What's the rule that users are visible in windows control panel? - windows

I want to list users without WDAGUtilityAccount and other service accounts.
Just like the users list in the Windows Control Panel.
However, both wmic and NetUserEnum(UF_NORMAL_ACCOUNT) will show all users including WDAGUtilityAccount.
By my experience, the users shown in the Control Panel are users under Administrators / Users / Power Users / Guests, but I cannot find a document to prove this.
Is there a rule that filters out the service accounts like WDAGUtilityAccount?
Update:
UF_PASSWD_NOTREQD of NET_DISPLAY_USER that returned byNetQueryDisplayInformation indicates the user is created by control panel (not the users created in computer management), but the flag of Guest and DefaultAccount still makes no difference.
BTW, the SID may be another way to distinguish service account(501+) and normal account(1001+)
https://learn.microsoft.com/en-us/windows/win32/secauthz/well-known-sids

Related

Is it possible to implement user accounts for RStudio?

Is there a possibility to create user accounts for RStudio? Like e.g. for office products users can create accounts with which they are logged in for all office applications. The reason I ask is to see whether it is possible to see and track which users open certain R files (for work space security) and limit access for users to certain files. Thanks in advance!

How can I easily add others to update my G Suite App listing?

I've looked all over the admin console, but can't find where to add other users so that they can edit our listing. Can you please provide a URL/link to where I should navigate?
You may want to check this support page. You can:
assign pre-built roles for performing common business tasks
assign custom roles you create for your organization
assign more than one role to a user to grant all privileges in those roles
Be noted that you must be signed in as a super administrator for this task.
The user typically gets their new privileges within a few minutes. However, it can take up to 24 hours. When they sign in to their account, they arrive at the Admin console dashboard. Here they see the controls allowed by their privileges.
Hope this helps!
I think you want to navigate to this URL while logged in as the app project owner:
https://console.cloud.google.com/iam-admin/iam/project?project=(add your project ID)
And assign roles to different users or groups.
you can use group publishing on the gsuite marketplace:
Set up Group Publishing
You can share ownership of your items in Google Chrome Web Store with other developers by setting up group publishing. With group publishing, you can add developers to a Google Group, who can then act on your behalf. They'll have access to all the items you own and can make any changes to them that you can make.
https://developer.chrome.com/webstore/publish#set-up-group-publishing
(each member of the group should pay the 5$ developer fee though.)
You can configure the group from your webstore dashboard.
https://chrome.google.com/webstore/developer/dashboard

User authentication login error

In my work we have users who access a Web based tool called Microstrategy that serves different reports from different projects. Users are added to various groups in the Developer tool by importing them from the selected domain they are on into a specific group that gives them access to only the project > report they require. Most users come from one main central domain, some others are still on old domains.
I am currently involved with admin on this system and I am experiencing a problem I cannot get to the bottom of. I think they problem lies in no man's land, I don't know if it is a problem with network, domain, or something else?
Most users will be set up with authenticated login, meaning that when they click on the respective link for their report they are logged straight in using their windows credentials.
In this particular case however the user does not seem to be able to login, but can get in by manually typing their username in (username and password) to access.
I'm not sure what the problem is, why it won't authenticate automatically like most of the others do? I don't know if this makes any difference but when I RDP into the machine I cannot see the C drive due to 'admin restrictions on effect on this pc'.
I don't know what this restriction is and if it is a symptom or related to the login problem. Is there a way of fault finding this?
Thanks
Andrew
The answer to this partly depends on the version of MicroStrategy you are using.
Forget about RDP to the server, you won't need that.
Assuming you have access to edit and change users with the Developer tool, open Developer.
In the tree on the left,
open the "project source" (the top level of the tree)
then Administration
then User Manager
then find the user, most likely within one of the groups you have set up
right click on the user and choose Edit
go to the Authentication section
There's a few relevant things here.
Is the user linked to a windows user? (they should be for the access you want)
Is the tickbox ticked "user cannot use standard authentication to logon"
You probably don't want to allow that if the standard at your workplace is auto login

Joomla 3: Permission to manage users and nothing else

I'm developing a Joomla 3 website, where registered users can belong to several groups of interests (music, theater, technology, and so on).
I would like to give permission to my client to edit users by placing them in groups he desired. For example: user 1 can be in music and theater group; user 2 just registered (no group) and user 3 in technology group. Unfortunately the only permission that Joomla 3 allows you to edit users is the Administrator, but if I give this permission to my client, he will be able to edit articles, themes and other features that I do not want it to edit.
How can I create an access level that can manage only users list?
Thank you and sorry about my english.
Create a new group, assign that group only permission for managing users and whatever else you want and assign your users to that group but not admin.
As a short answer, if you don't want you client to be administrator, you can assign him to the manager user-group.
Then go into the Users Manager Component and click the Options button to go into its configuration page.
There you can override the Permissions Settings for the Users Manager component, so the Managers users will be allowed to Access Administration Interface of the component.
You will have the change the respective setting from inherit to allowed.
Of course if needed, you can create a complete custom ACL, with special usergroups for your users that will have certain accessibility and permissions.
But be careful, because ACL sometimes can be confusing and you might end up with a total mess.

Is there anything I can use to mock an AD API for getting a list of users?

I don't need AD for anything more than getting a list of user names. My application uses it's own, custom auth, but it does checks based on the domain username of the logged on user, so the user names in my Users table should match those used by the logged on users.
E.g. For domain user johnblack to access features in my app, the app admin must create a user in my app called johnblack, but when creating this user, the username is a free text field. This allows the app admin to mistakenly create a user called jonblack. I want to make the user name field a dropdown, populated with users from the domain, when the admin adds a new user.
However, the epic saga involved in getting AD running on a VM on my Win 7 Home laptop is just too much overhead for now. Are their any mocks I could use, where my C# code needn't change to switch over to real AD?
Have a look at Active Directory Lightweight Directory Services (AD LDS) - formerly also know as AD/AM (AD Application Mode).
http://msdn.microsoft.com/en-us/library/windows/desktop/aa705886%28v=vs.85%29.aspx
It's a lightweight version of AD, which smells like AD, behaves like AD, but it's a NT service that you can start (and stop) at will, and it doesn't completely take over your machine/server - you can easily disable/uninstall it.

Resources