.Echo("Initialize...")
admin_role = config_manager.Initialize(False, "localhost", 80, "", "", "")
'CheckError()
End Sub
-
Nov 11th, 2007, 03:50 AM
#11
Re: Local Security Settings
the second is only message boxes, you can comment them out or change to msgbox but that sub needs to run first to create the configuration manager object, the subs could be combined, putting the init object code before the other, in VB6 you can change the declares for those to objects or whatever is appropriate
i do my best to test code works before i post it, but sometimes am unable to do so for some reason, and usually say so if this is the case.
Note code snippets posted are just that and do not include error handling that is required in real world applications, but avoid On Error Resume Next
dim all variables as required as often i have done so elsewhere in my code but only posted the relevant part
come back and mark your original post as resolved if your problem is fixed
pete
-
Nov 11th, 2007, 03:57 AM
#12
Thread Starter
Fanatic Member
Re: Local Security Settings
Code:
Sub InitObject()
'Call WScript.Echo("Create ConfigurationManager object...")
Set config_manager = CreateObject _
("Microsoft.RightsManagementServices.Admin.ConfigurationManager")
'CheckError()
'Call WScript.Echo("Initialize...")
admin_role = config_manager.Initialize(False, "localhost", 80, "", "", "")
'CheckError()
End Sub
I get the error "ActiveX Component can't create object".
=S, never seen that one before.
Last edited by Slyke; Nov 11th, 2007 at 04:09 AM.
-
Nov 11th, 2007, 04:08 AM
#13
Re: Local Security Settings
it is out of my depth at this point, but i would guess it would only run on a server with active directory
i do my best to test code works before i post it, but sometimes am unable to do so for some reason, and usually say so if this is the case.
Note code snippets posted are just that and do not include error handling that is required in real world applications, but avoid On Error Resume Next
dim all variables as required as often i have done so elsewhere in my code but only posted the relevant part
come back and mark your original post as resolved if your problem is fixed
pete
-
Nov 11th, 2007, 04:10 AM
#14
Thread Starter
Fanatic Member
Re: Local Security Settings
Hmmm... there must be a way to do it in XP Professional. RobDog888 seemed to know it, but i think he wanted me to find it out, which i can't do.
Just wondering... where did you find that code?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|