FileSystemWatcher

[Guest]

I recently finished my project with building a filesystemwatcher service.
I'm now searching for a way to capture the username which triggered the file
action.

Is this an option in any way?

 

[Willy Denoyette [MVP]]

I recently finished my project with building a filesystemwatcher service.
I'm now searching for a way to capture the username which triggered the
file
action.

Is this an option in any way?

No it's not, the Operating System doesn't keep track of this.

Willy.

 

[Guest]

Okey. Is it a other solution for this?

No it's not, the Operating System doesn't keep track of this.

Willy.

 

[Ignacio Machin \( .NET/ C# MVP \)]

Hi,


No really, what if the folder was shared and the file was modified through
the network?

The best you could do is detect the user logged at the time.

cheers,

--
Ignacio Machin,
ignacio.machin AT dot.state.fl.us
Florida Department Of Transportation

 

[Willy Denoyette [MVP]]

Who says this is the user accessing/modifying the file?
The "File System" is the guy who is writing to disk not a "windows user".
User tokens are only validated at file open time bute they never travel down
the Filesystem driver stack. So it's impossible to know who's actually
writing to a file unless you install a Filesystem filter driver that keeps
track of the process that issued an IO command (IRP) and from this process
get the process SID , but what if the process is impersonating, or if a file
is written by two or more processes/users?

Willy.