This question already has an answer here:
How to get the IdentityReference for "Everyone" to create MutexAccessRule on localized systems?
(1 answer)
Closed 9 years ago.
I already wrote a code which can create a share and change permissions for the current user. The goal was to always allow all for everybody on share level and deny rights on ntfs acl level.
I use a german windows and I noticed that I only can access the everybody user by using "jeder". In english it would be the user "everybody" or "all" I think?! Anyway I'm searching for a way to get the name of the everybody user language independent.
Hope this is possible.
The name that the English version of Windows uses is "Everyone".
You can get the user regardless of language by using the WellKnownSidType.WorldSid value:
var sid = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
var account = (NTAccount) sid.Translate(typeof(NTAccount));
I believe the way to do it has been answered here: How can I get the local group name for guests/administrators ?
This "everyone" SID is a well known SID "S-1-1-0" (the list is availalble here: Well-known security identifiers in Windows operating systems).
Related
This question already has answers here:
Updating HKEY_CURRENT_USER hive from a service
(2 answers)
Closed 4 years ago.
I have the problem with accessing "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run". Function returns result 2, that means "File not found". I'm pretty sure this happened because of Local System rights in application but don't know how to fix this.
int result = RegOpenKeyEx(registryHive, registrySubname, 0,STANDART_RIGHTS_READ | KEY_QUERY_VALUE | KEY_NOTIFY , out registryKey);
Any ideas?
UPD: I've checked this in application with current user rights and everything worked
When running as the LocalSystem account, such as in a service, you can't use RegOpenKeyEx() to open the HKEY_CURRENT_USER hive of any user account other than LocalSystem. To open the HKCU hive of another user, you need to first impersonate that user, such as with ImpersonateLoggedOnUser(), and then use RegOpenCurrentUser().
This question already has an answer here:
Active Directory check if user is logged in
(1 answer)
Closed 8 years ago.
I'm trying to query a LDAP server to get information if an user is logged in or not.
In a collection of properties (from return) none tell me specifically the information, but there are two in particullar that can do this: lastlogon and lastlogoff.
But lastlogoff it is always 0.
: /
How I can get the real value of lastlogoff?
May I refer you to this article on SO? I used this solution before, because as noted, there was no method of finding this information within AD. One could seek out the computer names on the network, but this does not indicate the actual user.
Active Directory check if user is logged in
I hope this is helpful to you, i used this from the linked article....
"...Another alternative could be to craft a logon/logoff script that
writes to a particular file/database and you could monitor that file
to see who is logged in...."
Then, this exmaple is for vbscript and WMI. As stated, a third party tool available through sysinternals exists.
You said you have no access to change LDAP server. Does this include logon/logoff scripts?
Here is the link: http://blogs.msdn.com/b/alejacma/archive/2008/03/04/how-to-get-the-logged-on-user-with-wmi-vbscript.aspx
This question already has answers here:
Checking file/folder access permission
(3 answers)
Closed 8 years ago.
I have an Application running in a server, that takes a username and file path. The idea to check if the user can read the file (the target user is not the same user running the program).
So how to check read permissions for specific user ??
I can't take responsibility for this as I googled it and the answer was by James Newton-King found here- How to present credentials in order to open file?
You want to impersonate a user who does have the rights to access the file.
I recommend using a class like this - http://www.codeproject.com/KB/cs/zetaimpersonator.aspx. It hides all the nasty implementation of doing impersonation.
using (new Impersonator("myUsername", "myDomainname", "myPassword"))
{
string fileText = File.ReadAllText("c:\test.txt");
Console.WriteLine(fileText);
}
Check this Documentation, this might be useful:
http://msdn.microsoft.com/en-us/library/system.io.file.getattributes(v=vs.110).aspx
I know this question has been asked many times on SO, but none of them answer my question.
I know from studying for the Comptiat A+ that when using automated (unattended) installations techs always have to go back and change the MACHINE SID before the OS can be activated on each machine. There seems to be a lot of questions about how to get the SID with networks and such, but I know there is also a machine SID that cant be changed. For those of you who have used Fix-It Utilities boot disk, there is a button, "change SID" and that will make windows fail to boot if its already activated.
My question is similar to this one, but his question was never really answered. My question is, how do I get the MACHINE Windows Installation SID using c#.
Well, it depends which computer SID you want (seriously!). There's the SID that the local computer uses for itself... For this, you just need to get the SID of the local Administrator user, and remove the "-500" from the end to get the computer's SID.
In C# on .NET 3.5:
using System;
using System.Security.Principal;
using System.DirectoryServices;
using System.Linq;
public static SecurityIdentifier GetComputerSid()
{
return new SecurityIdentifier((byte[])new DirectoryEntry(string.Format("WinNT://{0},Computer", Environment.MachineName)).Children.Cast<DirectoryEntry>().First().InvokeGet("objectSID"), 0).AccountDomainSid;
}
On the other hand, there's the SID that Active Directory uses to identify each domain member computer... That one you fetch by getting the SID of the machine account in the domain--the one that ends with a dollar sign.
Apologies for not knowing the right way to phrase this question.
Given a domain name and an alias, for example CONTOSO\steveh how can I get the friendly display name for that alias? For example, in Outlook email sent to CONTOSO\steveh appears as 'Steve Holt'?
If you are using .net 3.5, add references to System.DirectoryServices and System.DirectoryServices.AccountManagement and try this:
PrincipalContext c = new PrincipalContext(ContextType.Domain,"CONTOSO");
UserPrincipal principal = UserPrincipal.FindByIdentity(c,"steveh");
Console.WriteLine(principal.DisplayName);
I can't verify if it works for a domain since I'm running on a standalone machine but it should help you get started.
You can query ActiveDirectory through LDAP I recommend taking a look at this question which has some basic information. You should be able to get a general direction from there.