Get Windows Group Name

  • Thread starter Thread starter Simon Niederberger
  • Start date Start date
S

Simon Niederberger

Hi

I need to create a MessageQueue in my C# service (running as SYSTEM). Users
will have no permissions on this queue, so I can't look if messages are
present. When setting MessageQueue.SetPermissions, I have the problem of
knowing the Windows Group Name. I'd like to set Full Control to either Users
or Everyone (doesn't really matter), but the service might run under English
(Users, Everyone) or German Windows (Benutzer, Jeder). On a German Windows,
SetPermissions failes with "Everyone" and succeeds with "Jeder".
How can I get the locale-specific name of a role, say "Users"?

Or is there a much easier way to set Full Control Permissions on a
MessageQueue for Everyone?

Thanks a lot
Simon
 
Can you p/invoke the LookupAccountName API, passing in the SID of the group
you want to use? Everyone and Authenticated Users are both well-known SID
values that don't change, so that might be a good way to get the localized
version.

It is too bad that the .NET MQ API won't take a SID directly as then you
would not have this problem.

Joe K.
 
Great, got that to work. However, now my assembly has an Win32API call, so
for deployment, I need full trust on the client. I found that I should add a
custom action in the setup project, but apart from that, I'm stumped.

Can you direct me to a step-by-step guide on how to make my assembly being
distributed with a Setup Project be fully trusted on the client?
(Essentially run the .NET framework 1.1 Wizard "Trust assembly" as custom
action). I'm using VS 2003.


Thanks a lot
Simon
 
I thought you needed full trust to call into System.Messaging anyway since
it doesn't have the AllowPartiallyTrustedCallersAttribute. If your code is
being installed to the local machine, you will have full trust by default
anyway, so that probably isn't an issue. Are you actually get security
exceptions?

If you really feel like you need to change security policy, I'd suggest
starting a new thread as Nicole is much better at that stuff than me and can
provide you with more guidance.

Joe K.
 
No Joe, you're absolutely right. That was an apparent newbie question. I was
testing my test.exe from a network share, which doesn't reflect the final
setup. If I move the exe to a local drive, everything is great.

So my final solution is:
Use code from http://www.codeproject.com/csharp/SidTranslator.asp
Install application locally (was gonna do that anyway)
Use SID S-1-1-0 for group "Everyone"

Thanks a lot, Joe
Simon
 
Back
Top