PC Review Forums Newsgroups Microsoft DotNet Microsoft Dot NET get share permissions

Reply

get share permissions
 
Thread Tools Rate Thread
Old 19-01-2007, 09:21 PM   #1
Ralph
Guest
 
Posts: n/a
Default get share permissions


Hi,

how can I get the users or groups which are listed in the shared
permission of a shared folder?

Thanks,

Ralph
  Reply With Quote
Old 29-01-2007, 04:32 PM   #2
Ralph
Guest
 
Posts: n/a
Default Re: get share permissions
Hi Jakob,

thanks again, for your code snippet. Unfortunately, this only works if
I want to check the permissions for the local machine (the one I'm
working on as an administrator).
But I have to solve the following problem:
I have a folder, where I want to store a file and have to check the
access rights. If it's a shared folder, I have to check the share
permissions for this folder, which is on a remote folder. In this
case, the scope.Connect method fails.
Can you help me again?

Thanks,

Ralph

On 22 Jan., 09:50, Jakob Christensen
<JakobChristen...@discussions.microsoft.com> wrote:
> Hi Ralph,
>
> You can do this by using WMI. I wrote the following example for you. The
> example lists all shares on a given computer including the users/groups that
> are granted persmisssions to the shares. The "ace" object can also give you
> information about the access rights (take a look at the Win32_ACE class of
> WMI on MSDN).
>
> string machine = "YourMachine";
> ConnectionOptions co = new ConnectionOptions();
> co.Impersonation = ImpersonationLevel.Impersonate;
> co.EnablePrivileges = true;
>
> ManagementScope scope = new ManagementScope("\\\\" + machine +
> "\\root\\cimv2", co);
> scope.Connect();
>
> ObjectQuery query = new ObjectQuery("SELECT * FROM
> Win32_LogicalShareSecuritySetting");
>
> ManagementObjectSearcher searcher = new
> ManagementObjectSearcher(scope, query);
>
> ManagementObjectCollection queryCollection = searcher.Get();
> foreach (ManagementObject m in queryCollection)
> {
> string shareName = "\\\\" + machine + "\\" + m["Name"];
> Console.WriteLine(shareName);
>
> InvokeMethodOptions options = new InvokeMethodOptions();
>
> ManagementBaseObject outParamsMthd =
> m.InvokeMethod("GetSecurityDescriptor", null, options);
> ManagementBaseObject descriptor =
> outParamsMthd["Descriptor"] as ManagementBaseObject;
>
> ManagementBaseObject[] dacl = descriptor["DACL"] as
> ManagementBaseObject[];
>
> foreach (ManagementBaseObject ace in dacl)
> {
> ManagementBaseObject trustee = ace["Trustee"] as
> ManagementBaseObject;
> string domain = (string) trustee["Domain"];
> string name = (string)trustee["Name"];
>
> Console.WriteLine(domain + "\\" + name);
> }
> }
>
> HTH, Jakob.
>
> --http://www.dotninjas.dk
>
>
>
> "Ralph" wrote:
> > Hi,
>
> > how can I get the users or groups which are listed in the shared
> > permission of a shared folder?
>
> > Thanks,
>
> > Ralph- Zitierten Text ausblenden -- Zitierten Text anzeigen -
  Reply With Quote
Old 30-01-2007, 09:26 AM   #3
=?Utf-8?B?SmFrb2IgQ2hyaXN0ZW5zZW4=?=
Guest
 
Posts: n/a
Default Re: get share permissions
Hi Ralph,

Which error are you getting? Is it access denied?

Kind regards, Jakob.

--
http://www.dotninjas.dk



"Ralph" wrote:

> Hi Jakob,
>
> thanks again, for your code snippet. Unfortunately, this only works if
> I want to check the permissions for the local machine (the one I'm
> working on as an administrator).
> But I have to solve the following problem:
> I have a folder, where I want to store a file and have to check the
> access rights. If it's a shared folder, I have to check the share
> permissions for this folder, which is on a remote folder. In this
> case, the scope.Connect method fails.
> Can you help me again?
>
> Thanks,
>
> Ralph
>
> On 22 Jan., 09:50, Jakob Christensen
> <JakobChristen...@discussions.microsoft.com> wrote:
> > Hi Ralph,
> >
> > You can do this by using WMI. I wrote the following example for you. The
> > example lists all shares on a given computer including the users/groups that
> > are granted persmisssions to the shares. The "ace" object can also give you
> > information about the access rights (take a look at the Win32_ACE class of
> > WMI on MSDN).
> >
> > string machine = "YourMachine";
> > ConnectionOptions co = new ConnectionOptions();
> > co.Impersonation = ImpersonationLevel.Impersonate;
> > co.EnablePrivileges = true;
> >
> > ManagementScope scope = new ManagementScope("\\\\" + machine +
> > "\\root\\cimv2", co);
> > scope.Connect();
> >
> > ObjectQuery query = new ObjectQuery("SELECT * FROM
> > Win32_LogicalShareSecuritySetting");
> >
> > ManagementObjectSearcher searcher = new
> > ManagementObjectSearcher(scope, query);
> >
> > ManagementObjectCollection queryCollection = searcher.Get();
> > foreach (ManagementObject m in queryCollection)
> > {
> > string shareName = "\\\\" + machine + "\\" + m["Name"];
> > Console.WriteLine(shareName);
> >
> > InvokeMethodOptions options = new InvokeMethodOptions();
> >
> > ManagementBaseObject outParamsMthd =
> > m.InvokeMethod("GetSecurityDescriptor", null, options);
> > ManagementBaseObject descriptor =
> > outParamsMthd["Descriptor"] as ManagementBaseObject;
> >
> > ManagementBaseObject[] dacl = descriptor["DACL"] as
> > ManagementBaseObject[];
> >
> > foreach (ManagementBaseObject ace in dacl)
> > {
> > ManagementBaseObject trustee = ace["Trustee"] as
> > ManagementBaseObject;
> > string domain = (string) trustee["Domain"];
> > string name = (string)trustee["Name"];
> >
> > Console.WriteLine(domain + "\\" + name);
> > }
> > }
> >
> > HTH, Jakob.
> >
> > --http://www.dotninjas.dk
> >
> >
> >
> > "Ralph" wrote:
> > > Hi,
> >
> > > how can I get the users or groups which are listed in the shared
> > > permission of a shared folder?
> >
> > > Thanks,
> >
> > > Ralph- Zitierten Text ausblenden -- Zitierten Text anzeigen -
>
>
  Reply With Quote
Old 30-01-2007, 03:05 PM   #4
Ralph
Guest
 
Posts: n/a
Default Re: get share permissions
Yes, I get an UnauthorizedAccessException. Unfortunately I don't have
any influence on the remote computer in the network in my project. I
just get a shared folder, and I have to check the permissions I have
for this folder.

On 30 Jan., 03:26, Jakob Christensen
<JakobChristen...@discussions.microsoft.com> wrote:
> Hi Ralph,
>
> Which error are you getting? Is it access denied?
>
> Kind regards, Jakob.
>
> --http://www.dotninjas.dk
>
>
>
> "Ralph" wrote:
> > Hi Jakob,
>
> > thanks again, for your code snippet. Unfortunately, this only works if
> > I want to check thepermissionsfor the local machine (the one I'm
> > working on as an administrator).
> > But I have to solve the following problem:
> > I have a folder, where I want to store a file and have to check the
> > access rights. If it's a shared folder, I have to check theshare
> >permissionsfor this folder, which is on a remote folder. In this
> > case, the scope.Connect method fails.
> > Can you help me again?
>
> > Thanks,
>
> > Ralph
>
> > On 22 Jan., 09:50, Jakob Christensen
> > <JakobChristen...@discussions.microsoft.com> wrote:
> > > Hi Ralph,
>
> > > You can do this by using WMI. I wrote the following example for you. The
> > > example lists all shares on a given computer including the users/groups that
> > > are granted persmisssions to the shares. The "ace" object can also give you
> > > information about the access rights (take a look at the Win32_ACE class of
> > > WMI on MSDN).
>
> > > string machine = "YourMachine";
> > > ConnectionOptions co = new ConnectionOptions();
> > > co.Impersonation = ImpersonationLevel.Impersonate;
> > > co.EnablePrivileges = true;
>
> > > ManagementScope scope = new ManagementScope("\\\\" + machine +
> > > "\\root\\cimv2", co);
> > > scope.Connect();
>
> > > ObjectQuery query = new ObjectQuery("SELECT * FROM
> > > Win32_LogicalShareSecuritySetting");
>
> > > ManagementObjectSearcher searcher = new
> > > ManagementObjectSearcher(scope, query);
>
> > > ManagementObjectCollection queryCollection = searcher.Get();
> > > foreach (ManagementObject m in queryCollection)
> > > {
> > > string shareName = "\\\\" + machine + "\\" + m["Name"];
> > > Console.WriteLine(shareName);
>
> > > InvokeMethodOptions options = new InvokeMethodOptions();
>
> > > ManagementBaseObject outParamsMthd =
> > > m.InvokeMethod("GetSecurityDescriptor", null, options);
> > > ManagementBaseObject descriptor =
> > > outParamsMthd["Descriptor"] as ManagementBaseObject;
>
> > > ManagementBaseObject[] dacl = descriptor["DACL"] as
> > > ManagementBaseObject[];
>
> > > foreach (ManagementBaseObject ace in dacl)
> > > {
> > > ManagementBaseObject trustee = ace["Trustee"] as
> > > ManagementBaseObject;
> > > string domain = (string) trustee["Domain"];
> > > string name = (string)trustee["Name"];
>
> > > Console.WriteLine(domain + "\\" + name);
> > > }
> > > }
>
> > > HTH, Jakob.
>
> > > --http://www.dotninjas.dk
>
> > > "Ralph" wrote:
> > > > Hi,
>
> > > > how can I get the users or groups which are listed in the shared
> > > > permission of a shared folder?
>
> > > > Thanks,
>
> > > > Ralph- Zitierten Text ausblenden -- Zitierten Text anzeigen -- Zitierten Text ausblenden -- Zitierten Text anzeigen -
  Reply With Quote
Old 31-01-2007, 09:23 AM   #5
=?Utf-8?B?SmFrb2IgQ2hyaXN0ZW5zZW4=?=
Guest
 
Posts: n/a
Default Re: get share permissions
Hi Ralph,

You may be able to do it using ADSI and COM interop but you may run into
other security issues. You need a reference to ActiveDs.dll (usually placed
in c:\windows\system32.dll). I wrote the following example for you:

ActiveDs.IADsAccessControlList dacl;
ActiveDs.IADsSecurityDescriptor sd;
ActiveDs.ADsSecurityUtility sdUtil = new
ActiveDs.ADsSecurityUtility();

sd = (ActiveDs.IADsSecurityDescriptor)
sdUtil.GetSecurityDescriptor(@"\\machinename\sharename", (int)
ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILESHARE, (int)
ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID);
dacl = (ActiveDs.IADsAccessControlList) sd.DiscretionaryAcl;

foreach (ActiveDs.IADsAccessControlEntry entry in dacl)
{
Console.WriteLine("AccessMask: {0}", entry.AccessMask);
Console.WriteLine("AceType: {0}", entry.AceType);
Console.WriteLine("AceFlags: {0}", entry.AceFlags);
Console.WriteLine("Trustee: {0}\n", entry.Trustee);
}

HTH, Jakob.

--
http://www.dotninjas.dk



"Ralph" wrote:

> Yes, I get an UnauthorizedAccessException. Unfortunately I don't have
> any influence on the remote computer in the network in my project. I
> just get a shared folder, and I have to check the permissions I have
> for this folder.
>
> On 30 Jan., 03:26, Jakob Christensen
> <JakobChristen...@discussions.microsoft.com> wrote:
> > Hi Ralph,
> >
> > Which error are you getting? Is it access denied?
> >
> > Kind regards, Jakob.
> >
> > --http://www.dotninjas.dk
> >
> >
> >
> > "Ralph" wrote:
> > > Hi Jakob,
> >
> > > thanks again, for your code snippet. Unfortunately, this only works if
> > > I want to check thepermissionsfor the local machine (the one I'm
> > > working on as an administrator).
> > > But I have to solve the following problem:
> > > I have a folder, where I want to store a file and have to check the
> > > access rights. If it's a shared folder, I have to check theshare
> > >permissionsfor this folder, which is on a remote folder. In this
> > > case, the scope.Connect method fails.
> > > Can you help me again?
> >
> > > Thanks,
> >
> > > Ralph
> >
> > > On 22 Jan., 09:50, Jakob Christensen
> > > <JakobChristen...@discussions.microsoft.com> wrote:
> > > > Hi Ralph,
> >
> > > > You can do this by using WMI. I wrote the following example for you. The
> > > > example lists all shares on a given computer including the users/groups that
> > > > are granted persmisssions to the shares. The "ace" object can also give you
> > > > information about the access rights (take a look at the Win32_ACE class of
> > > > WMI on MSDN).
> >
> > > > string machine = "YourMachine";
> > > > ConnectionOptions co = new ConnectionOptions();
> > > > co.Impersonation = ImpersonationLevel.Impersonate;
> > > > co.EnablePrivileges = true;
> >
> > > > ManagementScope scope = new ManagementScope("\\\\" + machine +
> > > > "\\root\\cimv2", co);
> > > > scope.Connect();
> >
> > > > ObjectQuery query = new ObjectQuery("SELECT * FROM
> > > > Win32_LogicalShareSecuritySetting");
> >
> > > > ManagementObjectSearcher searcher = new
> > > > ManagementObjectSearcher(scope, query);
> >
> > > > ManagementObjectCollection queryCollection = searcher.Get();
> > > > foreach (ManagementObject m in queryCollection)
> > > > {
> > > > string shareName = "\\\\" + machine + "\\" + m["Name"];
> > > > Console.WriteLine(shareName);
> >
> > > > InvokeMethodOptions options = new InvokeMethodOptions();
> >
> > > > ManagementBaseObject outParamsMthd =
> > > > m.InvokeMethod("GetSecurityDescriptor", null, options);
> > > > ManagementBaseObject descriptor =
> > > > outParamsMthd["Descriptor"] as ManagementBaseObject;
> >
> > > > ManagementBaseObject[] dacl = descriptor["DACL"] as
> > > > ManagementBaseObject[];
> >
> > > > foreach (ManagementBaseObject ace in dacl)
> > > > {
> > > > ManagementBaseObject trustee = ace["Trustee"] as
> > > > ManagementBaseObject;
> > > > string domain = (string) trustee["Domain"];
> > > > string name = (string)trustee["Name"];
> >
> > > > Console.WriteLine(domain + "\\" + name);
> > > > }
> > > > }
> >
> > > > HTH, Jakob.
> >
> > > > --http://www.dotninjas.dk
> >
> > > > "Ralph" wrote:
> > > > > Hi,
> >
> > > > > how can I get the users or groups which are listed in the shared
> > > > > permission of a shared folder?
> >
> > > > > Thanks,
> >
> > > > > Ralph- Zitierten Text ausblenden -- Zitierten Text anzeigen -- Zitierten Text ausblenden -- Zitierten Text anzeigen -
>
>
  Reply With Quote
Reply

Archive


Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off