| Groups | Blog | Home |
dotnet security : How to find out file owner?
The following code doesn't work for mapped drives: using System; using System.Text; using System.Threading; using System.Security.AccessControl; using System.Security.Principal; using System.IO; namespace ConsoleApplication1 { class Program { static void Main(string[] args) { FileInfo fi = new FileInfo(@"c:\boot.ini"); FileSecurity fs = fi.GetAccessControl(); IdentityReference ir = fs.GetOwner(typeof(NTAccount)); Console.WriteLine(ir.Value); } } } What should I do to make it work for mapped drives or UNC (like \\10.0.61.22\c$\boot.ini)? (Windows XP network; logged on using domain administrator account) Thanks
I'm not sure what the problem is, but can you explain more about what
doesn't work? Does it crash? Can you not access the security descriptor? Can you just not access the owner or does the translation of the SID into an NTAccount fail? Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- [quoted text, click to view] "Dmitry Nogin" <dmitrynogin@hotmail.com> wrote in message news:e9Lr0EKQHHA.4172@TK2MSFTNGP03.phx.gbl... > Hi, > The following code doesn't work for mapped drives: > > using System; > using System.Text; > using System.Threading; > using System.Security.AccessControl; > using System.Security.Principal; > using System.IO; > > namespace ConsoleApplication1 > { > class Program > { > static void Main(string[] args) > { > FileInfo fi = new FileInfo(@"c:\boot.ini"); > FileSecurity fs = fi.GetAccessControl(); > IdentityReference ir = fs.GetOwner(typeof(NTAccount)); > Console.WriteLine(ir.Value); > } > } > } > > What should I do to make it work for mapped drives or UNC (like > \\10.0.61.22\c$\boot.ini)? > > (Windows XP network; logged on using domain administrator account) > > Thanks >
If the SID is local to the machine that it is coming from, then that might
explain it. The current machine may have no way to determine who that user is. I can't explain why Windows explorer would be able to do it as they should be using the same APIs, but sometimes things aren't that obvious. What is the SID in this case? Does it belong to a specific local machine user? Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- [quoted text, click to view] "Dmitry Nogin" <dmitrynogin@hotmail.com> wrote in message news:%23io%23iH5QHHA.488@TK2MSFTNGP06.phx.gbl... > Yes, the problem is about SID translation. I can acquire SID but > translation into an NTAccount fails. > > BTW, I can see actual value in Windows Explorer. > > > "Joe Kaplan" <joseph.e.kaplan@removethis.accenture.com> wrote in message > news:uRGy8LaQHHA.4476@TK2MSFTNGP05.phx.gbl... >> I'm not sure what the problem is, but can you explain more about what >> doesn't work? Does it crash? Can you not access the security >> descriptor? Can you just not access the owner or does the translation of >> the SID into an NTAccount fail? >> >> Joe K. >> >> -- >> Joe Kaplan-MS MVP Directory Services Programming >> Co-author of "The .NET Developer's Guide to Directory Services >> Programming" >> http://www.directoryprogramming.net >> -- >> "Dmitry Nogin" <dmitrynogin@hotmail.com> wrote in message >> news:e9Lr0EKQHHA.4172@TK2MSFTNGP03.phx.gbl... >>> Hi, >>> The following code doesn't work for mapped drives: >>> >>> using System; >>> using System.Text; >>> using System.Threading; >>> using System.Security.AccessControl; >>> using System.Security.Principal; >>> using System.IO; >>> >>> namespace ConsoleApplication1 >>> { >>> class Program >>> { >>> static void Main(string[] args) >>> { >>> FileInfo fi = new FileInfo(@"c:\boot.ini"); >>> FileSecurity fs = fi.GetAccessControl(); >>> IdentityReference ir = fs.GetOwner(typeof(NTAccount)); >>> Console.WriteLine(ir.Value); >>> } >>> } >>> } >>> >>> What should I do to make it work for mapped drives or UNC (like >>> \\10.0.61.22\c$\boot.ini)? >>> >>> (Windows XP network; logged on using domain administrator account) >>> >>> Thanks >>> >> >> > >
Yes, the problem is about SID translation. I can acquire SID but translation
into an NTAccount fails. BTW, I can see actual value in Windows Explorer. [quoted text, click to view] "Joe Kaplan" <joseph.e.kaplan@removethis.accenture.com> wrote in message news:uRGy8LaQHHA.4476@TK2MSFTNGP05.phx.gbl... > I'm not sure what the problem is, but can you explain more about what > doesn't work? Does it crash? Can you not access the security descriptor? > Can you just not access the owner or does the translation of the SID into > an NTAccount fail? > > Joe K. > > -- > Joe Kaplan-MS MVP Directory Services Programming > Co-author of "The .NET Developer's Guide to Directory Services > Programming" > http://www.directoryprogramming.net > -- > "Dmitry Nogin" <dmitrynogin@hotmail.com> wrote in message > news:e9Lr0EKQHHA.4172@TK2MSFTNGP03.phx.gbl... >> Hi, >> The following code doesn't work for mapped drives: >> >> using System; >> using System.Text; >> using System.Threading; >> using System.Security.AccessControl; >> using System.Security.Principal; >> using System.IO; >> >> namespace ConsoleApplication1 >> { >> class Program >> { >> static void Main(string[] args) >> { >> FileInfo fi = new FileInfo(@"c:\boot.ini"); >> FileSecurity fs = fi.GetAccessControl(); >> IdentityReference ir = fs.GetOwner(typeof(NTAccount)); >> Console.WriteLine(ir.Value); >> } >> } >> } >> >> What should I do to make it work for mapped drives or UNC (like >> \\10.0.61.22\c$\boot.ini)? >> >> (Windows XP network; logged on using domain administrator account) >> >> Thanks >> > >
I honestly don't know. It is a generally good idea to trap the exception
returned when trying to convert between a SID and NTAccount though, as that can fail unexpected for a variety of reasons. Sometimes you can only ever get the original SID. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- [quoted text, click to view] "Dmitry Nogin" <dmitrynogin@hotmail.com> wrote in message news:e$MVn6RRHHA.1036@TK2MSFTNGP03.phx.gbl... >I checked all the possible situations: > BULTIN\Administrator > MYDOMAIN\Administrator > etc... > > Sometimes it works, sometimes - no. I couldn't find any dependancy on the > origin of the account. > > > "Joe Kaplan" <joseph.e.kaplan@removethis.accenture.com> wrote in message > news:ugxNDI8QHHA.1364@TK2MSFTNGP06.phx.gbl... >> If the SID is local to the machine that it is coming from, then that >> might explain it. The current machine may have no way to determine who >> that user is. I can't explain why Windows explorer would be able to do >> it as they should be using the same APIs, but sometimes things aren't >> that obvious. >> >> What is the SID in this case? Does it belong to a specific local machine >> user? >> >> Joe K. >> >> -- >> Joe Kaplan-MS MVP Directory Services Programming >> Co-author of "The .NET Developer's Guide to Directory Services >> Programming" >> http://www.directoryprogramming.net >> -- >> "Dmitry Nogin" <dmitrynogin@hotmail.com> wrote in message >> news:%23io%23iH5QHHA.488@TK2MSFTNGP06.phx.gbl... >>> Yes, the problem is about SID translation. I can acquire SID but >>> translation into an NTAccount fails. >>> >>> BTW, I can see actual value in Windows Explorer. >>> >>> >>> "Joe Kaplan" <joseph.e.kaplan@removethis.accenture.com> wrote in message >>> news:uRGy8LaQHHA.4476@TK2MSFTNGP05.phx.gbl... >>>> I'm not sure what the problem is, but can you explain more about what >>>> doesn't work? Does it crash? Can you not access the security >>>> descriptor? Can you just not access the owner or does the translation >>>> of the SID into an NTAccount fail? >>>> >>>> Joe K. >>>> >>>> -- >>>> Joe Kaplan-MS MVP Directory Services Programming >>>> Co-author of "The .NET Developer's Guide to Directory Services >>>> Programming" >>>> http://www.directoryprogramming.net >>>> -- >>>> "Dmitry Nogin" <dmitrynogin@hotmail.com> wrote in message >>>> news:e9Lr0EKQHHA.4172@TK2MSFTNGP03.phx.gbl... >>>>> Hi, >>>>> The following code doesn't work for mapped drives: >>>>> >>>>> using System; >>>>> using System.Text; >>>>> using System.Threading; >>>>> using System.Security.AccessControl; >>>>> using System.Security.Principal; >>>>> using System.IO; >>>>> >>>>> namespace ConsoleApplication1 >>>>> { >>>>> class Program >>>>> { >>>>> static void Main(string[] args) >>>>> { >>>>> FileInfo fi = new FileInfo(@"c:\boot.ini"); >>>>> FileSecurity fs = fi.GetAccessControl(); >>>>> IdentityReference ir = fs.GetOwner(typeof(NTAccount)); >>>>> Console.WriteLine(ir.Value); >>>>> } >>>>> } >>>>> } >>>>> >>>>> What should I do to make it work for mapped drives or UNC (like >>>>> \\10.0.61.22\c$\boot.ini)? >>>>> >>>>> (Windows XP network; logged on using domain administrator account) >>>>> >>>>> Thanks >>>>> >>>> >>>> >>> >>> >> >> > >
I checked all the possible situations:
BULTIN\Administrator MYDOMAIN\Administrator etc... Sometimes it works, sometimes - no. I couldn't find any dependancy on the origin of the account. [quoted text, click to view] "Joe Kaplan" <joseph.e.kaplan@removethis.accenture.com> wrote in message news:ugxNDI8QHHA.1364@TK2MSFTNGP06.phx.gbl... > If the SID is local to the machine that it is coming from, then that might > explain it. The current machine may have no way to determine who that > user is. I can't explain why Windows explorer would be able to do it as > they should be using the same APIs, but sometimes things aren't that > obvious. > > What is the SID in this case? Does it belong to a specific local machine > user? > > Joe K. > > -- > Joe Kaplan-MS MVP Directory Services Programming > Co-author of "The .NET Developer's Guide to Directory Services > Programming" > http://www.directoryprogramming.net > -- > "Dmitry Nogin" <dmitrynogin@hotmail.com> wrote in message > news:%23io%23iH5QHHA.488@TK2MSFTNGP06.phx.gbl... >> Yes, the problem is about SID translation. I can acquire SID but >> translation into an NTAccount fails. >> >> BTW, I can see actual value in Windows Explorer. >> >> >> "Joe Kaplan" <joseph.e.kaplan@removethis.accenture.com> wrote in message >> news:uRGy8LaQHHA.4476@TK2MSFTNGP05.phx.gbl... >>> I'm not sure what the problem is, but can you explain more about what >>> doesn't work? Does it crash? Can you not access the security >>> descriptor? Can you just not access the owner or does the translation of >>> the SID into an NTAccount fail? >>> >>> Joe K. >>> >>> -- >>> Joe Kaplan-MS MVP Directory Services Programming >>> Co-author of "The .NET Developer's Guide to Directory Services >>> Programming" >>> http://www.directoryprogramming.net >>> -- >>> "Dmitry Nogin" <dmitrynogin@hotmail.com> wrote in message >>> news:e9Lr0EKQHHA.4172@TK2MSFTNGP03.phx.gbl... >>>> Hi, >>>> The following code doesn't work for mapped drives: >>>> >>>> using System; >>>> using System.Text; >>>> using System.Threading; >>>> using System.Security.AccessControl; >>>> using System.Security.Principal; >>>> using System.IO; >>>> >>>> namespace ConsoleApplication1 >>>> { >>>> class Program >>>> { >>>> static void Main(string[] args) >>>> { >>>> FileInfo fi = new FileInfo(@"c:\boot.ini"); >>>> FileSecurity fs = fi.GetAccessControl(); >>>> IdentityReference ir = fs.GetOwner(typeof(NTAccount)); >>>> Console.WriteLine(ir.Value); >>>> } >>>> } >>>> } >>>> >>>> What should I do to make it work for mapped drives or UNC (like >>>> \\10.0.61.22\c$\boot.ini)? >>>> >>>> (Windows XP network; logged on using domain administrator account) >>>> >>>> Thanks >>>> >>> >>> >> >> > >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |