def get_domain_sid(): policy_handle = win32security.GetPolicyHandle( '', win32security.POLICY_ALL_ACCESS) sid = win32security.LsaQueryInformationPolicy( policy_handle, win32security.PolicyDnsDomainInformation)[4] sid = str(sid).split(':')[1] win32security.LsaClose(policy_handle) return sid
import win32security import win32file import win32api import ntsecuritycon import win32con policy_handle = win32security.GetPolicyHandle('rupole', win32security.POLICY_ALL_ACCESS) ## mod_nbr, mod_time = win32security.LsaQueryInformationPolicy(policy_handle,win32security.PolicyModificationInformation) # print mod_nbr, mod_time domain_name, dns_domain_name, dns_forest_name, domain_guid, domain_sid = \ win32security.LsaQueryInformationPolicy( policy_handle, win32security.PolicyDnsDomainInformation) print(domain_name, dns_domain_name, dns_forest_name, domain_guid, domain_sid) event_audit_info = win32security.LsaQueryInformationPolicy( policy_handle, win32security.PolicyAuditEventsInformation) print(event_audit_info) domain_name, sid = win32security.LsaQueryInformationPolicy( policy_handle, win32security.PolicyPrimaryDomainInformation) print(domain_name, sid) domain_name, sid = win32security.LsaQueryInformationPolicy( policy_handle, win32security.PolicyAccountDomainInformation) print(domain_name, sid) server_role = win32security.LsaQueryInformationPolicy( policy_handle, win32security.PolicyLsaServerRoleInformation) print('server role: ', server_role)
import win32security, win32file, win32api, ntsecuritycon, win32con policy_handle = win32security.GetPolicyHandle('rupole', win32security.POLICY_ALL_ACCESS) event_audit_info = win32security.LsaQueryInformationPolicy( policy_handle, win32security.PolicyAuditEventsInformation) print event_audit_info new_audit_info = list(event_audit_info[1]) new_audit_info[win32security.AuditCategoryPolicyChange]= \ win32security.POLICY_AUDIT_EVENT_SUCCESS|win32security.POLICY_AUDIT_EVENT_FAILURE new_audit_info[win32security.AuditCategoryAccountLogon]= \ win32security.POLICY_AUDIT_EVENT_SUCCESS|win32security.POLICY_AUDIT_EVENT_FAILURE new_audit_info[win32security.AuditCategoryLogon]= \ win32security.POLICY_AUDIT_EVENT_SUCCESS|win32security.POLICY_AUDIT_EVENT_FAILURE win32security.LsaSetInformationPolicy( policy_handle, win32security.PolicyAuditEventsInformation, (1, new_audit_info)) win32security.LsaClose(policy_handle)