userAccountControlの現在の値を知り、それがどの段階にあるかを判断したい
参照: http ://support.microsoft.com/kb/305144/en-us
上記のドキュメントによると、2のN乗の値を返す必要があります。
しかし、c#プログラムを実行すると、通常のアカウントの場合は544、無効なアカウントの場合は546の値が返されます。10進数だと思います。しかし、リファレンスに示されているように、どのように値にリンクすることができますか?
ありがとう。
24962 次
4 に答える
40
結果を列挙型に変換することで、これを簡単にデコードできます。
int userAccountControlValue = 544;
UserAccountControl userAccountControl = (UserAccountControl) userAccountControlValue;
// This gets a comma separated string of the flag names that apply.
string userAccountControlFlagNames = userAccountControl.ToString();
// This is how you test for an individual flag.
bool isNormalAccount = (userAccountControl & UserAccountControl.NORMAL_ACCOUNT) == UserAccountControl.NORMAL_ACCOUNT;
bool isAccountDisabled = (userAccountControl & UserAccountControl.ACCOUNTDISABLE) == UserAccountControl.ACCOUNTDISABLE;
bool isAccountLockedOut = (userAccountControl & UserAccountControl.LOCKOUT) == UserAccountControl.LOCKOUT;
必要な列挙定義は次のとおりです。
/// <summary>
/// Flags that control the behavior of the user account.
/// </summary>
[Flags()]
public enum UserAccountControl : int
{
/// <summary>
/// The logon script is executed.
///</summary>
SCRIPT = 0x00000001,
/// <summary>
/// The user account is disabled.
///</summary>
ACCOUNTDISABLE = 0x00000002,
/// <summary>
/// The home directory is required.
///</summary>
HOMEDIR_REQUIRED = 0x00000008,
/// <summary>
/// The account is currently locked out.
///</summary>
LOCKOUT = 0x00000010,
/// <summary>
/// No password is required.
///</summary>
PASSWD_NOTREQD = 0x00000020,
/// <summary>
/// The user cannot change the password.
///</summary>
/// <remarks>
/// Note: You cannot assign the permission settings of PASSWD_CANT_CHANGE by directly modifying the UserAccountControl attribute.
/// For more information and a code example that shows how to prevent a user from changing the password, see User Cannot Change Password.
// </remarks>
PASSWD_CANT_CHANGE = 0x00000040,
/// <summary>
/// The user can send an encrypted password.
///</summary>
ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000080,
/// <summary>
/// This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not
/// to any domain that trusts this domain. Also known as a local user account.
///</summary>
TEMP_DUPLICATE_ACCOUNT = 0x00000100,
/// <summary>
/// This is a default account type that represents a typical user.
///</summary>
NORMAL_ACCOUNT = 0x00000200,
/// <summary>
/// This is a permit to trust account for a system domain that trusts other domains.
///</summary>
INTERDOMAIN_TRUST_ACCOUNT = 0x00000800,
/// <summary>
/// This is a computer account for a computer that is a member of this domain.
///</summary>
WORKSTATION_TRUST_ACCOUNT = 0x00001000,
/// <summary>
/// This is a computer account for a system backup domain controller that is a member of this domain.
///</summary>
SERVER_TRUST_ACCOUNT = 0x00002000,
/// <summary>
/// Not used.
///</summary>
Unused1 = 0x00004000,
/// <summary>
/// Not used.
///</summary>
Unused2 = 0x00008000,
/// <summary>
/// The password for this account will never expire.
///</summary>
DONT_EXPIRE_PASSWD = 0x00010000,
/// <summary>
/// This is an MNS logon account.
///</summary>
MNS_LOGON_ACCOUNT = 0x00020000,
/// <summary>
/// The user must log on using a smart card.
///</summary>
SMARTCARD_REQUIRED = 0x00040000,
/// <summary>
/// The service account (user or computer account), under which a service runs, is trusted for Kerberos delegation. Any such service
/// can impersonate a client requesting the service.
///</summary>
TRUSTED_FOR_DELEGATION = 0x00080000,
/// <summary>
/// The security context of the user will not be delegated to a service even if the service account is set as trusted for Kerberos delegation.
///</summary>
NOT_DELEGATED = 0x00100000,
/// <summary>
/// Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
///</summary>
USE_DES_KEY_ONLY = 0x00200000,
/// <summary>
/// This account does not require Kerberos pre-authentication for logon.
///</summary>
DONT_REQUIRE_PREAUTH = 0x00400000,
/// <summary>
/// The user password has expired. This flag is created by the system using data from the Pwd-Last-Set attribute and the domain policy.
///</summary>
PASSWORD_EXPIRED = 0x00800000,
/// <summary>
/// The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be strictly
/// controlled. This setting enables a service running under the account to assume a client identity and authenticate as that user to
/// other remote servers on the network.
///</summary>
TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x01000000,
/// <summary>
///
/// </summary>
PARTIAL_SECRETS_ACCOUNT = 0x04000000,
/// <summary>
///
/// </summary>
USE_AES_KEYS = 0x08000000
}
于 2012-04-19T16:19:14.860 に答える
5
そのビットマップ。ワードの各ビットは、ON または OFF (0 または 1) のいずれかです。それは実際には数字ではなく、それぞれがオンまたはオフのスイッチの列のようなものです。オペレーティング システムは、それらをビットマスクと論理的に比較することで非常に迅速に操作できるため、これらを内部的に使用します。
属性の LDIF 表現は、結果を 10 進数として表示できます (マスクが数値の場合、マスクによって表される 2 進数に相当します。実際にはそうではありません!)。いくつかの 2 の累乗を足して作られます。
例えば:
512 = normal account
514 = 512 + 2 = normal account, disabled
546 = 512 + 32 + 2 = normal account, disabled, no password required
2080 = 2048 + 32 = Interdomain trust, no password required
66048 = 65536 + 512 = normal account. password never expires
66050 = 65536 + 512 + 2 = normal account. password never expires, disabled
66080 = 65536 + 512 + 32 = normal account. password never expires, no password required
于 2013-06-18T15:50:40.933 に答える
1
- 544 = 16 進 0x220
- 546 = 16 進 0x222
このリストによると、これは次のことを意味します。
0x200 = normal account
0x020 = passwd_notreqd = password not required
0x002 = account disabled
そう
- 値 544 (10 進数) は16 進数で、通常のアカウント、パスワードは不要である
0x220ことを意味します。 - 値 546 (10 進数) は16 進数で、通常のアカウント、無効、パスワード不要
0x222を意味します
于 2012-04-19T16:04:44.263 に答える