Determining if a user is authenticated in an AD domain in current Windows session

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Vunerabililities of the NTP protocol? I have a secured network with no outside access of anykind. I would like to have the DC in this network, time sync with an ethernet timeserver (Spectracom 9188 NTP Ethernet timeserver) on my other network. I am planning to do this at the routing level by only allowing the DC on the secured network access to only the timeserver, and further restricting it so that only the NTP protocol can get through the port going either direction. While I know nothing is 100% secure, is there anyway that a virus or malicious code could get through only with the NTP protocol allowed? Thanks, Will Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43588
  - 2
    - security update 819696 Hi All, The above security update has been installed on my pc every day for the last 4 days and the update service tells me that it is still a required update. Is this a problem with my pc or the update? Many thanks for assistance Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43585
  - 3
    - info on directory security Hi to all. I don't know if this is the right newsgroup. In my factory, i have a NT4 domain and ona a w2k server i have the File server for my users. In this situation i must sett the security on the directory on the file server from the primary domain controller (an NT4 server). Is there a program or an grafical interface thar allows me to do the same think without to make che changes all the times for each directory, or to see the interactive security of this moment? Thanx Daniele my e-mail address is daniele.rossi@bucherhydraulics.com Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43584
  - 4
    - Rundll When logging on i get"Error loading EGDHTML-1027.dll system cannot find file specified"What do I do? Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43583
  - 5
    - ipsec through pptp Hi I'm wondering is it possible to run ipsec through pptp tunnel? Thanks in advance. Alex Hammer Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43581
  - 6
    - Disk Cleanup Stalling For several days now my computer will not run Disk Cleanup. It just stalls and according to Task Manager it is using 99 cpu or 100% of the memory. Also I can only stop it from running by stopping the cleanmgr.exe process in Task Manager (just closing the Disk Cleanup window doesn't do it). I've taken all the steps recommended by E-Machines to free resources and tune-up my computer, but nothing has helped this problem. Any suggestions what's wrong and how to fix it? Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43578
  - 7
    - Stolen Identity I received word from someone on my contact list for MSN Messenger that someone contacted them, pretending to be me. I know who this person is, and they apparently have taken a very similar email address to mine, and used it to obtain my account information from MSN. I would like to be contacted immediately to discuss this further, as I may have to take legal action. Please advise the proper channel I need to take to persue this. Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43572
  - 8
    - How to download and register the AtiveX control from internet for User account? I have COM component and this need to be used in HTML file and hence need to be downloaded and registered at client machine. To achieve this I have created the INF file and compressed the COM and INF file in single CAB file. INF file structure is: [COM.dll] file-win32-x86=thiscab clsid={CLSID:D3BEF9B9-F7B5-4C24-B247-32257F37FDB6} FileVersion=1,0,0,0 RegisterServer=yes I am refencing the CAB file as follow. <BODY><OBJECT CLASSID="CLSID:D3BEF9B9-F7B5-4C24-B247-32257F37FDB6" CODEBASE="COM.CAB#version=1,0,0,0"></OBJECT></BODY> I have signed the CAB file using test certificate. With this I am able to download and register the dll at client machine when client logged in as Administrator. But when client logged in as User the COM dll does not download and register. Is there any way client can download and register the COM dll even if he logged in as User? Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43569
  - 9
    - Can't get to secure websites Hi, a friend cleaned up my hard drive and installed Windows 2000. I can't log on to my secure sites such as Electric Company etc. to pay bills like I did before she cleaned it up. Do you you why? Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43564
  - 10
    - Security Update 823559 Every day I get a Security Update message to update my Windows 98 with 823559. When I look at my installation history, it says I have successfully downloaded it 8 times from Oct 10 to Dec 8. I could turn off the automatic update, but whenever I do it manually I get the same message. How can I have my security updates recognize that I already downloaded 823559? Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43562
  - 11
    - AccessCheck problem Hi all, I have a program that determines a user's permissions from the ACL of a file using the 'AccessCheck' API call. This works fine on all of the platforms except Windows 2003 server, where I'm having a strange problem. The AccessCheck call is failing for users that are members of the built-in 'Administrators' group. If I remove the user from the Administrators group the call is successful. I cannot see why this is happening. I've never had this problem before - this is code that hasn't changed since 1999. Any help would be much appreciated. Many thanks, Jamie Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43559
  - 12
    - Accont Security policy Sorry if this is the wrong group. Let me know if I should be somehwere else. I'm currently in a single W2K domain model. If I add a domain to my forest, can I apply different account restrictions on any user objects I create in the new domain? Or am I forced to take the policy from the root domain? E.G. mydomain.com is set to 10 failed attempts, 30 miute lock out, 9 character passwords, max age of 60 days I want to create childdomain.mydomain.com with 3 failed attemps, 60 minute lockout, 12 character complex password. TIA Darren Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43555
  - 13
    - Forgot my password I have not used my Outlook Express in such a long time I can't remember my password, program wil not let me in. Keep getting error. Want to just delete entire program and start again. Program can with my computer 2 years ago. Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43552
  - 14
    - HotSync message I keep getting a weird message: Selected Por, com1, is not available. HotSync Manager will open port when available. Any ideas what this is? Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43550
  - 15
    - need to change th secret question and password My email address is zafar_89@hotmail.com My secret question was what is my favourit colour? But some one must have found the answer because it is a diferent question now which i am 100% sure and how can this happen. I did have problem on one of the website where some one manage to loged in as my user name so he must have found the password and i normaly use the same password which i have changed it. But i forgot to change the question as you can see there are only few colours so it is very easy to find the answer. So please I need help as I can't log in and don't know the answer of the question to change the password. Thanks zafar Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43547
  - 16
    - Can't Install SQL Server 2k on Window XP Pro I have Window XP Pro installed on my machine. I am trying to install SQL Server 2000 Standard Edition but it tells me that it will only install client tools. And when I proceed I cannot access the local server to create databases Why is this happening Can any one help. I am very desperate Here are the kind of things I get when I try to connect to Local 1. Local is not know to be runnin 2. A connection could not be established to loca 3. Reason : SQL server does not exist or access denied Thanks Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43544
  - 17
    - Firewall My firewall program keeps sending alert messages to me, about once every 30 minutes. I tried to track the problem but cannot get the visual tracking to work. How can I tell what is an actual attack and what is harmless? The firewall is keeping the trojan backdoor "bug" out, but is really annoying. Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43543
  - 18
    - Smart Card and CAPICOM Hello, I'm trying to sign something with a smartcard throw capicom 2.0.0.3. How this can be done? I'have tryed this syntiax but the error "The system cannot find the file specified" is thrown if the smartcard is in the reader. CAPICOM.StoreClass oStore = new CAPICOM.StoreClass(); oStore.Open(CAPICOM.CAPICOM_STORE_LOCATION.CAPICOM_SMART_CARD_USER_STORE, "", CAPICOM.CAPICOM_STORE_OPEN_MODE.CAPICOM_STORE_OPEN_READ_ONLY); I know that capicom is obsolete but this is a production project that work fine with certificates. Thank you Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43541
  - 19
    - clearing homepage list I need to know how to clear out the drop down list on the "home page" tab in my Internet Explorer. No matter what I do it keeps jumping back to some address it must have picked up while browsing the net. It has saved like 50 links in the hom,epage tab, clearing cookies and Temp. files does not work. Pleez help. Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43540
  - 20
    - windows xp how advise a virus? Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43533
  - 21
    - Internet Explorer Restriction "Always Prompt on Download" Im using windows xp professional and as of yesterday prompting before downloading certain files does not occur any more. The file automatically saves itself to temporary folder and opens. This causes a concern for security. Are there any fixes available?? Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43532
  - 22
    - Internet Access I have several 2K sp4 boxes that the public has access to. The computers need access to my network, but I dont want them to have internet access. Does anyone have a simple solution for this. Thank you, Steve Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43529
  - 23
    - Security updates KB824146 keeps automatically downloading OK. I then hit install, all looks fine. In my download history the fix shows up as failed. The next time I log on download starts all over again, and this process repeats itself. Any ideas much appreciated. Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43528
  - 24
    - ActiveX Controls - Security Settings When I visit certain web sites on the internet. I get a Microsoft Internet Explorer prompt that says the following: "Your current security settings prohibit running ActiveX controls on this page. As a result, this page my not display correctly." How do I fix this? Thanks Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43526
  - 25
    - Norton Shared folder?? I recently uninstalled norton antivirus 2001,and I still have a norton shared folder Is it safe to delete I'm using windows ME Thanks Mike Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43525
- Next
  - 1
    - Surrender Administrator Account Hi guys, I need some opinion on this: Recently we are doing some security audits and my boss wants us to surrender our Domain Administrator Account and password to a locked safe. Other than the System Administration, joining of PC / server to domain, etc, how can I convince my boss that it is better for us System Adminstrator to keep the account and password to ourselves? Regards. Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43518
  - 2
    - firewall or port problem PPLLLEEEAAASSSEE help me, i am trying to stream audio and i keep getting a message when i try to comunicate the audio to the server saying: <01/12/04@01:10:26> [yp_add] yp.shoutcast.com gave extended error (Cannot see your station/computer (IP: 80.58.20.235:8001) from the Internet, disable Internet Sharing/NAT/firewall/ISP cache (Connection timed out)) I have my windows XP firewall disabled so can you please point me in the rigfht direction to sorting this im soooo frustrated thanks love jenny Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43516
  - 3
    - Firewall issue I have setup ICS for both of my pc (xp and 98)is up and running fine but at the expense of disabling firewall (zonealarm) at the host machine, only then can the client machine access the network. Is there any setting I could change so that both pc could get connected without disabling firewall. For your info, I'm using NIC for both machines and is not using any router or hub, cos is just a simple setup. Another thing is whenever I boot up my pc, I will get a prompt for Zonealarm which go like this "ZA is waiting for true vector to intialize, cancel?" Any idea why am I having this prompt? (previously it doesn't) Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43512
  - 4
    - Ports used for Logining and domain Traffic What ports are used for a DC to DC communications and is there a document that lists them out I have a FW and need to have to servers talk to each other accros the FW and need to know which ports to have open Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43506
  - 5
    - TCPIP Port Communication When using IP does all communication go over the same ports......? eg When a SMTP connection is established on port 25 , does all communication happen on this one port ? What happens when another connection comes in doesn this also communicated over 25 similar to ftp on 21 the initial connection is on 25 and then does all communication happen on this port ? Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43498
  - 6
    - Setting of firewall I have set up ICS for both of my pc, (xp and 98)inorder to get it work, I have to disable firewall (ZA) Is there any setting I could change in ZA so that both machine can connect and get protected at the same time? Another thing is nowasday, whenever I boot up my pc, I will get a prompt from the firewall (ZA) "Za is waiting for true vector to initialize, cancel?" Any idea why is it doing so? Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43497
  - 7
    - policy or security setting ? Is there a way to allow domain users(or local IT) to have the ability to configure an IP address in circumstances without giving the users full access to the computer. Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43491
  - 8
    - Point32.exe ver 4.10.0851.0 attempting internet access on Windows 98 After I installed a firewall I began getting warnings that this program was attempting to access the intenet. I have been refusing to allow access because it is a mouse program and I can't fathom any reason that it would need that access. Also, without the firewall, I have never had any indication from the program that it was making outside access. Therefore, I am concerned that this program, which seems to be from Microsoft according to its 'Properties', has somehow been infected with some sort of virus. A search of the Microsoft.com knowledge base does not return any information to suggest that this is normal behaviour for this program. Is it? If it is normal, what is it doing and why? Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43487
  - 9
    - Phone Is it possible for my PC to dial a number without me knowing? My phone bill shows two calls to Chile that I know nothing about. Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43486
  - 10
    - AVG Antivirus--Help, Which one of the many versions ? Need to get some help in this area as I am not familiar with the AVG product line and am trying out the free download which does seem to work well, I am running it along with Spybot 2.5 and it has picked up a few things that Spybot missed. However... I am a bit lost after digging thru the FAQ's on AVG's homepage and was wondering if someone here could help me out or aim me in the right direction ! I am currently running the AVG Antivirus that I downloaded about 2 weeks ago and is Version 6.0.560 (release date of 09-02-03) Virus Database=352, release date of: 01-08-04. What I am curious about is when I go to the info pages for AVG, it lists AVG 7.0 Anti-Virus System and no mention of the Version 6 that I have and it also lists a AVG Professional Single Edition Do I have the latest version ? I have the free version running on my laptop which is running Windows 98SE and it works very well, however as soon as I can get the correct drivers for the system, I am going to Upgrade it to Windows XP Professional. Soon after that I will be selling the notebook (after I remove AVG) and going with a new notebook that currently has Windows XP Professional on, but I will be upgrading it to Windows Server 2003 Premium Version. In reading the write ups on the products, it sounds like I do not actually want the AVG Professional as it does not run on Server 2003 and as far as I can tell, I would want the "AVG File Server Edition - maximum protection for file servers" OR perhaps I need the "AVG Email Server Edition" For 90% of what I do, I use Outlook Express Version 6.0.2800 (latest Version) with Internet Explorer 6.0.2800. Sometimes I will use Outlook 2002 and will be going to Outlook 2003 when I change to Windows XP Professional and Windows Server 2003. However I will not be running Server 2003 Premium in a real server mode as at this point am just testing the software. So..the question is, what version ? In advance, thanks !! -- Tedd Riggs PDA Square Content Developer www.pdasquare.com Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43485
  - 11
    - editor I cannot remove this editor "AmeCSAex" from C: whenever I delte file I shows up again. What can I do? Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43484
  - 12
    - spyware I downloaded a free spy checker and the program highlighted a registry entry as follows: Search Ex Acrol E Helpr A and the comment was Registry ....threat to my secuity...severe. So I clicked on a button that was to fix the spyware...however, the message I received was that I would have to buy the full retail version of the spyware scanner....so I did not buy the software...however, I did a search by using the Find Files option and found the file in question was referenced in 856 files...so my question? Does anybody out there know what this file is and what it does? Or, is it possible that the actual maker of the software downloaded a dummy file that does nothing but take up space..but just shows up on their spy scan of the computer so as to scare you into buying their spy protection service? My knowledge of any programming is somewhat limited...and basically just a point and click Windows junkie..so am I being put on by a spyware scam scanner? Greg Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43476
  - 13
    - Hard Drives Can I install Windows 2000 Professional on two separate hard drives in one computer and use them separately? Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43475
  - 14
    - 2 Hard Drives Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43474
  - 15
    - NT 4.0 Server and XP OS internet access only I have a situation with a client where a 1st floor location has 3 pc that were removed from router access via mac address exclusion. They need a forth one to connect only to the internet. I can setup another PC and lock it out of the NT 4.0 network but the problem is these employees problably know the password for the volunteer users in the upstairs office and that would by pass login protection settings to keep them off the network. I need a PC locked down only accessing the internet so I they can go anywhere on the net and not but the network in harms way. I was wondering if XP pro OS has any features that would lock the system down to only getting onto the net and not allow any other password logins. Thanks for any help. Martin Stone TurnKey Computer Solutions Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43473
  - 16
    - User account abuse MSN Messenger Hi, My brother is not very computer literate and has found that his MSN Messenger account has be compromisd. The Specific user we have not been able to track as yet but we would like to be able to find out how to find the TCP/IP address for the abusing user. Many Thanks in Advance. Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43466
  - 17
    - Open Email Relay/Proxy I have been alerted bt BT that my Internet account is being used to host an Open/Email Relay/proxy causing spam/unsolicited emails. I have a static IP address for my broadband account. BT are threatening to suspend the account unless I can take corrective action. I cannot find the solution or cause and I have not reconfigured my server software. Any ideas? Thank you Neil Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43460
  - 18
    - Problem with accessing saved files after using a restore point! Hi, I have restored my XP environment to the first system restore point. XP automatically saved the previous user account information. In the Admin account I created, before moving back to the restore point, are still some important emails I want to retrieve. However XP doesn't allow me access to these folders, even under the system admininstrator account. Does anyone ahve an idea on how to bypass this "access denied" problem? Thanks, Marcus Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43459
  - 19
    - "Always ask before opening this type of file"option? when i download certain files, that always appear. well yesterday i think i unchecked that box by accident when i was trying to cancel the download. now the problem is it will not show up and is opening files directly everytime. i tried to find the sercurity or what ever option enables it. ... well i never found it... where is that option? how do i get it back or reset it? ... there must be a way right? Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43458
  - 20
    - Outlook express file attachments I have Outlook Express 6. I recently downloaded the latest Microsoft updates, and now I cannot open any e-mails with attachments. I get a message that says "OE removed access to the following unsafe attachments in your mail." This is for all attachments, even ones I know are safe. How can I disable this feature? Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43448
  - 21
    - Malicious script Some web sites are redirecting internet explorer to the page http://best-porn-guide.com/iframe.html, which contains a script that install software without notification. Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43444
  - 22
    - Net Meeting Security Hello, If you can instruct me on how to secure my net meeting access. The probple is anyone can access my net meeting that uses my computer? I owuld like a log on to be required and I know it can be however I dont know how to set it to require a log on. Please respond to me via email. Suprasaud@hotmail.com Nick Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43443
  - 23
    - Surrendering Administrator Account? Hi guys, I would like to have some opinion on this. Recently we are doing some security audit and my boss said that we should surrender our Domain Administrator ID and keep the password in a safe. Other than using Domain Administrator to join PC /servers to domain, performing administrative tasks, etc, how can I convince my boss that it is essential for System Administrator like us to be responsible and keep the Domain Adminstrator account and password to ourselves? Hear from you guys soon! Best Regards. Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43440
  - 24
    - Windows security updates notice As soon as I got online today, a Windows Messenger message popped up, stating I needed to click on the enclosed link to download a security fix--something about a winpatch.net-something-or-other. Do you send security notices via Windows Messenger? I'm not familiar with Win. MSNGR. cause I've never received messages from it before this PC I recently got (I have AOL.) And the few I've gotten on here were from people I don't know--one was an ad; two were from the same person (same gender as me)on different days saying that a friend of mine (doesn't give name)says I'm cool. Well, I'm 50, married with 2 grown kids--so I doubt that! I just closed all these messages including the "security" one today. I did a search for it on MSN's security site, which found nothing--'course I couldn't remember the whole name accurately. Yesterday I had to reinstall Win XP and everything else that came with this PC after it crashed (couldn't get it to do a recovery--something about an NDRLT file missing), and I re-acquired Automatic Update but it wasn't til today that it's stating I need to get a lot of updates (which I do recognize from the 1st time.) It didn't start showing this til AFTER I got and closed the Win Mssgr. message. I just checked the Updates list and there's nothing on it about winpatch.net-whatever. I'm confused, so please email me a reply ASAP, and also tell me what I should acquire from the website that will be able to decipher the genuineness of something for me. Thank you. Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43436
  - 25
    - Am I being hacked? For the second time in a week, I am locked out of .NET Passport because of too many sign-in attempts with incorrect passwords. What worries me is that I haven't made any sign-in attempts prior to the one that told me I am locked out (same as the event earlier this week). What might be causing this? If someone is trying to hack my sign-in, what steps should I take? Thanks in advance for any help. Tag: Determining if a user is authenticated in an AD domain in current Windows session Tag: 43432

Hi,

I would like to develop a Visual C++ application which will allow my users
to enter it directly without login screen in case the user has already
logged on into a AD domain. I believe this is called: "single sign-on".

The requirements for authentication module are:
a. a user is identified by "domain/username" and "password" strings.
b. application imports in own database a list of users from AD which are
allowed to enter the application.
c. if the user is already authenticated (logged on to a domain) in Windows
and the user is allowed to enter the application, my application should not
prompt for password.
d. if the user is not logged on in a Windows domain (for example if he uses
local computer log on), my application should detect this and then prompt
for "domain/username" and "password". Credentials are validated first
against own database and afterwards they will be checked in supplied AD
domain. If both steps are successful, then the user can start the
application.

What are your opinions regarding the steps detailed above? Is this a logical
way to see things?

And now my most stringent questions ...
1. Using C++, how do I detect if current user is logged on, then if he is
logged on in
a Windows domain?
2. Can I rely on some information supplied by Windows about current user in
order to be sure that the user is not faking access? For example, can obtain
from OS current credentials (without entering again or passing passwords)
and validate them in AD?

I would like to do something similar to what MS SQL Server does with
authentication and security for an operating system user. I mean if my login
is designated to use Windows user, then SQL Server does not prompts for
credentials.

Thanks very much!
Robert