Public LSA_UNICODE_STRING AuthenticationPackage
Private struct SECURITY_LOGON_SESSION_DATA Private static extern uint LsaGetLogonSessionData( IntPtr luid, ( out UInt64 LogonSessionCount, out IntPtr LogonSessionList) Private static extern uint LsaEnumerateLogonSessions Private static extern uint LsaFreeReturnBuffer( IntPtr buffer) Below are the interop declarations required. However, you will need to explicitly marshal most of the data out of the SECURITY_LOGON_SESSION_DATA struct to retrieve useful information. Most of the interop declarations are straight forward. For each LUID, a call to LsaGetLogonSessionData will enable the extraction of all the login session information into the SECURITY_LOGON_SESSION_DATA struct.
You need to iterate through and marshal this array to get access to the LUIDs. This returns a pointer to an array of LUIDs, or locally unique identifiers. To get a list of all the current unique logins on a machine, LSA provides the LsaEnumerateLogonSessions function. NET doesn't provide a simple way to interact with LSA, so you have to Interop with the LSA functions directly to enumerate user sessions and extract data. LSA maintains a range of information, including usernames, domain information, login times, the authentication package used, SIDs and terminal services session information. At times you may want to determine what users are logged onto a machine, be it local, remote or system service accounts. LSA is responsible for account validation, management of local security policy, auditing, maintaining sessions and the generation of tokens for login and impersonation. Learn more about EventLog Analyzer.The Local Security Authority, or LSA, has been included in the Windows operating systems since Windows 2000. The alerts help you be the first to know when anything goes wrong on your terminal servers. The reports are easy to understand and offer a quicker way of analyzing your terminal server logs and identifying events of interest.
0 kommentar(er)
