Getting a file's owner? Can't be done!

[Tim Bedford]

I don't believe its possible to get the name of a file's owner. Prove me
wrong!
All day long I've been trying to get GetSecurityDescriptorOwner and
LookupAccountSid to work. I can get the group of which the owner is a member
but that's all. A thorough search of newsgroup suggests that no-one else can
do it either. If you have some C code that actually works I'd be very
grateful for it but I'm not holding out much hope.
(Windows 2000 by the way)
thanks

Tim

 

[Tim Bedford]

Yes I can do that too. I meant to determine it using the API calls.

Tim

I can see the owner of most files on an NTFS partition by right clicking on
the file and selecting properties, Security, Advanced, Owner. If your
partition is not NTFS formatted, there probably wont' be an owner ever.
What exactly are you seeing in the Owner field?

You might get some use out of enabling windows file auditing. If so, be
careful about enabling too much auditing and filling up your security event
logs:

http://securityadmin.info/faq.htm#auditing

I don't believe its possible to get the name of a file's owner. Prove me
wrong!
All day long I've been trying to get GetSecurityDescriptorOwner and
LookupAccountSid to work. I can get the group of which the owner is a member
but that's all. A thorough search of newsgroup suggests that no-one else can
do it either. If you have some C code that actually works I'd be very
grateful for it but I'm not holding out much hope.
(Windows 2000 by the way)
thanks

Tim

 

[Tim Bedford]

Thanks Lisa,
I tried that but still get: "Account owner = Administrators".

Tim

 

[Hindy]

Tim, try it with a non-admin user account. I can vaguely
recall something about if a user who is a member of the
administrators group creates or takes ownership of a
resource, it will assign the Administrators group as the
owner.

 

[Karl Levinson [x y] mvp]

I"m not so sure about that. The GUI tells you the same thing, I believe...
I think it's a matter of how the security descriptor is being written, not
in how the API works. I think the API is accurately telling you what it's
seeing in the file properties.

 

[Tim Bedford]

Well maybe but wouldn't you agree that, in those circumstances,
GetSecurityDescriptorOwner does not let you identify the owner.
I've now got another question but think I'll do a new posting for it.
thanks

Tim

I"m not so sure about that. The GUI tells you the same thing, I believe...
I think it's a matter of how the security descriptor is being written, not
in how the API works. I think the API is accurately telling you what it's
seeing in the file properties.

Hindy,
Thanks, yes you're right, that is the case (why should it behave differently
for Administrators? Surely that means the calls no longer do what they
claim).

 

[Karl Levinson [x y] mvp]

Yes, my objection was definitely a quibble about semantics that doesn't help
you much. The system as a whole is definitely not behaving the way you
hoped it would, no matter which component is actually at fault. But, I
guess my point was that I think this is the system working as designed
before the API even gets involved, so there may not be a solution for you,
not even by bypassing or finessing the API.

Well maybe but wouldn't you agree that, in those circumstances,
GetSecurityDescriptorOwner does not let you identify the owner.
I've now got another question but think I'll do a new posting for it.
thanks

Tim

I"m not so sure about that. The GUI tells you the same thing, I believe...
I think it's a matter of how the security descriptor is being written, not
in how the API works. I think the API is accurately telling you what it's
seeing in the file properties.

Hindy,
Thanks, yes you're right, that is the case (why should it behave differently
for Administrators? Surely that means the calls no longer do what they
claim).