Hi,
My environment is Windows NT 4.0. I am successful in locking out an user account programatically using NetUserSetInfo and USER_INFO_1 data structure from a regular application. But using the same code I am not able to do the same in a COM component.
I am using the same user id for both the applications.

Any thoughts ??

Thanks in advance,
Kumar.

Originally posted by ktalinki
Hi,
My environment is Windows NT 4.0. I am successful in locking out an user account programatically using NetUserSetInfo and USER_INFO_1 data structure from a regular application. But using the same code I am not able to do the same in a COM component.
I am using the same user id for both the applications.

Any thoughts ??

Thanks in advance,
Kumar.

What is the value of NET_API_STATUS that is returned?

In both the cases it is 0 (NERR_Success).

Originally posted by ktalinki
In both the cases it is 0 (NERR_Success).

Hmm. Tell me more about your COM component. I can't think of a reason off the top of my head, or the bottom of my head for that matter. I guess code posting is out of order?

This is the piece of code I am using

*******************************
szUserName is user name in WCHAR string

err = NetUserGetInfo(NULL,szUserName, 1, (LPBYTE*)&uInfo);
if(bLock) // Lock the user
{
if(uInfo->usri1_flags & UF_LOCKOUT)
goto CleanUp;
uInfo->usri1_flags |= UF_LOCKOUT;
}
else //Unlock user
{
if(!(uInfo->usri1_flags & UF_LOCKOUT))
goto CleanUp;
uInfo->usri1_flags &= ~UF_LOCKOUT;
}

err = NetUserSetInfo(NULL, szUserName, 1, (LPBYTE)uInfo, &dwErrParamInd);
***********************************
What kind of details you would like to know about the COM Component?

Thanks,
Kumar

Thanks for the replys.

I figured out that NetUserSetInfo's working is bit falky, it successfully locks the user some times and some times doesn't, but returns success(0) code all the time.

Using NetUserSetInfo, I was able to lock the user account in the following scenarios
For some time after the unclocking the user acct, which is locked out because of number of invalid log in attempts is over.
After restarting the machine.


Any thoughts ??

Thanks
Kumar Talinki

Originally posted by ktalinki
Thanks for the replys.

I figured out that NetUserSetInfo's working is bit falky, it successfully locks the user some times and some times doesn't, but returns success(0) code all the time.

Using NetUserSetInfo, I was able to lock the user account in the following scenarios
For some time after the unclocking the user acct, which is locked out because of number of invalid log in attempts is over.
After restarting the machine.


Any thoughts ??

Thanks
Kumar Talinki

Yep, I don't think you can use UF_LOCKOUT to lock out the account. So that makes sense why it works sometimes and not, such as unlocking the account would work, and proabably some failed logon attempts from ??where?? are setting the account as locked. I don't recall under NT where you set the lockout. Under 2000 it think it's the local security settings and account lockout policy.

If you don't want anyone logging on, disable the account with UF_ACCOUNTDISABLE

PS: you should also change your code and get rid of the goto, it's bad form IMHO

PSS:

Here's the documentation supporting the UF_LOCKOUT statment from MSDN.

UF_LOCKOUT The account is currently locked out. You can call the NetUserSetInfo function and clear this value to unlock a previously locked account. You cannot use this value to lock a previously unlocked account.