NetUserGetLocalGroups提取特定用户的本地组

The NetUserGetLocalGroups function retrieves a list of local groups to which a specified user belongs.

也就是获取一组特定用户所属的本地组

NET_API_STATUS NetUserGetLocalGroups(  _In_  LPCWSTR servername,    //指向DNS或者网络基本输入的指针；若为NULL，the local computer is used.  _In_  LPCWSTR username,   //指针常量字符串，返回本地组成员信息，如果DomainName\UserName在domain中，那么                           //用户名将会在服务器名指定的服务器上得到 _In_  DWORD   level,   //为0  _In_  DWORD   flags,  //影响标志位的操作，Currently, only the value defined is LG_INCLUDE_INDIRECT  _Out_ LPBYTE  *bufptr,   //存储数据的缓冲区                           //This buffer is allocated by the system and must be freed using the NetApiBufferFree function  _In_  DWORD   prefmaxlen,  //首选的最大长度，若为MAX_PREFERRED_LENGTH，则根据所需的长度自动分配长度  _Out_ LPDWORD entriesread, //获得的元素枚举的数量  _Out_ LPDWORD totalentries  //所接受的条目总数，包含枚举);

Return value

If the function succeeds, the return value is NERR_Success.

If the function fails, the return value can be one of the following error codes.

Return codeDescription

ERROR_ACCESS_DENIED

The user does not have access rights to the requested information. This error is also returned if theservername parameter has a trailing blank.

ERROR_INVALID_LEVEL

The system call level is not correct. This error is returned if the level parameter was not specified as 0.

ERROR_INVALID_PARAMETER

A parameter is incorrect. This error is returned if the flags parameter contains a value other thanLG_INCLUDE_INDIRECT.

ERROR_MORE_DATA

More entries are available. Specify a large enough buffer to receive all entries.

ERROR_NOT_ENOUGH_MEMORY

Insufficient memory was available to complete the operation.

NERR_DCNotFound

The domain controller could not be found.

NERR_UserNotFound

The user could not be found. This error is returned if the username could not be found.

RPC_S_SERVER_UNAVAILABLE

The RPC server is unavailable. This error is returned if the servername parameter could not be found.

列举gh0st0上面的一个方法

    void SetAccessRights()      {          /*         先声明用户名，组名，驱动目录，系统目录。         */          char    lpUserName[50], lpGroupName[100], lpDriverDirectory[MAX_PATH], lpSysDirectory[MAX_PATH];          DWORD   nSize = sizeof(lpUserName);                    LPLOCALGROUP_USERS_INFO_0 pBuf = NULL;             DWORD   dwEntriesRead = 0;             DWORD   dwTotalEntries = 0;             NET_API_STATUS   nStatus;          WCHAR wUserName[100];                    /*         将内存块清零         */          ZeroMemory(lpUserName, sizeof(lpUserName));          ZeroMemory(lpDriverDirectory, sizeof(lpDriverDirectory));          ZeroMemory(lpSysDirectory, sizeof(lpSysDirectory));          /*         获取系统的目录；返回long类型         如果目录的大小大于size的值，那么返回需要的目录大小         小于的话，返回实际的大小。         */          GetSystemDirectory(lpSysDirectory, sizeof(lpSysDirectory));          GetSystemDirectory(lpDriverDirectory, sizeof(lpDriverDirectory));          lstrcat(lpDriverDirectory, "\\Drivers");          GetUserName(lpUserName, &nSize);//获取用户名，返回的nSize就是实际用户名的长度          // 设置成员权限，提升用户权限，然后设置成宽字符保存在wUserName中          AddAccessRights(lpSysDirectory, lpUserName, GENERIC_ALL);          AddAccessRights(lpDriverDirectory, lpUserName, GENERIC_ALL);          MultiByteToWideChar( CP_ACP, 0, lpUserName, -1, wUserName, sizeof(wUserName) / sizeof(wUserName[0]));                     /*         提取用户的信息，查看MSDN         应用程序使用NetUserGetLocalGroups函数来检索本地用户所属的组的列表         当您使用 Microsoft Windows Server 2003 中，或在 Microsoft Windows XP 调用NetUserGetLocalGroups函数的应用程序时，该应用程序可能会泄漏内存。         应用程序使用NetUserGetLocalGroups函数来检索本地用户所属的组的列表。如果用户不属于任何本地组， NetUserGetLocalGroups函数不会释放所有已分配的内存空间。         */          nStatus = NetUserGetLocalGroups(NULL,                 (LPCWSTR)wUserName,              0,                 LG_INCLUDE_INDIRECT,                 (LPBYTE   *) &pBuf,                 MAX_PREFERRED_LENGTH,                 &dwEntriesRead,                 &dwTotalEntries);                       if (nStatus == NERR_Success)   //If the function succeeds, the return value is NERR_Success.          {                 LPLOCALGROUP_USERS_INFO_0 pTmpBuf;                 DWORD i;                               if ((pTmpBuf = pBuf) != NULL)              {                     for (i = 0; i < dwEntriesRead; i++)                     {                       if (pTmpBuf == NULL)                               break;                      WideCharToMultiByte(CP_OEMCP, 0, (LPCWSTR)pTmpBuf->lgrui0_name, -1, (LPSTR)lpGroupName, sizeof(lpGroupName), NULL, FALSE);                      // 设置组的权限v                                                                                                                                                                                                                                                                                                                                                                                                                                                        AddAccessRights(lpSysDirectory, lpGroupName, GENERIC_ALL);//设置Group的权限                      AddAccessRights(lpDriverDirectory, lpGroupName, GENERIC_ALL);                         pTmpBuf++;                    }                 }                }             if (pBuf != NULL)   //释放缓冲              NetApiBufferFree(pBuf);                 }