The functions in the Group category control global groups on a server and local groups in the security database.
|
Function |
Description |
|
Creates a new group account. |
|
|
This function is the same as NetGroupAdd except that it uses 32-bit data structures, is RPC-based, and supports additional information levels. |
|
|
Adds a user to a specified group. |
|
|
This function is the same as NetGroupAddUser except that is RPC-based. |
|
|
Removes a specified group account from a server. |
|
|
This function is the same as NetGroupDel except that it is RPC-based. |
|
|
Removes a user from a group. |
|
|
This function is the same as NetGroupDelUser except that it is RPC-based. |
|
|
Lists all group accounts on a server. |
|
|
This function is the same as NetGroupEnum except that it uses 32-bit data structures, is RPC-based, supports additional information levels, and is resumable. |
|
|
Lists the members of a specified group on a server. |
|
|
This function is the same as NetGroupGetInfo except that it uses 32-bit data structures, is RPC-based, and supports additional information levels. |
|
|
Retrieves group-related information. |
|
|
This function is the same as NetGroupGetUsers except that it uses 32-bit data structures, is RPC-based, supports additional information levels, and is resumable. |
|
|
Sets information for a given group. |
|
|
This function is the same as NetGroupSetInfo except that it uses 32-bit data structures, is RPC-based, and supports additional information levels. |
|
|
Sets information about group’s users. |
|
|
This function is the same as NetGroupSetUsers except that it uses 32-bit data structures, is RPC-based, and supports additional information levels. |
|
|
Creates a local group in the security database. |
|
|
Gives an existing user account or global group membership in an existing local group. |
|
|
Deletes a local group from the accounts database. |
|
|
Removes a member from a particular local group in the security database. |
|
|
Retrieves information about each local group account. |
|
|
Retrieves information about a local group account on a server. |
|
|
Retrieves list of members of particular local group in the security database. |
|
|
Sets the parameters of a local group. |
|
|
Sets the local group membership for the specified local group. |
A global group is a set of users sharing common permissions in a security database. The functions in the Group category that control global groups create or delete global groups and review or adjust their membership.
A server can assign access permissions for all members of a group by supplying the group name to the NetAccessAdd function instead of individually assigning each user an access permission record. For more information, see Access Permissions Category.
To create a global group, an application calls NetGroupAdd or NetGroupAdd32, which supplies a group name. Initially, the global group has no members. To assign members to the global group, call NetGroupSetUsers or NetGroupSetUsers32. To add a user to an existing global group, call NetGroupAddUser or NetGroupAddUser32. To set general information about a global group, call NetGroupSetInfo or NetUserSetInfo32.
NetGroupDelUser and NetGroupDelUser32 remove the name of a specified user from a global group, and NetGroupDel and NetGroupDel32 remove a global group. NetGroupDel and NetGroupDel32 work regardless of whether the group has members.
The following functions retrieve information about global groups on a server: NetGroupEnum and NetGroupEnum32 produce lists of all groups; NetGroupGetUsers and NetGroupGetUsers32 list all members of specified groups; and NetGroupGetInfo and NetGroupGetInfo32 return general information about the global group.
Each user account automatically belongs to one of the special global groups Domain Users or None, according to the user’s Security Requirements. Membership in these global groups is controlled indirectly by the NetUserAdd, NetUserAdd32, NetUserDel, NetUserDel32, NetUserSetInfo, and NetUserSetInfo32 functions.
A local group is a set of users sharing common permissions in the security database. A local group can have members which either are users or global groups (global groups can contain only users).
The local group API functions control members of local groups in a way that can be used only by the systems within a "cluster." A cluster is the individual workstation if the system is Windows NT , but it contains all of the Advanced Server for UNIX Systems and Windows NT Server computers of a domain if the system is an Advanced Server for UNIX Systems or Windows NT Server.
Therefore, a local group defined on a workstation can be used only on that workstation. But a local group defined in Advanced Server can be used by any other Advanced Server within the same domain. The local group API functions create or delete local groups, and review or adjust the memberships of local groups.
A member can be added to a local group by specifying the security identifier (SID) of the member. NetLookupAccountName can be used to translate a member account name to a SID.
To create a local group, an application calls NetLocalGroupAdd, supplying a local group name. Initially, the local group has no members. To assign members to the local group, call NetLocalGroupSetMembers.
To add a member to an existing local group, call NetLocalGroupAddMember.
To set general information about the local group, call NetLocalGroupSetInfo.
NetLocalGroupDelMember deletes a specified member from a local group and NetLocalGroupDel disbands a local group, deleting all existing members of the local group first.
Three local group category API functions retrieve information about the local groups on a server: NetLocalGroupEnum produces a list of all local groups; NetLocalGroupGetMembers lists all members of a specified local group; and NetLocalGroupGetInfo returns general information about the local group.
NetGroupAdd, NetGroupEnum, and NetGroupGetInfo use the group_info_0 data structure. These three functions and NetGroupSetInfo use the group_info_1 data structure.
NetGroupAdd32, NetGroupEnum32, NetGroupGetInfo32, and NetGroupSetInfo32 use the GROUP_INFO_0, GROUP_INFO_1, and GROUP_INFO_2 data structures. NetGroupSetInfo32 also uses GROUP_INFO_1002 and GROUP_INFO_1005 data structures.
NetGroupGetUsers and NetGroupSetUsers use the group_users_info_0 data structure.
NetGroupGetUsers32 and NetGroupSetUsers32 use the GROUP_USERS_INFO_0 and GROUP_USERS_INFO_1 data structures.
NetLocalGroupAdd, NetLocalGroupEnum, NetLocalGroupGetInfo and NetLocalGroupSetInfo use the LOCALGROUP_INFO_0 and LOCALGROUP_INFO_1 data structures. NetLocalGroupSetInfo also uses LOCALGROUP_INFO_1002 data structure.
NetLocalGroupGetMembers and NetLocalGroupSetMembers use LOCALGROUP_MEMBERS_0 data structure. NetLocalGroupGetMembers also uses LOCALGROUP_MEMBERS_1 data structure.
The group_info_0 data structure has the following format:
struct group_info_0 {
char grpi0_name[LM20_GNLEN+1];
};
Within this structure, grpi0_name is an ASCIIZ string containing a group name. The constant GNLEN is defined in the netcons.h header file.
The GROUP_INFO_0 data structure has the following format:
typedef struct _GROUP_INFO_0 {
LPTSTR grpi0_name;
} GROUP_INFO_0, *PGROUP_INFO_0, *LPGROUP_INFO_0;
Within this structure, the parameters are defined in the same way as in the group_info_0 structure.
The group_info_1 data structure has the following format:
struct group_info_1 {
char grpi1_name[LM20_GNLEN+1];
char grpi1_pad;
char grpi1_comment;
};
Within this structure, grpi1_name is as is for the group_info_0 data structure.
grpi1_pad aligns the next data structure on a word boundary.
grpi1_comment points to an ASCIIZ string containing a remark for the group. The maximum length of the comment is LM20_MAXCOMMENTSZ + 1 ; the length can be NULL. MAXCOMMENTSZ is defined in the netcons.h file.
The GROUP_INFO_1 data structure has the following format:
typedef struct _GROUP_INFO_1 {
LPTSTR grpi1_name;
LPTSTR grpi1_comment;
} GROUP_INFO_1, *PGROUP_INFO_1, *LPGROUP_INFO_1;
Within this structure, the parameters are defined in the same was as in the group_info_1 data structure.
The GROUP_INFO_2 data structure has the following format:
typedef struct _GROUP_INFO_2 {
LPTSTR grpi2_name;
LPTSTR grpi2_comment;
DWORD grpi2_group_id;
DWORD grpi2_attributes;
}GROUP_INFO_2, *PGROUP_INFO_2;
Within this structure, grpi2_name is an ASCIIZ string containing a group name.
grpi2_comment points to an ASCIIZ string containing a remark for the group.
grpi2_id specifies the relative ID of the group in its security database.
grpi2_attributes specify a set of flags describing group characteristics. The possible values are combinations of SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_LOGON_ID. These values are defined in the lmsec.h file.
The GROUP_INFO_1002 data structure has the following format:
typedef struct _GROUP_INFO_1002 {
LPWSTR grpi1002_comment;
} GROUP_INFO_1002, *PGROUP_INFO_1002, *LPGROUP_INFO_1002;
Within this structure, grpi1002_comment points to an ASCIIZ string containing a remark for a group.
The GROUP_INFO_1005 data structure has the following format:
typedef struct _GROUP_INFO_1005 {
DWORD grpi1005_attributes;
} GROUP_INFO_1005, *PGROUP_INFO_1005, *LPGROUP_INFO_1005;
Within this structure, grpi1005_attributes specify a set of flags describing group characteristics. The possible values are combinations of SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_LOGON_ID. These values are defined in the lmsec.h file.
The format of the group_users_info_0 data structure is as follows:
struct group_users_info_0 {
char grui0_uname[LM20_UNLEN+1];
};
Within this structure, grui0_uname is an ASCIIZ string specifying the name of a group member. The constant LM20_UNLEN is defined in the netcons.h header file.
The format of the GROUP_USERS_INFO_0 data structure is as follows:
typedef struct _GROUP_USERS_INFO_0 {
LPTSTR grui0_name;
} GROUP_USERS_INFO_0, *PGROUP_USERS_INFO_0, *LPGROUP_USERS_INFO_0;
Within this structure, the parameters are defined in the same as in the group_users_info_0 structure.
The format of the GROUP_USERS_INFO_1 data structure is as follows:
typedef struct _GROUP_USERS_INFO_1 {
LPTSTR grui1_name;
DWORD grui1_attributes;
} GROUP_USERS_INFO_1, *PGROUP_USERS_INFO_1, *LPGROUP_USERS_INFO_1;
Within this structure, grui1_name is an ASCIIZ string specifying the name of a group member.
grui1_attributes specify a set of flags describing user’s group characteristics. The possible values are combinations of SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_LOGON_ID. These values are defined in the lmsec.h file.
The LOCALGROUP_INFO_0 data structure has the following format:
typedef struct _LOCALGROUP_INFO_0 {
LPTSTR lgrpi0_name;
} LOCALGROUP_INFO_0, *PLOCALGROUP_INFO_0, LPLOCALGROUP_INFO_0;
Within this structure, lgrpi0_name points an ASCIIZ string containing a local group name.
The LOCALGROUP_INFO_1 data structure has the following format:
typedef struct _LOCALGROUP_INFO_1 {
LPTSTR lgrpi1_name;
LPTSTR lgrpi1_comment;
} LOCALGROUP_INFO_1, *PLOCALGROUP_INFO_1, LPLOCALGROUP_INFO_1;
Within this structure, lgrpi1_name points to an ASCIIZ string containing a local group name.
lgrpi1_comment points to an ASCIIZ string containing a remark for the local group.
The LOCALGROUP_INFO_1002 data structure has the following format:
typedef struct _LOCALGROUP_INFO_1002 {
LPTSTR lgrpi1002_comment;
} LOCALGROUP_INFO_1002, *PLOCALGROUP_INFO_1002, LPLOCALGROUP_INFO_1002;
Within this structure, lgrpi1002_comment points to an ASCIIZ string containing a remark for the local group.
The LOCALGROUP_MEMBERS_INFO_0 data structure has the following format:
typedef struct _LOCALGROUP_MEMBERS_INFO_0 {
PSID lgrmi0_sid;
} LOCALGROUP_MEMBERS_INFO_0, *PLOCALGROUP_MEMBERS_INFO_0,
*LPLOCALGROUP_MEMBERS_INFO_0;
Within this structure, lgrmi0_sid points to a security identifier (SID) of a local group member.
The LOCALGROUP_MEMBERS_INFO_1 data structure has the following format:
typedef struct _LOCALGROUP_MEMBERS_INFO_1 {
PSID lgrmi1_sid;
SID_NAME_USE lgrmi1_sidusage;
LPTSTR lgrmi1_name;
} LOCALGROUP_MEMBERS_INFO_1, *PLOCALGROUP_MEMBERS_INFO_1, *LPLOCALGROUP_MEMBERS_INFO_1;
Within this structure, lgrmi1_sid points to a security identifier of a local group member.
lgrmi1_sidusage contains SID_NAME_USE enumeration type (see Security Category) indicating the type of the local group member’s account.
lgrmi1_name points to an ASCIIZ string containing the account name of a local group member.
For NetGroupSetInfo32, parmnum values refer to the fields in GROUP_INFO structure as follows. These values are used when indicating an error in a specific parameter via parm_err.
|
parmnum value |
Field in GROUP_INFO struct |
|
GROUP_NAME_PARMNUM |
grpi_name |
|
GROUP_COMMENT_PARMNUM |
grpi_comment |
|
GROUP_ATTRIBUTES_PARMNUM |
grpi_attributes |
For NetLocalGroupSetInfo, parmnum values refer to the fields in the group_info structure. These values are used when indicating an error.
|
parmnum value |
Field in group_info struct |
|
LOCALGROUP_NAME_PARMNUM |
lgrpi_name |
|
LOCALGROUP_COMMENT_PARMNUM |
lgrpi_comment |