How to open LSA API on Win2k in order to determine if a computer is member of domain

[Nick Dakoronias]

Hello Microsoft Security forum readers,

I would appreciate if someone could advise how to use Local Security
Authority (LSA) API on Win2000 SP4 Server
in order to determine if the specific computer is a member of a domain, a
member of a workgroup, or a stand-alone computer.
The input I have so far, is that I need to follow these steps:
1. Open the Policy object of the local computer by using
LsaOpenPolicy.

2. Use LsaQueryInformationPolicy to retrieve domain information.
3. Check the value of the security identifier (SID) field.
If the value is NULL, the computer is either a stand-alone computer or
part of a workgroup.
If the Name field points to a string that matches the local workstation
name, the computer is a stand-alone computer.
Otherwise, the Name field points to the workgroup name.
4. If the SID pointer has a value, the computer is part of a domain. The
domain name is stored in the Name field.

Do these steps above refer on Local security policy -> Security options ?
If this is the case which is the setting for SID?

Many thanks in advance for your time and support.

Regards, Nick
ITS Athens

 

[jwgoerlich]

Hello Nick,

This looks like a lot of work to get the computer's domain. There are
more direct methods in .Net and scripting. What language are you
writing in?

J Wolfgang Goerlich

 

[Nick Dakoronias]

Hello Wolfrag,
Pls let me clarify the following:
I am not a developer or programmer (at least for a long time).
I just receive a security vulnerabilty notification from my company's
security team that alerted me to fix it.
We have such periodical scan reports in our company.
The issue is how to resolve this..
Is there any clear article or step by step guidance?

Thanks in advance for your time and support
]Nick

 

[jwgoerlich]

I use the following VBScript to get the domain information. It prints
this two ways: the Windows NT domain name and the longer fully
qualified domain name. To test, copy the text below into a file such
as whatdomain.vbs. Double-click whatdomain.vbs, and it will display
the domain name in message boxes.

'--------------------------------------------------------------------------------
Set objSysInfo = CreateObject("ADSystemInfo")
domain = objSysInfo.DomainShortName
MsgBox "WinNT://" + domain
MsgBox objSysInfo.DomainDNSName
'--------------------------------------------------------------------------------

For auditing purposes, you might edit this to write output to a file
or a report. Look to Microsoft's web site and the "Hey Scripting Guy"
articles to provide more information on scripting.

Regards,

J Wolfgang Goerlich

Hello Wolfgang,
Pls let me clarify the following:
I am not a developer or programmer (at least for a long time).
I just receive a security vulnerabilty notification from my company's
security team that alerted me to fix it.
We have such periodical scan reports in our company.
The issue is how to resolve this..
Is there any clear article or step by step guidance?

Thanks in advance for your time and support
]Nick

Hello Nick,

This looks like a lot of work to get the computer's domain. There are
more direct methods in .Net and scripting. What language are you
writing in?

J Wolfgang Goerlich

- Show quoted text -