RemoteInteractive, // A terminal server session that is both remote // and interactive.ĬachedInteractive, // Attempt to use the cached credentials without // going out across the network.ĬachedRemoteInteractive, // Same as RemoteInteractive, except used // internally for auditing purposes.ĬachedUnlock // The logon is an attempt to unlock a workstation. NewCredentials, // Allows the caller to clone its current token and // specify new credentials for outbound connections. NetworkCleartext, // The logon is a network logon with cleartext // credentials. Unlock, // The logon is an attempt to unlock a workstation.
Service, // The logon is for a service account. Network, // The security principal is logging using a // network.īatch, // The logon is for a batch process. Interactive = 2, // The security principal is logging on // interactively. Public LSA_UNICODE_STRING AuthenticationPackage Private struct SECURITY_LOGON_SESSION_DATA Private static extern uint LsaGetLogonSessionData( IntPtr luid, ( out UInt64 LogonSessionCount, out IntPtr LogonSessionList) Private static extern uint LsaEnumerateLogonSessions Private static extern uint LsaFreeReturnBuffer( IntPtr buffer) Below are the interop declarations required. However, you will need to explicitly marshal most of the data out of the SECURITY_LOGON_SESSION_DATA struct to retrieve useful information. Most of the interop declarations are straight forward. For each LUID, a call to LsaGetLogonSessionData will enable the extraction of all the login session information into the SECURITY_LOGON_SESSION_DATA struct. You need to iterate through and marshal this array to get access to the LUIDs. This returns a pointer to an array of LUIDs, or locally unique identifiers. To get a list of all the current unique logins on a machine, LSA provides the LsaEnumerateLogonSessions function. NET doesn't provide a simple way to interact with LSA, so you have to Interop with the LSA functions directly to enumerate user sessions and extract data. LSA maintains a range of information, including usernames, domain information, login times, the authentication package used, SIDs and terminal services session information. At times you may want to determine what users are logged onto a machine, be it local, remote or system service accounts. LSA is responsible for account validation, management of local security policy, auditing, maintaining sessions and the generation of tokens for login and impersonation.
The Local Security Authority, or LSA, has been included in the Windows operating systems since Windows 2000.
0 kommentar(er)
