473,394 Members | 2,063 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c# / c sharp > questions > translate builtin to domain name

Join Bytes to post your question to a community of 473,394 software developers and data experts.

Translate BUILTIN to domain name

Hello group

I'm trying to list the users and groups who has read access to a file.

I use .NET 2.0 and FileInfo.GetAccessControl().GetAccessRules(...) and then
loop through the FileSystemAccessRule objects. Using these objects, it is
easy to use rule.IdentityReference.Translate(typeof(NTAccount) ) to get the
NTAccount object.

I have noticed that some of the NTAccounts can belong to BUILTIN domains,
e.g. BUILTIN\Users. I need to translate this BUILTIN domain name to an
actual computer or domain name. Just like it is done when I click on the
Security tab of the file property dialog.

If it is on my local computer, I guess that I sould just translate it into
the local computer name. However, what should I do if it is on a remote
computer? If the remote computer is a Domain controller, it looks as if I
should translate it to <DOMAIN>\Users instead of <COMPUTERNAME>\Users.

My problem is, that i don't know if the file is a local file or on a remote
computer. And if I could fint out if it is a local or remote file, how do I
find out if it is on the domain controller?

If this is the wrong group to ask, then please let me know.

Thank you for your help

Regards
Anders
Feb 9 '06 #1
6 5524
BUILTIN is a special pseudo domain (like NT AUTHORITY) that correspond to
well known accounts with pre-defined SIDs.

You can just use use them as-is and shouldn't replace them by the local (or
another) domain name.

/LM
"Anders K. Olsen" <ak*****@hotmail.com> wrote in message
news:uy*************@TK2MSFTNGP09.phx.gbl...
Hello group

I'm trying to list the users and groups who has read access to a file.

I use .NET 2.0 and FileInfo.GetAccessControl().GetAccessRules(...) and
then loop through the FileSystemAccessRule objects. Using these objects,
it is easy to use rule.IdentityReference.Translate(typeof(NTAccount) ) to
get the NTAccount object.

I have noticed that some of the NTAccounts can belong to BUILTIN domains,
e.g. BUILTIN\Users. I need to translate this BUILTIN domain name to an
actual computer or domain name. Just like it is done when I click on the
Security tab of the file property dialog.

If it is on my local computer, I guess that I sould just translate it into
the local computer name. However, what should I do if it is on a remote
computer? If the remote computer is a Domain controller, it looks as if I
should translate it to <DOMAIN>\Users instead of <COMPUTERNAME>\Users.

My problem is, that i don't know if the file is a local file or on a
remote computer. And if I could fint out if it is a local or remote file,
how do I find out if it is on the domain controller?

If this is the wrong group to ask, then please let me know.

Thank you for your help

Regards
Anders

Feb 9 '06 #2
"Luc E. Mistiaen" <lu**********@advalvas.be.no.spam> wrote in message
news:eS**************@TK2MSFTNGP09.phx.gbl...
BUILTIN is a special pseudo domain (like NT AUTHORITY) that correspond to
well known accounts with pre-defined SIDs.

You can just use use them as-is and shouldn't replace them by the local
(or another) domain name.


Thank you for your answer.

Let me see if I can explain my problem better.

Assume that a file (FILE1) is stored on SERVER1. BUILTIN\Users on SERVER1 is
allowed to read this file. When I inspect the file, I read this information.

On another computer COMPUTER2, I find that USER2 is a member of
BUILTIN\Users on this computer, but USER2 is NOT a memeber of BUILTIN\Users
on SERVER1.

Now I would like to find out if USER2 is allowed to read FILE1. My problem
is, that I can't use the normal Windows mechansims to decide this question.
So I would like to be able to compare users and groups between computers and
servers. If I just compare BUILTIN\Users with BUILTIN\Users, I find that
USER2 is allowed to read FILE1 which is wrong. However if I could translate
BUILTIN\Users on SERVER1 to SERVER1\Users and BUILTIN\Users on COMPUTER2 to
COMPUTER2\Users, I would be able to decide that USER2 is not allowed to read
FILE1

Regards
Anders
Feb 10 '06 #3
But it is not that simple. USER2 can member of a global group that is itself
member of BUILTIN\Users. In general you cannot decide based on such simple
comparison. You must impersonate USER2 and try to access the file and let
Windows decide if USER2 has access or not...

/LM

"Anders K. Olsen" <ak*****@hotmail.com> wrote in message
news:u3**************@tk2msftngp13.phx.gbl...
"Luc E. Mistiaen" <lu**********@advalvas.be.no.spam> wrote in message
news:eS**************@TK2MSFTNGP09.phx.gbl...
BUILTIN is a special pseudo domain (like NT AUTHORITY) that correspond to
well known accounts with pre-defined SIDs.

You can just use use them as-is and shouldn't replace them by the local
(or another) domain name.


Thank you for your answer.

Let me see if I can explain my problem better.

Assume that a file (FILE1) is stored on SERVER1. BUILTIN\Users on SERVER1
is allowed to read this file. When I inspect the file, I read this
information.

On another computer COMPUTER2, I find that USER2 is a member of
BUILTIN\Users on this computer, but USER2 is NOT a memeber of
BUILTIN\Users on SERVER1.

Now I would like to find out if USER2 is allowed to read FILE1. My problem
is, that I can't use the normal Windows mechansims to decide this
question. So I would like to be able to compare users and groups between
computers and servers. If I just compare BUILTIN\Users with BUILTIN\Users,
I find that USER2 is allowed to read FILE1 which is wrong. However if I
could translate BUILTIN\Users on SERVER1 to SERVER1\Users and
BUILTIN\Users on COMPUTER2 to COMPUTER2\Users, I would be able to decide
that USER2 is not allowed to read FILE1

Regards
Anders

Feb 10 '06 #4
"Luc E. Mistiaen" <lu**********@advalvas.be.no.spam> wrote in message
news:Oh**************@TK2MSFTNGP10.phx.gbl...
But it is not that simple. USER2 can member of a global group that is
itself member of BUILTIN\Users. In general you cannot decide based on such
simple comparison. You must impersonate USER2 and try to access the file
and let Windows decide if USER2 has access or not...


My problem is, that I can't use Windows to decide if USER2 has access to the
file. I need to decide this using string comparisons. I'm doing the
comparisons in another application that knows nothing about windows and
authentication.

When USER2 tries to access the file through my system (a webpage), I will
enumerate all the groups that USER2 belongs to. I'm using Integrated Windows
Authentication on the webbrowser, so this is done while I'm impersonating
USER2, so it will recursively list all groups that USER2 belongs to. When I
know all groups that USER2 belongs to, I can compare this list with the list
of users/groups that is allowed to read the file.

But you have a point: This enumeration will probably only list the groups
that are available on the webserver. Therefore it will not contain
BUILTIN\Users on SERVER1 if the webserver is not running on SERVER1.

I'm beginning to think, that it is not possible to achieve all the things
that I want to be able to do.

Regards
Anders
Feb 13 '06 #5
Yes, I think the closest to what you want to do, is to require the user to
be part of a specific group to have access to the file and use the IsInRole
method to check (deeply) if the user is part of that group.

/LM

"Anders K. Olsen" <ak*****@hotmail.com> wrote in message
news:eF**************@TK2MSFTNGP14.phx.gbl...
"Luc E. Mistiaen" <lu**********@advalvas.be.no.spam> wrote in message
news:Oh**************@TK2MSFTNGP10.phx.gbl...
But it is not that simple. USER2 can member of a global group that is
itself member of BUILTIN\Users. In general you cannot decide based on
such simple comparison. You must impersonate USER2 and try to access the
file and let Windows decide if USER2 has access or not...


My problem is, that I can't use Windows to decide if USER2 has access to
the file. I need to decide this using string comparisons. I'm doing the
comparisons in another application that knows nothing about windows and
authentication.

When USER2 tries to access the file through my system (a webpage), I will
enumerate all the groups that USER2 belongs to. I'm using Integrated
Windows Authentication on the webbrowser, so this is done while I'm
impersonating USER2, so it will recursively list all groups that USER2
belongs to. When I know all groups that USER2 belongs to, I can compare
this list with the list of users/groups that is allowed to read the file.

But you have a point: This enumeration will probably only list the groups
that are available on the webserver. Therefore it will not contain
BUILTIN\Users on SERVER1 if the webserver is not running on SERVER1.

I'm beginning to think, that it is not possible to achieve all the things
that I want to be able to do.

Regards
Anders

Feb 13 '06 #6
"Luc E. Mistiaen" <lu**********@advalvas.be.no.spam> wrote in message
news:ud**************@TK2MSFTNGP09.phx.gbl...
Yes, I think the closest to what you want to do, is to require the user to
be part of a specific group to have access to the file and use the
IsInRole method to check (deeply) if the user is part of that group.


Yes, that is probably true.

Thank you for your help. You have given me something to think about and some
new dirrections to look.

Regards
Anders
Feb 14 '06 #7
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
The namespace for builtin functions?
by: Blair Hall | last post by:
Can anyone please tell me how to correctly use a built in function when there is a function of the same name in local scope? Here is an example. Suppose the following is in myApply.py: def...
Python
2
subclassing builtin types
by: BJörn Lindqvist | last post by:
A problem I have occured recently is that I want to subclass builtin types. Especially subclassing list is very troublesome to me. But I can't find the right syntax to use. Take for example this...
Python
1
how about a builtin "abstractmethod"?
by: Stephen Ferg | last post by:
Python has a builtin class for staticmethod. Seems to me that Python should also have a builtin class for abstractmethod. Something like this... ####################################### #...
Python
1
using translate()
by: Xeon | last post by:
Hi, I'm trying to replace spaces with %20 with help of translate, but not successfull. Here's a node in the xml file : <title>This is some test title</title> The xsl code I'm using : ...
.NET Framework
4
Translate() Question
by: Gadrin77 | last post by:
I have data that looks like <Root> <Main Value="Line1|Line2.|Line3|Line4.|Line5"/> </Root> I'm using Translate(@Value, "|.", ",")
.NET Framework
2
Is there a way to determine -- when parsing -- if a word contains a builtin name or other imported system module name?
by: Casey Hawthorne | last post by:
Is there a way to determine -- when parsing -- if a word contains a builtin name or other imported system module name? Like "iskeyword" determines if a word is a keyword! -- Regards, Casey
Python
2
Translate into php
by: Krustov | last post by:
I'm doing whois domain checker for www.hosthome.co.uk and want to add a checking routine for the .eu tld . I have limited knowledge about sockets and stuff - so can somebody translate the info...
PHP
2
NTAccount.Translate to SecurityIdentifier for <domain>\Administrat
by: =?Utf-8?B?QWxleGV5IFlha292bGV2?= | last post by:
Hi! Can anyone please explain me why following code gives an SecurityException "System.Security.SecurityException: The name provided is not a properly formed account name."? -- code start -- ...
.NET Framework
3
How to translate string with data have integer + character and null data
by: amija0311 | last post by:
Hi, I am new using DB2 9.1 database by windows base. I want to query the data that contain string then translate the string into integer using DB2. The problems is If the data is null, i got the...
DB2 Database
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!