Method: Chef::ReservedNames::Win32::Security::SID.admin_account_name

Defined in:

lib/chef/win32/security/sid.rb

.admin_account_name ⇒ Object

# File 'lib/chef/win32/security/sid.rb', line 304

def self.admin_account_name
  @admin_account_name ||= begin
    admin_account_name = nil

    # Call NetUserEnum to enumerate the users without hitting network
    # http://msdn.microsoft.com/en-us/library/windows/desktop/aa370652(v=vs.85).aspx
    servername = nil # We are querying the local server
    level = 3 # We want USER_INFO_3 structure which contains the SID
    filter = FILTER_NORMAL_ACCOUNT # Only query the user accounts
    bufptr = FFI::MemoryPointer.new(:pointer) # Buffer which will receive the data
    prefmaxlen = MAX_PREFERRED_LENGTH # Let the system allocate the needed amount of memory
    entriesread = FFI::Buffer.new(:long).write_long(0)
    totalentries = FFI::Buffer.new(:long).write_long(0)
    resume_handle = FFI::Buffer.new(:long).write_long(0)

    status = ERROR_MORE_DATA

    while status == ERROR_MORE_DATA
      status = NetUserEnum(servername, level, filter, bufptr, prefmaxlen, entriesread, totalentries, resume_handle)

      if [NERR_Success, ERROR_MORE_DATA].include?(status)
        Array.new(entriesread.read_long) do |i|
          user_info = USER_INFO_3.new(bufptr.read_pointer + i * USER_INFO_3.size)
          # Check if the account is the Administrator account
          # RID for the Administrator account is always 500 and it's privilege is set to USER_PRIV_ADMIN
          if user_info[:usri3_user_id] == 500 && user_info[:usri3_priv] == 2 # USER_PRIV_ADMIN (2) - Administrator
            admin_account_name = user_info[:usri3_name].read_wstring
            break
          end
        end

        # Free the memory allocated by the system
        NetApiBufferFree(bufptr.read_pointer)
      end
    end

    raise "Can not determine the administrator account name." if admin_account_name.nil?

    admin_account_name
  end
end