Get Windows Group Name

S

Simon Niederberger

Hi

I need to create a MessageQueue in my C# service (running as SYSTEM). Users
will have no permissions on this queue, so I can't look if messages are
present. When setting MessageQueue.SetPermissions, I have the problem of
knowing the Windows Group Name. I'd like to set Full Control to either Users
or Everyone (doesn't really matter), but the service might run under English
(Users, Everyone) or German Windows (Benutzer, Jeder). On a German Windows,
SetPermissions failes with "Everyone" and succeeds with "Jeder".
How can I get the locale-specific name of a role, say "Users"?

Or is there a much easier way to set Full Control Permissions on a
MessageQueue for Everyone?

Thanks a lot
Simon
 
J

Joe Kaplan \(MVP - ADSI\)

Can you p/invoke the LookupAccountName API, passing in the SID of the group
you want to use? Everyone and Authenticated Users are both well-known SID
values that don't change, so that might be a good way to get the localized
version.

It is too bad that the .NET MQ API won't take a SID directly as then you
would not have this problem.

Joe K.
 
S

Simon Niederberger

Great, got that to work. However, now my assembly has an Win32API call, so
for deployment, I need full trust on the client. I found that I should add a
custom action in the setup project, but apart from that, I'm stumped.

Can you direct me to a step-by-step guide on how to make my assembly being
distributed with a Setup Project be fully trusted on the client?
(Essentially run the .NET framework 1.1 Wizard "Trust assembly" as custom
action). I'm using VS 2003.


Thanks a lot
Simon
 
J

Joe Kaplan \(MVP - ADSI\)

I thought you needed full trust to call into System.Messaging anyway since
it doesn't have the AllowPartiallyTrustedCallersAttribute. If your code is
being installed to the local machine, you will have full trust by default
anyway, so that probably isn't an issue. Are you actually get security
exceptions?

If you really feel like you need to change security policy, I'd suggest
starting a new thread as Nicole is much better at that stuff than me and can
provide you with more guidance.

Joe K.
 
S

Simon Niederberger

No Joe, you're absolutely right. That was an apparent newbie question. I was
testing my test.exe from a network share, which doesn't reflect the final
setup. If I move the exe to a local drive, everything is great.

So my final solution is:
Use code from http://www.codeproject.com/csharp/SidTranslator.asp
Install application locally (was gonna do that anyway)
Use SID S-1-1-0 for group "Everyone"

Thanks a lot, Joe
Simon
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

local group permissions 2
Question about share permissions 1
Windows 8.1 permissions/files delete? 7
Effective NTFS Permissions on Windows 0
Assigning folder permissions on Windows XP (Spanish version) 4
Security question 5
Windows XP Prohibit record run history 0
Windows Defender Won't Install After Malware 4

Top