Hi,

how can I get the users or groups which are listed in the shared
permission of a shared folder?

Thanks,

Ralph

Hi Jakob,

thanks again, for your code snippet. Unfortunately, this only works if
I want to check the permissions for the local machine (the one I'm
working on as an administrator).
But I have to solve the following problem:
I have a folder, where I want to store a file and have to check the
access rights. If it's a shared folder, I have to check the share
permissions for this folder, which is on a remote folder. In this
case, the scope.Connect method fails.
Can you help me again?

Thanks,

Ralph

On 22 Jan., 09:50, Jakob Christensen
<JakobChristen...@discussions.microsoft.com> wrote:
> Hi Ralph,
>
> You can do this by using WMI. I wrote the following example for you. The
> example lists all shares on a given computer including the users/groups that
> are granted persmisssions to the shares. The "ace" object can also give you
> information about the access rights (take a look at the Win32_ACE class of
> WMI on MSDN).
>
> string machine = "YourMachine";
> ConnectionOptions co = new ConnectionOptions();
> co.Impersonation = ImpersonationLevel.Impersonate;
> co.EnablePrivileges = true;
>
> ManagementScope scope = new ManagementScope("\\\\" + machine +
> "\\root\\cimv2", co);
> scope.Connect();
>
> ObjectQuery query = new ObjectQuery("SELECT * FROM
> Win32_LogicalShareSecuritySetting");
>
> ManagementObjectSearcher searcher = new
> ManagementObjectSearcher(scope, query);
>
> ManagementObjectCollection queryCollection = searcher.Get();
> foreach (ManagementObject m in queryCollection)
> {
> string shareName = "\\\\" + machine + "\\" + m["Name"];
> Console.WriteLine(shareName);
>
> InvokeMethodOptions options = new InvokeMethodOptions();
>
> ManagementBaseObject outParamsMthd =
> m.InvokeMethod("GetSecurityDescriptor", null, options);
> ManagementBaseObject descriptor =
> outParamsMthd["Descriptor"] as ManagementBaseObject;
>
> ManagementBaseObject[] dacl = descriptor["DACL"] as
> ManagementBaseObject[];
>
> foreach (ManagementBaseObject ace in dacl)
> {
> ManagementBaseObject trustee = ace["Trustee"] as
> ManagementBaseObject;
> string domain = (string) trustee["Domain"];
> string name = (string)trustee["Name"];
>
> Console.WriteLine(domain + "\\" + name);
> }
> }
>
> HTH, Jakob.
>
> --http://www.dotninjas.dk
>
>
>
> "Ralph" wrote:
> > Hi,
>
> > how can I get the users or groups which are listed in the shared
> > permission of a shared folder?
>
> > Thanks,
>
> > Ralph- Zitierten Text ausblenden -- Zitierten Text anzeigen -

Hi Ralph,

Which error are you getting? Is it access denied?

Kind regards, Jakob.

--
http://www.dotninjas.dk



"Ralph" wrote:

> Hi Jakob,
>
> thanks again, for your code snippet. Unfortunately, this only works if
> I want to check the permissions for the local machine (the one I'm
> working on as an administrator).
> But I have to solve the following problem:
> I have a folder, where I want to store a file and have to check the
> access rights. If it's a shared folder, I have to check the share
> permissions for this folder, which is on a remote folder. In this
> case, the scope.Connect method fails.
> Can you help me again?
>
> Thanks,
>
> Ralph
>
> On 22 Jan., 09:50, Jakob Christensen
> <JakobChristen...@discussions.microsoft.com> wrote:
> > Hi Ralph,
> >
> > You can do this by using WMI. I wrote the following example for you. The
> > example lists all shares on a given computer including the users/groups that
> > are granted persmisssions to the shares. The "ace" object can also give you
> > information about the access rights (take a look at the Win32_ACE class of
> > WMI on MSDN).
> >
> > string machine = "YourMachine";
> > ConnectionOptions co = new ConnectionOptions();
> > co.Impersonation = ImpersonationLevel.Impersonate;
> > co.EnablePrivileges = true;
> >
> > ManagementScope scope = new ManagementScope("\\\\" + machine +
> > "\\root\\cimv2", co);
> > scope.Connect();
> >
> > ObjectQuery query = new ObjectQuery("SELECT * FROM
> > Win32_LogicalShareSecuritySetting");
> >
> > ManagementObjectSearcher searcher = new
> > ManagementObjectSearcher(scope, query);
> >
> > ManagementObjectCollection queryCollection = searcher.Get();
> > foreach (ManagementObject m in queryCollection)
> > {
> > string shareName = "\\\\" + machine + "\\" + m["Name"];
> > Console.WriteLine(shareName);
> >
> > InvokeMethodOptions options = new InvokeMethodOptions();
> >
> > ManagementBaseObject outParamsMthd =
> > m.InvokeMethod("GetSecurityDescriptor", null, options);
> > ManagementBaseObject descriptor =
> > outParamsMthd["Descriptor"] as ManagementBaseObject;
> >
> > ManagementBaseObject[] dacl = descriptor["DACL"] as
> > ManagementBaseObject[];
> >
> > foreach (ManagementBaseObject ace in dacl)
> > {
> > ManagementBaseObject trustee = ace["Trustee"] as
> > ManagementBaseObject;
> > string domain = (string) trustee["Domain"];
> > string name = (string)trustee["Name"];
> >
> > Console.WriteLine(domain + "\\" + name);
> > }
> > }
> >
> > HTH, Jakob.
> >
> > --http://www.dotninjas.dk
> >
> >
> >
> > "Ralph" wrote:
> > > Hi,
> >
> > > how can I get the users or groups which are listed in the shared
> > > permission of a shared folder?
> >
> > > Thanks,
> >
> > > Ralph- Zitierten Text ausblenden -- Zitierten Text anzeigen -
>
>

Yes, I get an UnauthorizedAccessException. Unfortunately I don't have
any influence on the remote computer in the network in my project. I
just get a shared folder, and I have to check the permissions I have
for this folder.

On 30 Jan., 03:26, Jakob Christensen
<JakobChristen...@discussions.microsoft.com> wrote:
> Hi Ralph,
>
> Which error are you getting? Is it access denied?
>
> Kind regards, Jakob.
>
> --http://www.dotninjas.dk
>
>
>
> "Ralph" wrote:
> > Hi Jakob,
>
> > thanks again, for your code snippet. Unfortunately, this only works if
> > I want to check thepermissionsfor the local machine (the one I'm
> > working on as an administrator).
> > But I have to solve the following problem:
> > I have a folder, where I want to store a file and have to check the
> > access rights. If it's a shared folder, I have to check theshare
> >permissionsfor this folder, which is on a remote folder. In this
> > case, the scope.Connect method fails.
> > Can you help me again?
>
> > Thanks,
>
> > Ralph
>
> > On 22 Jan., 09:50, Jakob Christensen
> > <JakobChristen...@discussions.microsoft.com> wrote:
> > > Hi Ralph,
>
> > > You can do this by using WMI. I wrote the following example for you. The
> > > example lists all shares on a given computer including the users/groups that
> > > are granted persmisssions to the shares. The "ace" object can also give you
> > > information about the access rights (take a look at the Win32_ACE class of
> > > WMI on MSDN).
>
> > > string machine = "YourMachine";
> > > ConnectionOptions co = new ConnectionOptions();
> > > co.Impersonation = ImpersonationLevel.Impersonate;
> > > co.EnablePrivileges = true;
>
> > > ManagementScope scope = new ManagementScope("\\\\" + machine +
> > > "\\root\\cimv2", co);
> > > scope.Connect();
>
> > > ObjectQuery query = new ObjectQuery("SELECT * FROM
> > > Win32_LogicalShareSecuritySetting");
>
> > > ManagementObjectSearcher searcher = new
> > > ManagementObjectSearcher(scope, query);
>
> > > ManagementObjectCollection queryCollection = searcher.Get();
> > > foreach (ManagementObject m in queryCollection)
> > > {
> > > string shareName = "\\\\" + machine + "\\" + m["Name"];
> > > Console.WriteLine(shareName);
>
> > > InvokeMethodOptions options = new InvokeMethodOptions();
>
> > > ManagementBaseObject outParamsMthd =
> > > m.InvokeMethod("GetSecurityDescriptor", null, options);
> > > ManagementBaseObject descriptor =
> > > outParamsMthd["Descriptor"] as ManagementBaseObject;
>
> > > ManagementBaseObject[] dacl = descriptor["DACL"] as
> > > ManagementBaseObject[];
>
> > > foreach (ManagementBaseObject ace in dacl)
> > > {
> > > ManagementBaseObject trustee = ace["Trustee"] as
> > > ManagementBaseObject;
> > > string domain = (string) trustee["Domain"];
> > > string name = (string)trustee["Name"];
>
> > > Console.WriteLine(domain + "\\" + name);
> > > }
> > > }
>
> > > HTH, Jakob.
>
> > > --http://www.dotninjas.dk
>
> > > "Ralph" wrote:
> > > > Hi,
>
> > > > how can I get the users or groups which are listed in the shared
> > > > permission of a shared folder?
>
> > > > Thanks,
>
> > > > Ralph- Zitierten Text ausblenden -- Zitierten Text anzeigen -- Zitierten Text ausblenden -- Zitierten Text anzeigen -

Hi Ralph,

You may be able to do it using ADSI and COM interop but you may run into
other security issues. You need a reference to ActiveDs.dll (usually placed
in c:\windows\system32.dll). I wrote the following example for you:

ActiveDs.IADsAccessControlList dacl;
ActiveDs.IADsSecurityDescriptor sd;
ActiveDs.ADsSecurityUtility sdUtil = new
ActiveDs.ADsSecurityUtility();

sd = (ActiveDs.IADsSecurityDescriptor)
sdUtil.GetSecurityDescriptor(@"\\machinename\sharename", (int)
ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILESHARE, (int)
ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID);
dacl = (ActiveDs.IADsAccessControlList) sd.DiscretionaryAcl;

foreach (ActiveDs.IADsAccessControlEntry entry in dacl)
{
Console.WriteLine("AccessMask: {0}", entry.AccessMask);
Console.WriteLine("AceType: {0}", entry.AceType);
Console.WriteLine("AceFlags: {0}", entry.AceFlags);
Console.WriteLine("Trustee: {0}\n", entry.Trustee);
}

HTH, Jakob.

--
http://www.dotninjas.dk



"Ralph" wrote:

> Yes, I get an UnauthorizedAccessException. Unfortunately I don't have
> any influence on the remote computer in the network in my project. I
> just get a shared folder, and I have to check the permissions I have
> for this folder.
>
> On 30 Jan., 03:26, Jakob Christensen
> <JakobChristen...@discussions.microsoft.com> wrote:
> > Hi Ralph,
> >
> > Which error are you getting? Is it access denied?
> >
> > Kind regards, Jakob.
> >
> > --http://www.dotninjas.dk
> >
> >
> >
> > "Ralph" wrote:
> > > Hi Jakob,
> >
> > > thanks again, for your code snippet. Unfortunately, this only works if
> > > I want to check thepermissionsfor the local machine (the one I'm
> > > working on as an administrator).
> > > But I have to solve the following problem:
> > > I have a folder, where I want to store a file and have to check the
> > > access rights. If it's a shared folder, I have to check theshare
> > >permissionsfor this folder, which is on a remote folder. In this
> > > case, the scope.Connect method fails.
> > > Can you help me again?
> >
> > > Thanks,
> >
> > > Ralph
> >
> > > On 22 Jan., 09:50, Jakob Christensen
> > > <JakobChristen...@discussions.microsoft.com> wrote:
> > > > Hi Ralph,
> >
> > > > You can do this by using WMI. I wrote the following example for you. The
> > > > example lists all shares on a given computer including the users/groups that
> > > > are granted persmisssions to the shares. The "ace" object can also give you
> > > > information about the access rights (take a look at the Win32_ACE class of
> > > > WMI on MSDN).
> >
> > > > string machine = "YourMachine";
> > > > ConnectionOptions co = new ConnectionOptions();
> > > > co.Impersonation = ImpersonationLevel.Impersonate;
> > > > co.EnablePrivileges = true;
> >
> > > > ManagementScope scope = new ManagementScope("\\\\" + machine +
> > > > "\\root\\cimv2", co);
> > > > scope.Connect();
> >
> > > > ObjectQuery query = new ObjectQuery("SELECT * FROM
> > > > Win32_LogicalShareSecuritySetting");
> >
> > > > ManagementObjectSearcher searcher = new
> > > > ManagementObjectSearcher(scope, query);
> >
> > > > ManagementObjectCollection queryCollection = searcher.Get();
> > > > foreach (ManagementObject m in queryCollection)
> > > > {
> > > > string shareName = "\\\\" + machine + "\\" + m["Name"];
> > > > Console.WriteLine(shareName);
> >
> > > > InvokeMethodOptions options = new InvokeMethodOptions();
> >
> > > > ManagementBaseObject outParamsMthd =
> > > > m.InvokeMethod("GetSecurityDescriptor", null, options);
> > > > ManagementBaseObject descriptor =
> > > > outParamsMthd["Descriptor"] as ManagementBaseObject;
> >
> > > > ManagementBaseObject[] dacl = descriptor["DACL"] as
> > > > ManagementBaseObject[];
> >
> > > > foreach (ManagementBaseObject ace in dacl)
> > > > {
> > > > ManagementBaseObject trustee = ace["Trustee"] as
> > > > ManagementBaseObject;
> > > > string domain = (string) trustee["Domain"];
> > > > string name = (string)trustee["Name"];
> >
> > > > Console.WriteLine(domain + "\\" + name);
> > > > }
> > > > }
> >
> > > > HTH, Jakob.
> >
> > > > --http://www.dotninjas.dk
> >
> > > > "Ralph" wrote:
> > > > > Hi,
> >
> > > > > how can I get the users or groups which are listed in the shared
> > > > > permission of a shared folder?
> >
> > > > > Thanks,
> >
> > > > > Ralph- Zitierten Text ausblenden -- Zitierten Text anzeigen -- Zitierten Text ausblenden -- Zitierten Text anzeigen -
>
>