How to filter out special groups returned by GetTokenInformation()?

Question

I use GetTokenInformation()/TokenGroups to get groups a currently logged on user is a member of. However, the list of groups returned from the API also includes special groups like "INTERACTIVE", "CONSOLE LOGON", "Pre-Windows 2000 Compatible Access", etc.

What is the best way to filter out the special groups? Ideally I'd like to keep only the groups that you can see on the "Member Of" tab of a given user's properties dialog box.

Thanks.

Answer 1

As suggested in the comments, NetUserGetLocalGroups is most likely the function used in the "Local Users and Groups" snap-in.

You can also filter the list by whatever criteria you choose:

static bool ShouldHideGroup(PSID Sid, DWORD Attributes, bool HideDeny = false)
{
    if (SE_GROUP_INTEGRITY & Attributes) return true;
    if (SE_GROUP_LOGON_ID & Attributes) return true;
    if (HideDeny && (SE_GROUP_USE_FOR_DENY_ONLY & Attributes)) return true;
    for (UINT i = 0; i <= 0xff; ++i) // Hack to check if it is well known
    {
        if (IsWellKnownSid(Sid, (WELL_KNOWN_SID_TYPE)i))
        {
            static const SID_IDENTIFIER_AUTHORITY ntauth = SECURITY_NT_AUTHORITY;
            PSID_IDENTIFIER_AUTHORITY pSIA = GetSidIdentifierAuthority(Sid);
            DWORD*pSub1 = GetSidSubAuthority(Sid, 0);
            if (memcmp(pSIA, &ntauth, 6) || *pSub1 != SECURITY_BUILTIN_DOMAIN_RID) // Hide everything except the BUILTIN\* groups
            {
                return true;
            }
        }
    }
    return false;
}

...
    if (GetTokenInformation(hToken, TokenGroups, pTG, cbTG, &cbTG))
    {
        for (DWORD i = 0; i < pTG->GroupCount; ++i)
        {
            if (ShouldHideGroup(pTG->Groups[i].Sid, pTG->Groups[i].Attributes)) continue;
            DisplayGroupDetails(pTG->Groups[i]);
        }
    }

The Net* functions operate on the Domain and/or local SAM database, the other groups are added to your token by Windows but I don't believe there is a public API to filter your way back to the exact list of groups from SAM.