The interface "IAccount" represents a user or group account. It implements those aspects of account functionality, which are needed for the other parts of "madSecurity" like ACEs and Security Objects. Some properties only work in winNT/2k, because win9x doesn't support the respective APIs. A list of methods and properties can be found in the IAccount Reference.

type IAccount = interface (IBasic) ['{28D27EC2-3A98-11D3-A52D-00005A180D69}'];

You can directly get an "IAccount" object for a specific account, if you have the complete name of the account or its SID. You can enter the SID as a PSid pointer or as a "S-1-x-x..." string. Furthermore you can directly get an "IAccount" object for the current user or for some special users/groups.

function Account (name : string; group: TExtBool = other) : IAccount; overload;
function Account (sid  : PSid                           ) : IAccount; overload;

function CurrentUser        : IAccount;
function Everyone           : IAccount;
function AuthenticatedUsers : IAccount;

// Example:
if Everyone.IsEqual(Account('S-1-1-0')) then
  ShowMessage('madSecurity seems to be working correctly');

The property "Name" returns the name of the account:

property IAccount.Name : string;

The following method checks whether the account which is represented by the current "IAccount" instance is identical to the specified account:

function IAccount.IsEqual (const otherAccount: IAccount) : boolean;

The method "IsStillValid" checks, whether the account is still valid, that is whether it was not deleted in the meanwhile. This property always returns "true" in win9x.

function IAccount.IsStillValid : boolean;

The following property returns the type of the account. In win9x you'll always get "atUnknown".

type TAccountType = (atUnknown, atUser, atGroup, atDomain, atAlias, atWellKnownGroup,
                     atDeletedAccount, atInvalid, atUnknown2);

property IAccount.Type_ : TAccountType;

The property "Domain" tells you the name of the domain where the account is maintained. In win9x you'll get an empty string.

property IAccount.Domain : string;

The following properties return infos about the winNT SID structure, which identifies the account. In win9x you'll get nil/0/''.

property IAccount.PSid    : PSid;
property IAccount.SidSize : integer;
property IAccount.SidStr  : string;

All accounts are cached to get higher performance. You can clear the cache at any time without any danger. You should do so after you've changed a user. Otherwise the cache might hinder some actions.

procedure AccountCache_Add (const account: IAccount);
procedure AccountCache_Clear;