get share permissions

  • Thread starter Thread starter Ralph
  • Start date Start date
R

Ralph

Hi,

how can I get the users or groups which are listed in the shared
permission of a shared folder?

Thanks,

Ralph
 
Hi Jakob,

thanks again, for your code snippet. Unfortunately, this only works if
I want to check the permissions for the local machine (the one I'm
working on as an administrator).
But I have to solve the following problem:
I have a folder, where I want to store a file and have to check the
access rights. If it's a shared folder, I have to check the share
permissions for this folder, which is on a remote folder. In this
case, the scope.Connect method fails.
Can you help me again?

Thanks,

Ralph

Hi Ralph,

You can do this by using WMI. I wrote the following example for you. The
example lists all shares on a given computer including the users/groups that
are granted persmisssions to the shares. The "ace" object can also give you
information about the access rights (take a look at the Win32_ACE class of
WMI on MSDN).

string machine = "YourMachine";
ConnectionOptions co = new ConnectionOptions();
co.Impersonation = ImpersonationLevel.Impersonate;
co.EnablePrivileges = true;

ManagementScope scope = new ManagementScope("\\\\" + machine +
"\\root\\cimv2", co);
scope.Connect();

ObjectQuery query = new ObjectQuery("SELECT * FROM
Win32_LogicalShareSecuritySetting");

ManagementObjectSearcher searcher = new
ManagementObjectSearcher(scope, query);

ManagementObjectCollection queryCollection = searcher.Get();
foreach (ManagementObject m in queryCollection)
{
string shareName = "\\\\" + machine + "\\" + m["Name"];
Console.WriteLine(shareName);

InvokeMethodOptions options = new InvokeMethodOptions();

ManagementBaseObject outParamsMthd =
m.InvokeMethod("GetSecurityDescriptor", null, options);
ManagementBaseObject descriptor =
outParamsMthd["Descriptor"] as ManagementBaseObject;

ManagementBaseObject[] dacl = descriptor["DACL"] as
ManagementBaseObject[];

foreach (ManagementBaseObject ace in dacl)
{
ManagementBaseObject trustee = ace["Trustee"] as
ManagementBaseObject;
string domain = (string) trustee["Domain"];
string name = (string)trustee["Name"];

Console.WriteLine(domain + "\\" + name);
}
}

HTH, Jakob.

--http://www.dotninjas.dk



Ralph said:
Hi,
Click to expand...
how can I get the users or groups which are listed in the shared
permission of a shared folder?

Ralph- Zitierten Text ausblenden -- Zitierten Text anzeigen -
Click to expand...
Click to expand...
 
Hi Ralph,

Which error are you getting? Is it access denied?

Kind regards, Jakob.

--
http://www.dotninjas.dk



Ralph said:
Hi Jakob,

thanks again, for your code snippet. Unfortunately, this only works if
I want to check the permissions for the local machine (the one I'm
working on as an administrator).
But I have to solve the following problem:
I have a folder, where I want to store a file and have to check the
access rights. If it's a shared folder, I have to check the share
permissions for this folder, which is on a remote folder. In this
case, the scope.Connect method fails.
Can you help me again?

Thanks,

Ralph

Hi Ralph,

You can do this by using WMI. I wrote the following example for you. The
example lists all shares on a given computer including the users/groups that
are granted persmisssions to the shares. The "ace" object can also give you
information about the access rights (take a look at the Win32_ACE class of
WMI on MSDN).

string machine = "YourMachine";
ConnectionOptions co = new ConnectionOptions();
co.Impersonation = ImpersonationLevel.Impersonate;
co.EnablePrivileges = true;

ManagementScope scope = new ManagementScope("\\\\" + machine +
"\\root\\cimv2", co);
scope.Connect();

ObjectQuery query = new ObjectQuery("SELECT * FROM
Win32_LogicalShareSecuritySetting");

ManagementObjectSearcher searcher = new
ManagementObjectSearcher(scope, query);

ManagementObjectCollection queryCollection = searcher.Get();
foreach (ManagementObject m in queryCollection)
{
string shareName = "\\\\" + machine + "\\" + m["Name"];
Console.WriteLine(shareName);

InvokeMethodOptions options = new InvokeMethodOptions();

ManagementBaseObject outParamsMthd =
m.InvokeMethod("GetSecurityDescriptor", null, options);
ManagementBaseObject descriptor =
outParamsMthd["Descriptor"] as ManagementBaseObject;

ManagementBaseObject[] dacl = descriptor["DACL"] as
ManagementBaseObject[];

foreach (ManagementBaseObject ace in dacl)
{
ManagementBaseObject trustee = ace["Trustee"] as
ManagementBaseObject;
string domain = (string) trustee["Domain"];
string name = (string)trustee["Name"];

Console.WriteLine(domain + "\\" + name);
}
}

HTH, Jakob.

--http://www.dotninjas.dk



Ralph said:
Hi,
Click to expand...
how can I get the users or groups which are listed in the shared
permission of a shared folder?

Ralph- Zitierten Text ausblenden -- Zitierten Text anzeigen -
Click to expand...
Click to expand...
Click to expand...
 
Yes, I get an UnauthorizedAccessException. Unfortunately I don't have
any influence on the remote computer in the network in my project. I
just get a shared folder, and I have to check the permissions I have
for this folder.

Hi Ralph,

Which error are you getting? Is it access denied?

Kind regards, Jakob.

--http://www.dotninjas.dk



Ralph said:
Hi Jakob,
Click to expand...
thanks again, for your code snippet. Unfortunately, this only works if
I want to check thepermissionsfor the local machine (the one I'm
working on as an administrator).
But I have to solve the following problem:
I have a folder, where I want to store a file and have to check the
access rights. If it's a shared folder, I have to check theshare
permissionsfor this folder, which is on a remote folder. In this
case, the scope.Connect method fails.
Can you help me again?
Thanks,
Click to expand...
Ralph
Click to expand...
Hi Ralph,
You can do this by using WMI. I wrote the following example for you. The
example lists all shares on a given computer including the users/groups that
are granted persmisssions to the shares. The "ace" object can also give you
information about the access rights (take a look at the Win32_ACE class of
WMI on MSDN).
string machine = "YourMachine";
ConnectionOptions co = new ConnectionOptions();
co.Impersonation = ImpersonationLevel.Impersonate;
co.EnablePrivileges = true;
ManagementScope scope = new ManagementScope("\\\\" + machine +
"\\root\\cimv2", co);
scope.Connect();
ObjectQuery query = new ObjectQuery("SELECT * FROM
Win32_LogicalShareSecuritySetting");
ManagementObjectSearcher searcher = new
ManagementObjectSearcher(scope, query);
ManagementObjectCollection queryCollection = searcher.Get();
foreach (ManagementObject m in queryCollection)
{
string shareName = "\\\\" + machine + "\\" + m["Name"];
Console.WriteLine(shareName);
InvokeMethodOptions options = new InvokeMethodOptions();
ManagementBaseObject outParamsMthd =
m.InvokeMethod("GetSecurityDescriptor", null, options);
ManagementBaseObject descriptor =
outParamsMthd["Descriptor"] as ManagementBaseObject;
ManagementBaseObject[] dacl = descriptor["DACL"] as
ManagementBaseObject[];
foreach (ManagementBaseObject ace in dacl)
{
ManagementBaseObject trustee = ace["Trustee"] as
ManagementBaseObject;
string domain = (string) trustee["Domain"];
string name = (string)trustee["Name"];
Console.WriteLine(domain + "\\" + name);
}
}
HTH, Jakob.
--http://www.dotninjas.dk
:
Hi,
how can I get the users or groups which are listed in the shared
permission of a shared folder?
Thanks,
Ralph- Zitierten Text ausblenden -- Zitierten Text anzeigen -- Zitierten Text ausblenden -- Zitierten Text anzeigen -
Click to expand...
Click to expand...
Click to expand...
 
Hi Ralph,

You may be able to do it using ADSI and COM interop but you may run into
other security issues. You need a reference to ActiveDs.dll (usually placed
in c:\windows\system32.dll). I wrote the following example for you:

ActiveDs.IADsAccessControlList dacl;
ActiveDs.IADsSecurityDescriptor sd;
ActiveDs.ADsSecurityUtility sdUtil = new
ActiveDs.ADsSecurityUtility();

sd = (ActiveDs.IADsSecurityDescriptor)
sdUtil.GetSecurityDescriptor(@"\\machinename\sharename", (int)
ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILESHARE, (int)
ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID);
dacl = (ActiveDs.IADsAccessControlList) sd.DiscretionaryAcl;

foreach (ActiveDs.IADsAccessControlEntry entry in dacl)
{
Console.WriteLine("AccessMask: {0}", entry.AccessMask);
Console.WriteLine("AceType: {0}", entry.AceType);
Console.WriteLine("AceFlags: {0}", entry.AceFlags);
Console.WriteLine("Trustee: {0}\n", entry.Trustee);
}

HTH, Jakob.

--
http://www.dotninjas.dk



Ralph said:
Yes, I get an UnauthorizedAccessException. Unfortunately I don't have
any influence on the remote computer in the network in my project. I
just get a shared folder, and I have to check the permissions I have
for this folder.

Hi Ralph,

Which error are you getting? Is it access denied?

Kind regards, Jakob.

--http://www.dotninjas.dk



Ralph said:
Hi Jakob,
Click to expand...
thanks again, for your code snippet. Unfortunately, this only works if
I want to check thepermissionsfor the local machine (the one I'm
working on as an administrator).
But I have to solve the following problem:
I have a folder, where I want to store a file and have to check the
access rights. If it's a shared folder, I have to check theshare
permissionsfor this folder, which is on a remote folder. In this
case, the scope.Connect method fails.
Can you help me again?


On 22 Jan., 09:50, Jakob Christensen
Hi Ralph,
Click to expand...
You can do this by using WMI. I wrote the following example for you. The
example lists all shares on a given computer including the users/groups that
are granted persmisssions to the shares. The "ace" object can also give you
information about the access rights (take a look at the Win32_ACE class of
WMI on MSDN).
Click to expand...
string machine = "YourMachine";
ConnectionOptions co = new ConnectionOptions();
co.Impersonation = ImpersonationLevel.Impersonate;
co.EnablePrivileges = true;
Click to expand...
ManagementScope scope = new ManagementScope("\\\\" + machine +
"\\root\\cimv2", co);
scope.Connect();
Click to expand...
ObjectQuery query = new ObjectQuery("SELECT * FROM
Win32_LogicalShareSecuritySetting");
Click to expand...
ManagementObjectSearcher searcher = new
ManagementObjectSearcher(scope, query);
Click to expand...
ManagementObjectCollection queryCollection = searcher.Get();
foreach (ManagementObject m in queryCollection)
{
string shareName = "\\\\" + machine + "\\" + m["Name"];
Console.WriteLine(shareName);
Click to expand...
InvokeMethodOptions options = new InvokeMethodOptions();
Click to expand...
ManagementBaseObject outParamsMthd =
m.InvokeMethod("GetSecurityDescriptor", null, options);
ManagementBaseObject descriptor =
outParamsMthd["Descriptor"] as ManagementBaseObject;
Click to expand...
ManagementBaseObject[] dacl = descriptor["DACL"] as
ManagementBaseObject[];
Click to expand...
foreach (ManagementBaseObject ace in dacl)
{
ManagementBaseObject trustee = ace["Trustee"] as
ManagementBaseObject;
string domain = (string) trustee["Domain"];
string name = (string)trustee["Name"];
Click to expand...
Console.WriteLine(domain + "\\" + name);
}
}
Click to expand...
HTH, Jakob.

:
Hi,
Click to expand...
how can I get the users or groups which are listed in the shared
permission of a shared folder?

Ralph- Zitierten Text ausblenden -- Zitierten Text anzeigen -- Zitierten Text ausblenden -- Zitierten Text anzeigen -
Click to expand...
Click to expand...
Click to expand...
 
Back
Top