LocalSystem cannot enumerate domains on Windows Vista

05-28-2007

Hi.

I develop an application that needs to show the user a list of the
visible domain names in a organization. This used to be done with the
paif of functions WNetOpenEnum()/WNetEnumResource(). Up to Windows 2k3
these functions effectively allowed the program, running as
LocalSystem, to retrieve the list of domains, but with Windows Vista,
WNetOpenEnum() fails miserably with error code 1312:

bool CSelectComputerNetwork::EnumDomains(NETRESOURCE* pnr,
vector<CNETRESOURCE>& vecnrDomains)
{
HANDLE handle = NULL;
DWORD dwResult = ::WNetOpenEnum(RESOURCE_GLOBALNET,
RESOURCETYPE_ANY,
0,
pnr,
&handle);

if (dwResult == NO_ERROR)
{
NETRESOURCE nr, *pnrChildrenResource = new
NETRESOURCE[BUFSIZE];

DWORD dwRequested = -1;
DWORD& dwGotten = dwRequested;

DWORD dwBufSize = sizeof(NETRESOURCE) * BUFSIZE;

dwResult = ::WNetEnumResource(handle, &dwRequested,
pnrChildrenResource, &dwBufSize);

if (dwResult == NO_ERROR)
{
for (int i = 0; i < dwGotten; ++i)
{
if (pnrChildrenResource[i].dwDisplayType ==
RESOURCEDISPLAYTYPE_DOMAIN)
{
vecnrDomains.push_back(pnrChildrenResource[i]);
}
else
{
memcpy(&nr, &pnrChildrenResource[i],
sizeof(NETRESOURCE));
if (!EnumDomains(&nr, vecnrDomains))
{
delete[] pnrChildrenResource;
::WNetCloseEnum(handle);
return false;
}
}
}

delete[] pnrChildrenResource;
return (::WNetCloseEnum(handle) == NO_ERROR) ? true :
false;
}
else if (dwResult == ERROR_NO_MORE_ITEMS)
{
delete[] pnrChildrenResource;
return (::WNetCloseEnum(handle) == NO_ERROR) ? true :
false;
}
else//WNetEnumResource(_) failed
{
_ASSERTE(FALSE);
delete[] pnrChildrenResource;
::WNetCloseEnum(handle);
return false;
}

}
else//WNetOpenEnum(_) failed
{
_ASSERTE(FALSE);
return false;
}
}

Notice that if this code is run as Administrator, it works just fine;
however, this is not an option since that could give the program too
much power and can open security holes. I was wondering if there's a
local security police that I could tweak so that the LocalSystem user
or my program is allowed to enumerate the domains.

Thanks in advanced.

Omar Estrada

05-28-2007	#1 (permalink)
omar.estrada@gmail.com Guest n/a posts	LocalSystem cannot enumerate domains on Windows Vista Hi. I develop an application that needs to show the user a list of the visible domain names in a organization. This used to be done with the paif of functions WNetOpenEnum()/WNetEnumResource(). Up to Windows 2k3 these functions effectively allowed the program, running as LocalSystem, to retrieve the list of domains, but with Windows Vista, WNetOpenEnum() fails miserably with error code 1312: bool CSelectComputerNetwork::EnumDomains(NETRESOURCE* pnr, vector<CNETRESOURCE>& vecnrDomains) { HANDLE handle = NULL; DWORD dwResult = ::WNetOpenEnum(RESOURCE_GLOBALNET, RESOURCETYPE_ANY, 0, pnr, &handle); if (dwResult == NO_ERROR) { NETRESOURCE nr, pnrChildrenResource = new NETRESOURCE[BUFSIZE]; DWORD dwRequested = -1; DWORD& dwGotten = dwRequested; DWORD dwBufSize = sizeof(NETRESOURCE) BUFSIZE; dwResult = ::WNetEnumResource(handle, &dwRequested, pnrChildrenResource, &dwBufSize); if (dwResult == NO_ERROR) { for (int i = 0; i < dwGotten; ++i) { if (pnrChildrenResource[i].dwDisplayType == RESOURCEDISPLAYTYPE_DOMAIN) { vecnrDomains.push_back(pnrChildrenResource[i]); } else { memcpy(&nr, &pnrChildrenResource[i], sizeof(NETRESOURCE)); if (!EnumDomains(&nr, vecnrDomains)) { delete[] pnrChildrenResource; ::WNetCloseEnum(handle); return false; } } } delete[] pnrChildrenResource; return (::WNetCloseEnum(handle) == NO_ERROR) ? true : false; } else if (dwResult == ERROR_NO_MORE_ITEMS) { delete[] pnrChildrenResource; return (::WNetCloseEnum(handle) == NO_ERROR) ? true : false; } else//WNetEnumResource(_) failed { _ASSERTE(FALSE); delete[] pnrChildrenResource; ::WNetCloseEnum(handle); return false; } } else//WNetOpenEnum(_) failed { _ASSERTE(FALSE); return false; } } Notice that if this code is run as Administrator, it works just fine; however, this is not an option since that could give the program too much power and can open security holes. I was wondering if there's a local security police that I could tweak so that the LocalSystem user or my program is allowed to enumerate the domains. Thanks in advanced. Omar Estrada
My System Specs

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Vista For Domains	Create Share	Vista General	3	03-30-2008 06:11 AM
Windows Defender vs. Lavasoft's AdWatch = domains intersect?	nweissma	Vista General	1	02-16-2008 09:02 AM
Error ? What the solution ? I'm using windows live custom domains - mail accounts	Marcio Costa - BCBIT Consultoria de Negocios e TI	Vista mail	1	05-13-2007 04:45 PM
How to enumerate serial ports under vista?	Fred Hebert	Vista General	0	03-13-2007 08:30 PM
Vista on Domains	Martin	Vista networking & sharing	18	06-30-2006 04:27 PM