9

Is it possible to check if an account has "Logon as service" right programatically. I know how to setup and check this manually but I would like to check it from C# code.

I need to check if this right is enabled on domain level, not just on that particular server.

Edit: I am looking to find out if user "Logon on as a service" is defined at domain group policy level.

Daniel A. White
  • 187,200
  • 47
  • 362
  • 445
Anne
  • 407
  • 2
  • 7
  • 14

3 Answers3

1

There's a group policy API but it's designed for C/C++ use. Even if you can find a way to query a group policy using it, you still won't know if that policy is applied to machines - whether or not group policy is applied can be very complicated, involving forcing, blocking and lookbacks.

It might be better if you told us what you've trying to achieve, to see if there's another approach that might be more fruitful.

serialhobbyist
  • 4,768
  • 5
  • 43
  • 65
0

I think it's per-server, not an AD property at all.

lod3n
  • 2,893
  • 15
  • 16
  • You can, but if there is Group Policy your settings will be overwritten. That's way I need to check if this setting is AD wide. – Anne Oct 01 '09 at 19:36
0

Check the value of the userAccountControl property, which is effectively a flags enum.

I'm sure of the exact flag for "Log on as a service", but you could test against a known user and the values are defined in the documentation on MSDN

Rowland Shaw
  • 37,700
  • 14
  • 97
  • 166