New User Account.

  • Thread starter Thread starter Marcelo López
  • Start date Start date
M

Marcelo López

I need to create a folder in the file system owned by an special user
created by my application. The idea is that only my app will have
permissions to delete and create files on that folder.
My app is a redistribuitable one, so i need to create the user and give
permissions to my app to that folder programatically.

My questions are:
1) Using c# how can i create a new user account
2) How can i asign permissions to a folder to the new user
3) how can i start my app using this new user ?

Regards,

Marcelo.
 
Marcelo,

I have to say, this generally is a bad idea. You should never, ever
take away the right from a user to do what they wish to their machine. What
happens if your app does something wrong, and writes a file to the directory
that needs to be removed for some reason or another? The user wouldn't be
able to fix it at all, since they wouldn't have the rights to remove the
folder and/or the files. You are making the assumption that your code will
be perfect, and also neglecting other factors that could affect your program
(what if the power goes out while writing one of these files, and it becomes
corrupt, for example).

Also, in order to do this all, if the user is on a network and not an
administrator, then more likely than not, they are not going to have the
rights to do this sort of thing.

That being said, to create a new user account, you will have to call the
NetUserAdd function in the Netapi32 dll through the P/Invoke layer. To
assign permissions to a folder for the new user, check out knowledge base
article 318744, titled "HOWTO: Use Visual Basic to Programmatically Change
Ownership of a File or Folder", located at (watch for line wrap):

http://support.microsoft.com/default.aspx?scid=kb;en-us;318744

As for starting your app using this new user, check out the
documentation for the Impersonate method on the WindowsIdentity class.

Hope this helps.
 
Ok, Nicholas, what you say sounds reasonable. Thanks for your answer.

So that, What would you do in my case if you had to prevent others to modify
the files in a special folder for your app ?. I'm developing a windows
explorer like application. I have a repository in which I store the files
and I don't want anybody else could delete or rename, move, etc. the files
'cause my repository could become inconsistent.

I'd tried using a file watcher, but restoring information in the bd was too
complicated because it was difficult to manage the watcher 's event queue to
exactly know which operation the user had done. Because for example a file
move throw really 4 events: change-deleted-change-created.

What would you do recomend in my case to do ?

I'm developing a career project and I have to finish to January 30, so I
don't have lot time !!

Thanks !!

Marcelo.

Nicholas Paldino said:
Marcelo,

I have to say, this generally is a bad idea. You should never, ever
take away the right from a user to do what they wish to their machine. What
happens if your app does something wrong, and writes a file to the directory
that needs to be removed for some reason or another? The user wouldn't be
able to fix it at all, since they wouldn't have the rights to remove the
folder and/or the files. You are making the assumption that your code will
be perfect, and also neglecting other factors that could affect your program
(what if the power goes out while writing one of these files, and it becomes
corrupt, for example).

Also, in order to do this all, if the user is on a network and not an
administrator, then more likely than not, they are not going to have the
rights to do this sort of thing.

That being said, to create a new user account, you will have to call the
NetUserAdd function in the Netapi32 dll through the P/Invoke layer. To
assign permissions to a folder for the new user, check out knowledge base
article 318744, titled "HOWTO: Use Visual Basic to Programmatically Change
Ownership of a File or Folder", located at (watch for line wrap):

http://support.microsoft.com/default.aspx?scid=kb;en-us;318744

As for starting your app using this new user, check out the
documentation for the Impersonate method on the WindowsIdentity class.

Hope this helps.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)


Marcelo López said:
I need to create a folder in the file system owned by an special user
created by my application. The idea is that only my app will have
permissions to delete and create files on that folder.
My app is a redistribuitable one, so i need to create the user and give
permissions to my app to that folder programatically.

My questions are:
1) Using c# how can i create a new user account
2) How can i asign permissions to a folder to the new user
3) how can i start my app using this new user ?

Regards,

Marcelo.
Click to expand...
Click to expand...
 
Don't use C# for this, Learn to use the command line tools.
1) issue a net user command to check user exists, if not create the user
something like:
@Echo Off
Net User MarceloL >NUL: 2>&1
if ERRORLEVEL 1 goto noSuchUser
goto exists
:noSuchUser
net user MarceloL somePassword /add fullname:"Marcelo López")
:exists
...
2) issue a cacls command to set the folder permissions
3) start your program commandline using the "runas" command.
Put this all nicely in a cmd file, and done.

Willy.
 
Marcelo,

I think that basically, you should have your directory (create it where
you know you can find it), but do not put permissions on it. Rather, have
extensible error handling which would detect when the files are not as they
should be.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Marcelo López said:
Ok, Nicholas, what you say sounds reasonable. Thanks for your answer.

So that, What would you do in my case if you had to prevent others to modify
the files in a special folder for your app ?. I'm developing a windows
explorer like application. I have a repository in which I store the files
and I don't want anybody else could delete or rename, move, etc. the files
'cause my repository could become inconsistent.

I'd tried using a file watcher, but restoring information in the bd was too
complicated because it was difficult to manage the watcher 's event queue to
exactly know which operation the user had done. Because for example a file
move throw really 4 events: change-deleted-change-created.

What would you do recomend in my case to do ?

I'm developing a career project and I have to finish to January 30, so I
don't have lot time !!

Thanks !!

Marcelo.

message news:#[email protected]...
Marcelo,

I have to say, this generally is a bad idea. You should never, ever
take away the right from a user to do what they wish to their machine. What
happens if your app does something wrong, and writes a file to the directory
that needs to be removed for some reason or another? The user wouldn't be
able to fix it at all, since they wouldn't have the rights to remove the
folder and/or the files. You are making the assumption that your code will
be perfect, and also neglecting other factors that could affect your program
(what if the power goes out while writing one of these files, and it becomes
corrupt, for example).

Also, in order to do this all, if the user is on a network and not an
administrator, then more likely than not, they are not going to have the
rights to do this sort of thing.

That being said, to create a new user account, you will have to call the
NetUserAdd function in the Netapi32 dll through the P/Invoke layer. To
assign permissions to a folder for the new user, check out knowledge base
article 318744, titled "HOWTO: Use Visual Basic to Programmatically Change
Ownership of a File or Folder", located at (watch for line wrap):

http://support.microsoft.com/default.aspx?scid=kb;en-us;318744

As for starting your app using this new user, check out the
documentation for the Impersonate method on the WindowsIdentity class.

Hope this helps.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)


Marcelo López said:
I need to create a folder in the file system owned by an special user
created by my application. The idea is that only my app will have
permissions to delete and create files on that folder.
My app is a redistribuitable one, so i need to create the user and give
permissions to my app to that folder programatically.

My questions are:
1) Using c# how can i create a new user account
2) How can i asign permissions to a folder to the new user
3) how can i start my app using this new user ?

Regards,

Marcelo.
Click to expand...
Click to expand...
Click to expand...
 
Ok, Thanks , i'll try this way.

Where can i find more about using the command tools to create users ?

Regards
Marcelo
 
From the command prompt type:
net help command
or net command /help
available commands can be viewed with net help

ex. net help user shows all options available for net user

Willy.
 
Ok, very good.
I just only need to assign permissions to my folder...but i don't know how
to do that.. How can i do that ?

Thanks again !
Marcelo
 
Willy, hi.

I did what you recomended to me and it works !
But i found a little problem:

The user i had created for my app is on the select list at the windows start
up !!
So the windows user can see it in the select user list and althought he
can't log in because he doesn't know the pass, and i don't want that he
could see the user at the start up.
I saw that other "limited" users like SQLAgent, doesn`t appears at the start
up (wich is logic), so, my question is:

How can i hide the user from the windows start up ??

Regards and thanks !
Marcelo
 
Marcelo said:
Ok, Nicholas, what you say sounds reasonable. Thanks for your answer.

So that, What would you do in my case if you had to prevent others to modify
the files in a special folder for your app ?. I'm developing a windows
explorer like application. I have a repository in which I store the files
and I don't want anybody else could delete or rename, move, etc. the files
'cause my repository could become inconsistent.
Click to expand...


Hello -

Have a look at 'IsolatedStorageFile Class' here: http://tinyurl.com/3694z.
It isn't *exactly* what you are looking for, sorry.

From the MSDN Remarks:

Remarks
This object corresponds to a specific isolated storage scope, where files
represented by IsolatedStorageFileStream objects exist. Applications can use
isolated storage to save data in their own isolated portion of the file
system, without having to specify a particular path within the file system.
Since isolated stores are scoped to particular assemblies, most other
managed code will not be able to access your code's data (highly trusted
managed code and administration tools can access stores from other
assemblies). Unmanaged code can access any isolated stores.

The last bit also includes users *but* the portion of the filesystem they
speak of is buried under ~/Application Data/ which I believe is hidden by
default.

Good luck.
 
Back
Top