var pGroups: PTOKEN_GROUPS;
// The number of TOKEN_GROUPS we're going to insert
MaxGroups := 2;
// Reserve memory for MaxGroups numbur of PTOKEN_GROUPS
pGroups := PTOKEN_GROUPS(GlobalAlloc(GPTR, sizeof(_SID_AND_ATTRIBUTES) * MaxGroups));
pGroups^.GroupCount := MaxGroups;
// Get and open Token from CurrentProcess
if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, hToken))
then
begin
// Get the Logon Sid and it to the LocalGroups parameter of LsaLogonUser
// The Logon Sid has the form S-1-5-5-XXXXXXXX-YYYYYYYY
// We need it to obtain access to the user's desktop
GetLogonSid(hToken, pGroups^.Groups[0].Sid);
pGroups^.Groups[0].Attributes := SE_GROUP_MANDATORY
or
SE_GROUP_ENABLED
or
SE_GROUP_ENABLED_BY_DEFAULT
or
SE_GROUP_LOGON_ID;
// Cleanup
CloseHandle(hToken);
end;
// Now get the Administrator's SID
dwSizeSid := 0;
dwSizeDomain := 0;
bRes := LookupAccountName(
nil, '
Administrator',
nil, dwSizeSid,
nil, dwSizeDomain, SidType);
if (
not bRes)
and (GetLastError = ERROR_INSUFFICIENT_BUFFER)
then
begin
// Reserve memory
AdminSid := AllocMem(dwSizeSid);
SetLength(Domain, dwSizeDomain);
// Lookup Sid from Accountname
// Assuming that the Admin account has not been renamed!
bRes := LookUpAccountName(
nil, '
Administrator', AdminSid, dwSizeSid, PChar(Domain), dwSizeDomain, SidType);
if not bRes
then
begin
// Cleanup
FreeMem(AdminSid);
AdminSid :=
nil;
end;
end
else begin
RaiseLastOSError;
end;
ShowMessageFmt('
Administrator Sid: %s, Domain: %s', [SidToStr(AdminSid), Domain]);
// Add the Administrator's sid to pGroups
pGroups^.Groups[MaxGroups -1].Sid := AdminSid;
pGroups^.Groups[MaxGroups -1].Attributes := SE_GROUP_MANDATORY
or
SE_GROUP_ENABLED
or
SE_GROUP_ENABLED_BY_DEFAULT;