Use
//--------------------------------------------------------------------
//
// DisplayLocalLogons
//
// Scans the HKEY_USERS key of the specified computer to see who
// has their profile loaded. Returns true if someone is logged on.
//
//--------------------------------------------------------------------
BOOLEAN DisplayLocalLogons( LPWSTR ServerName, LPWSTR UserName )
{
BOOLEAN first = TRUE;
TCHAR errorMessage[1024];
TCHAR userName[MAX_NAME_STRING], domainName[MAX_NAME_STRING];
TCHAR subKeyName[MAX_PATH];
DWORD subKeyNameSize, index;
DWORD userNameSize, domainNameSize;
FILETIME lastWriteTime;
HKEY usersKey;
PSID sid;
SID_NAME_USE sidType;
SID_IDENTIFIER_AUTHORITY authority;
BYTE subAuthorityCount;
DWORD authorityVal, revision;
DWORD subAuthorityVal[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
//
// Use RegConnectRegistry so that we work with remote computers
//
if( ServerName ) {
wprintf(L"Connecting to Registry of %s...", ServerName );
fflush( stdout );
if( RegConnectRegistry( ServerName, HKEY_USERS, &usersKey ) != ERROR_SUCCESS) {
wprintf(L"\r \r");
wprintf( L"Error opening HKEY_USERS for %s\n", ServerName );
return FALSE;
}
wprintf(L"\r \r");
} else {
if( RegOpenKey( HKEY_USERS, NULL, &usersKey ) != ERROR_SUCCESS ) {
wprintf( errorMessage, L"Error opening HKEY_USERS" );
PrintWin32Error( errorMessage, GetLastError() );
return FALSE;
}
}
//
// Enumerate keys under HKEY_USERS
//
index = 0;
subKeyNameSize = sizeof( subKeyName );
while( RegEnumKeyEx( usersKey, index, subKeyName, &subKeyNameSize,
NULL, NULL, NULL, &lastWriteTime ) == ERROR_SUCCESS ) {
//
// Ignore the default subkey and win2K user class subkeys
//
if( wcsicmp( subKeyName, L".default" ) &&
!wcsstr( subKeyName, L"Classes")) {
//
// Convert the textual SID into a binary SID
//
subAuthorityCount= swscanf( subKeyName, L"S-%d-%x-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu",
&revision, &authorityVal,
&subAuthorityVal[0],
&subAuthorityVal[1],
&subAuthorityVal[2],
&subAuthorityVal[3],
&subAuthorityVal[4],
&subAuthorityVal[5],
&subAuthorityVal[6],
&subAuthorityVal[7] );
if( subAuthorityCount >= 3 ) {
subAuthorityCount -= 2;
//
// Note: we can only deal with authority values
// of 4 bytes in length
//
authority.Value[5] = *(PBYTE) &authorityVal;
authority.Value[4] = *((PBYTE) &authorityVal+1);
authority.Value[3] = *((PBYTE) &authorityVal+2);
authority.Value[2] = *((PBYTE) &authorityVal+3);
authority.Value[1] = 0;
authority.Value[0] = 0;
//
// Initialize variables for subsequent operations
//
sid = NULL;
userNameSize = MAX_NAME_STRING;
domainNameSize = MAX_NAME_STRING;
if( AllocateAndInitializeSid( &authority,
subAuthorityCount,
subAuthorityVal[0],
subAuthorityVal[1],
subAuthorityVal[2],
subAuthorityVal[3],
subAuthorityVal[4],
subAuthorityVal[5],
subAuthorityVal[6],
subAuthorityVal[7],
&sid )) {
//
// We can finally lookup the account name
//
if( LookupAccountSid( ServerName,
sid,
userName,
&userNameSize,
domainName,
&domainNameSize,
&sidType )) {
//
// We've successfully looked up the user name
//
if( first && !UserName ) {
wprintf(L"Users logged on locally:\n");
first = FALSE;
}
if( !UserName || !wcsicmp( UserName, userName )) {
first = FALSE;
if( UserName ) wprintf(RESETLINE L"%s\\%s logged onto %s locally.\n",
domainName, UserName, ServerName );
else wprintf( L" %s\\%s\n", domainName, userName );
}
}
}
if( sid ) FreeSid( sid );
}
}
subKeyNameSize = sizeof( subKeyName );
index++;
}
RegCloseKey( usersKey );
if( first && !UserName ) wprintf(L"No one is logged on locally.\n");
return !first;
}
