Edit

Share via

GROUP_USERS_INFO_1 structure (lmaccess.h)

  • Article

The GROUP_USERS_INFO_1 structure contains global group member information.

Syntax

typedef struct _GROUP_USERS_INFO_1 {
  LPWSTR grui1_name;
  DWORD  grui1_attributes;
} GROUP_USERS_INFO_1, *PGROUP_USERS_INFO_1, *LPGROUP_USERS_INFO_1;

Members

grui1_name

Type: LPWSTR

A pointer to a null-terminated Unicode character string that specifies a name. For more information, see the Remarks section.

grui1_attributes

Type: DWORD

A set of attributes for this entry. This member can be a combination of the security group attributes defined in the Winnt.h header file.

Value Meaning
SE_GROUP_MANDATORY
0x00000001
 The group is mandatory.
SE_GROUP_ENABLED_BY_DEFAULT
0x00000002
 The group is enabled for access checks by default.
SE_GROUP_ENABLED
0x00000004
 The group is enabled for access checks.
SE_GROUP_OWNER
0x00000008
 The group identifies a group account for which the user of the token is the owner of the group.
SE_GROUP_USE_FOR_DENY_ONLY
0x00000010
 The group is used for deny only purposes. When this attribute is set, the SE_GROUP_ENABLED attribute must not be set.
SE_GROUP_INTEGRITY
0x00000020
 The group is used for integrity. This attribute is available on Windows Vista and later.
SE_GROUP_INTEGRITY_ENABLED
0x00000040
 The group is enabled for integrity level. This attribute is available on Windows Vista and later.
SE_GROUP_LOGON_ID
0xC0000000
 The group is used to identify a logon session associated with an access token.
SE_GROUP_RESOURCE
0x20000000
 The group identifies a domain-local group.

Remarks

If you are calling the NetGroupGetUsers function or the NetGroupSetUsers function, the grui1_name member contains the name of a user that is a member of the specified group.

If you are calling the NetUserGetGroups function or the NetUserSetGroups function, the grui1_name member contains the name of a global group to which the specified user belongs.

User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <, >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are nonprintable.

Windows Vista and later include an addition to the access control security mechanism of Windows that labels processes and other securable objects with an integrity level. Internet-facing programs are at higher risk for exploits than other programs because they download untrustworthy content from unknown sources. Running these programs with fewer permissions, or at a lower integrity level, than other programs reduces the ability of an exploit to modify the system or harm user data files. The SE_GROUP_INTEGRITY and SE_GROUP_INTEGRITY_ENABLED attributes of the grui1_attributes member are used for this purpose.

Requirements

Requirement Value
Minimum supported client Windows 2000 Professional [desktop apps only]
Minimum supported server Windows 2000 Server [desktop apps only]
Header lmaccess.h (include Lm.h)

See also

GROUP_USERS_INFO_0

Group Functions

NetGroupGetUsers

NetGroupSetUsers

NetUserGetGroups

NetUserGetInfo

NetUserSetGroups

Network Management Overview

Network Management Structures