我想知道 userAccountControl 的当前值并确定它处于哪个阶段
参考: http: //support.microsoft.com/kb/305144/en-us
根据上述文档,它应该返回 2 的 N 次幂。
但是当我运行我的 c# 程序时,它为普通帐户返回值 544,为禁用帐户返回 546。我怀疑它们是十进制数字。但是我如何链接回参考中显示的值?
谢谢。
问问题
24962 次
4 回答
40
您可以通过将结果转换为枚举来轻松解码。
int userAccountControlValue = 544;
UserAccountControl userAccountControl = (UserAccountControl) userAccountControlValue;
// This gets a comma separated string of the flag names that apply.
string userAccountControlFlagNames = userAccountControl.ToString();
// This is how you test for an individual flag.
bool isNormalAccount = (userAccountControl & UserAccountControl.NORMAL_ACCOUNT) == UserAccountControl.NORMAL_ACCOUNT;
bool isAccountDisabled = (userAccountControl & UserAccountControl.ACCOUNTDISABLE) == UserAccountControl.ACCOUNTDISABLE;
bool isAccountLockedOut = (userAccountControl & UserAccountControl.LOCKOUT) == UserAccountControl.LOCKOUT;
这是您想要的枚举定义:
/// <summary>
/// Flags that control the behavior of the user account.
/// </summary>
[Flags()]
public enum UserAccountControl : int
{
/// <summary>
/// The logon script is executed.
///</summary>
SCRIPT = 0x00000001,
/// <summary>
/// The user account is disabled.
///</summary>
ACCOUNTDISABLE = 0x00000002,
/// <summary>
/// The home directory is required.
///</summary>
HOMEDIR_REQUIRED = 0x00000008,
/// <summary>
/// The account is currently locked out.
///</summary>
LOCKOUT = 0x00000010,
/// <summary>
/// No password is required.
///</summary>
PASSWD_NOTREQD = 0x00000020,
/// <summary>
/// The user cannot change the password.
///</summary>
/// <remarks>
/// Note: You cannot assign the permission settings of PASSWD_CANT_CHANGE by directly modifying the UserAccountControl attribute.
/// For more information and a code example that shows how to prevent a user from changing the password, see User Cannot Change Password.
// </remarks>
PASSWD_CANT_CHANGE = 0x00000040,
/// <summary>
/// The user can send an encrypted password.
///</summary>
ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000080,
/// <summary>
/// This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not
/// to any domain that trusts this domain. Also known as a local user account.
///</summary>
TEMP_DUPLICATE_ACCOUNT = 0x00000100,
/// <summary>
/// This is a default account type that represents a typical user.
///</summary>
NORMAL_ACCOUNT = 0x00000200,
/// <summary>
/// This is a permit to trust account for a system domain that trusts other domains.
///</summary>
INTERDOMAIN_TRUST_ACCOUNT = 0x00000800,
/// <summary>
/// This is a computer account for a computer that is a member of this domain.
///</summary>
WORKSTATION_TRUST_ACCOUNT = 0x00001000,
/// <summary>
/// This is a computer account for a system backup domain controller that is a member of this domain.
///</summary>
SERVER_TRUST_ACCOUNT = 0x00002000,
/// <summary>
/// Not used.
///</summary>
Unused1 = 0x00004000,
/// <summary>
/// Not used.
///</summary>
Unused2 = 0x00008000,
/// <summary>
/// The password for this account will never expire.
///</summary>
DONT_EXPIRE_PASSWD = 0x00010000,
/// <summary>
/// This is an MNS logon account.
///</summary>
MNS_LOGON_ACCOUNT = 0x00020000,
/// <summary>
/// The user must log on using a smart card.
///</summary>
SMARTCARD_REQUIRED = 0x00040000,
/// <summary>
/// The service account (user or computer account), under which a service runs, is trusted for Kerberos delegation. Any such service
/// can impersonate a client requesting the service.
///</summary>
TRUSTED_FOR_DELEGATION = 0x00080000,
/// <summary>
/// The security context of the user will not be delegated to a service even if the service account is set as trusted for Kerberos delegation.
///</summary>
NOT_DELEGATED = 0x00100000,
/// <summary>
/// Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
///</summary>
USE_DES_KEY_ONLY = 0x00200000,
/// <summary>
/// This account does not require Kerberos pre-authentication for logon.
///</summary>
DONT_REQUIRE_PREAUTH = 0x00400000,
/// <summary>
/// The user password has expired. This flag is created by the system using data from the Pwd-Last-Set attribute and the domain policy.
///</summary>
PASSWORD_EXPIRED = 0x00800000,
/// <summary>
/// The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be strictly
/// controlled. This setting enables a service running under the account to assume a client identity and authenticate as that user to
/// other remote servers on the network.
///</summary>
TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x01000000,
/// <summary>
///
/// </summary>
PARTIAL_SECRETS_ACCOUNT = 0x04000000,
/// <summary>
///
/// </summary>
USE_AES_KEYS = 0x08000000
}
于 2012-04-19T16:19:14.860 回答
5
它是一个位图。一个字中的每一位要么为 ON,要么为 OFF(0 或 1)。它并不是一个真正的数字,它更像是一排开关,每个开关都打开或关闭。操作系统在内部使用它们,因为它们可以通过将它们与位掩码进行逻辑比较来非常快速地操作它们。
属性的 LDIF 表示可以将结果显示为十进制数(相当于如果它是一个数字将由掩码表示的二进制数 - 它不是真的!)而且它很容易解码,因为基本上它通过将 2 的一些幂加在一起制成。
例如:
512 = normal account
514 = 512 + 2 = normal account, disabled
546 = 512 + 32 + 2 = normal account, disabled, no password required
2080 = 2048 + 32 = Interdomain trust, no password required
66048 = 65536 + 512 = normal account. password never expires
66050 = 65536 + 512 + 2 = normal account. password never expires, disabled
66080 = 65536 + 512 + 32 = normal account. password never expires, no password required
于 2013-06-18T15:50:40.933 回答
1
- 544 = 十六进制 0x220
- 546 = 十六进制 0x222
根据此处的列表,这意味着:
0x200 = normal account
0x020 = passwd_notreqd = password not required
0x002 = account disabled
所以
- 值 544(十进制)是
0x220十六进制,表示:普通帐户,不需要密码 - 值 546(十进制)是
0x222十六进制,表示:普通帐户、禁用、不需要密码
于 2012-04-19T16:04:44.263 回答
0
Python function to decode Active Directory userAccountControl.
define a dictionary with all the defined combination. (ref. Microsoft)
uac_decode_dict = {"0x0001": "SCRIPT", "0x0002": "ACCOUNTDISABLE", "0x0008": "HOMEDIR_REQUIRED", "0x0010": "LOCKOUT", "0x0020": "PASSWD_NOTREQD", "0x0040": "PASSWD_CANT_CHANGE", "0x0080": "ENCRYPTED_TEXT_PWD_ALLOWED", "0x0100": "TEMP_DUPLICATE_ACCOUNT", "0x0200": "NORMAL_ACCOUNT", "0x0800": "INTERDOMAIN_TRUST_ACCOUNT", "0x1000": "WORKSTATION_TRUST_ACCOUNT", "0x2000": "SERVER_TRUST_ACCOUNT", "0x10000": "DONT_EXPIRE_PASSWORD", "0x20000": "MNS_LOGON_ACCOUNT", "0x40000": "SMARTCARD_REQUIRED", "0x80000": "TRUSTED_FOR_DELEGATION", "0x100000": "NOT_DELEGATED", "0x200000": "USE_DES_KEY_ONLY", "0x400000": "DONT_REQ_PREAUTH", "0x800000": "PASSWORD_EXPIRED", "0x1000000": "TRUSTED_TO_AUTH_FOR_DELEGATION", "0x04000000": "PARTIAL_SECRETS_ACCOUNT"}define a function to decode the UAC value
def decode_uac(_uac): # # Decode the userAccountControl value. # global uac_decode_dict _translatedUAC = "" _hex_uac = hex(_uac) _hu_work = _hex_uac[2:] _x = 0 for _hu in _hu_work[::-1]: _x += 1 _hu_tmp = "" if _hu != "0": _hu_tmp = _hu.ljust(_x, "0") if len(_hu_tmp) <= 3: _hu_tmp = "".ljust(4 - _x, "0") + _hu_tmp _hu_key = r"0x" + _hu_tmp if _hu_key in uac_decode_dict.keys(): if _translatedUAC == "": _translatedUAC += uac_decode_dict[_hu_key] else: _translatedUAC += " - " + uac_decode_dict[_hu_key] else: print("Invalid userAccountControl key: " + str(_hu_key) + ". Values dec: " + str(_uac) + " hex: " + _hex_uac) _translatedUAC += " - Error " return _translatedUACcall the function passing the userAccountControl as an Integer
result = decode_uac(int(_userAccountControl))
于 2021-10-03T11:06:52.743 回答