D
Dave Coate
Hi everyone,
I am looking for a way to 'override' file security and read the Owner of
a file to which I have no access. I am a system administrator, as such I
have administrative rights to all the computers in the company. Some of my
user base has full control rights to their files and have elected to remove
my access to some files. It is possible for an administrator to regain
access, but it is a messy process and can be time consuming. I have had more
than one long night copying data to a larger partition having to wach the
job for files that will not copy and go back to clean it up.
I have written a vb.net program that uses Windows API functions to
automate this. It takes ownership of problem files, grants administrative
access, copies the file or folder plus the security information and then
sets everything back the way it was. There is only one hitch. I have been
unsuccessful reading the owner of a file using Win APIs such as
GetNamedSecurityInfo when I do not have access to the file. I can WRITE a
new owner to such a file, but not read it. I need to be able to do this so I
can subsequently restore the original owner after I copy the file.
My current work around is to make a command shell call to fileacl.exe.
This utility will read a file's owner regardless of permissions if you use
the /force switch. This works, but I am not very happy with it and I would
like to do the whole job with Win APIs. For one thing it makes the program
more portable because I do not need to remember to have the fileacl.exe
utility on every server/computer from which I run this program.
Since the fileacl utility does read the file owner without permissions,
it must be possible. Can anyone give me a hint on how this might be
accomplished?
Dave Coate
I am looking for a way to 'override' file security and read the Owner of
a file to which I have no access. I am a system administrator, as such I
have administrative rights to all the computers in the company. Some of my
user base has full control rights to their files and have elected to remove
my access to some files. It is possible for an administrator to regain
access, but it is a messy process and can be time consuming. I have had more
than one long night copying data to a larger partition having to wach the
job for files that will not copy and go back to clean it up.
I have written a vb.net program that uses Windows API functions to
automate this. It takes ownership of problem files, grants administrative
access, copies the file or folder plus the security information and then
sets everything back the way it was. There is only one hitch. I have been
unsuccessful reading the owner of a file using Win APIs such as
GetNamedSecurityInfo when I do not have access to the file. I can WRITE a
new owner to such a file, but not read it. I need to be able to do this so I
can subsequently restore the original owner after I copy the file.
My current work around is to make a command shell call to fileacl.exe.
This utility will read a file's owner regardless of permissions if you use
the /force switch. This works, but I am not very happy with it and I would
like to do the whole job with Win APIs. For one thing it makes the program
more portable because I do not need to remember to have the fileacl.exe
utility on every server/computer from which I run this program.
Since the fileacl utility does read the file owner without permissions,
it must be possible. Can anyone give me a hint on how this might be
accomplished?
Dave Coate