Impersonation of local account on remote machine

[Chris Marsh]

Hi all

I have one machine (A) which is not on a domain. There is an local user
account on A (userA) that has access to a certain folder. I have another
machine (B). An application on B initialises a FileSystemWatcher to watch
the previously mentioned folder on A.

My question is: how do I ensure that the FileSystemWatcher is operating
under the local account userA on machine A? I've explored LogonUser(...),
but this appears to only work either on the local machine, or if the account
to be impersonated is on a domain.

Any pointers gratefully received.

Cheers!

 

[Steven Cheng[MSFT]]

Hi Chris,

From your description, you have two machines in a non-domain local
intranet. And you will use FileSystemWatcher to monitor folders from one
machine to another one and want to ensure the watcher will act like a local
user account(permission) on the remote machine, correct?

As for this scenario, I think you can use the "duplicated account" feature
of windows NTLM authentication. Suppose you haven't domain environment, you
can still make two windows machines share local accounts when the program
on each machine visit the another(remotely) through the following means:

** create two duplicated accounts (with identical username/password) on the
two machines(A and B)

** Then, you can run program on A with the MACHINEA\DuplicatedAccount and
when it access remote resource on B(such as fileshare), it will be
authenticated and recognized as MACHINEB\DuplicatedAccount.

Here are two former threads where I've also mentioned this:

#Accessing file system Options
http://groups.google.com/group/microsoft.public.dotnet.general/browse_thread
/thread/2d5f4fba973a6005/d8b236435ac33fe1

#Permission Errors Options
http://groups.google.com/group/microsoft.public.dotnet.general/browse_thread
/thread/64074c1cda72390/e19bdd75c558c764

In addition, if you have interests ,you can also look up the "programming
windows security" book authored by Keith Brown for detailed information.

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Steven Cheng[MSFT]]

Hi Chris,

How are you doing on this issue or does the suggestion in my last reply
help you some? If there is still anything we can help, please don't
hesitate to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.