Check if AD account has "Logon on as a service" right in Active Directory

About

Asked 1/10, 2009 at 19:24 Answered 26/10, 2009 at 17:53

Is it possible to check if an account has "Logon as service" right programatically. I know how to setup and check this manually but I would like to check it from C# code.

I need to check if this right is enabled on domain level, not just on that particular server.

Edit: I am looking to find out if user "Logon on as a service" is defined at domain group policy level.

Lester answered 1/10, 2009 at 19:24 Comment(0)

There's a group policy API but it's designed for C/C++ use. Even if you can find a way to query a group policy using it, you still won't know if that policy is applied to machines - whether or not group policy is applied can be very complicated, involving forcing, blocking and lookbacks.

It might be better if you told us what you've trying to achieve, to see if there's another approach that might be more fruitful.

Orthoepy answered 26/10, 2009 at 17:53 Comment(0)

I think it's per-server, not an AD property at all.

Ion answered 1/10, 2009 at 19:30 Comment(1)

You can, but if there is Group Policy your settings will be overwritten. That's way I need to check if this setting is AD wide. – Lester 1/10, 2009 at 19:36

Check the value of the userAccountControl property, which is effectively a flags enum.

I'm sure of the exact flag for "Log on as a service", but you could test against a known user and the values are defined in the documentation on MSDN

Veld answered 2/10, 2009 at 15:30 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags