By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,529 Members | 1,860 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,529 IT Pros & Developers. It's quick & easy.

Get Windows Group Name

P: n/a
Hi

I need to create a MessageQueue in my C# service (running as SYSTEM). Users
will have no permissions on this queue, so I can't look if messages are
present. When setting MessageQueue.SetPermissions, I have the problem of
knowing the Windows Group Name. I'd like to set Full Control to either Users
or Everyone (doesn't really matter), but the service might run under English
(Users, Everyone) or German Windows (Benutzer, Jeder). On a German Windows,
SetPermissions failes with "Everyone" and succeeds with "Jeder".
How can I get the locale-specific name of a role, say "Users"?

Or is there a much easier way to set Full Control Permissions on a
MessageQueue for Everyone?

Thanks a lot
Simon
Jul 22 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Can you p/invoke the LookupAccountName API, passing in the SID of the group
you want to use? Everyone and Authenticated Users are both well-known SID
values that don't change, so that might be a good way to get the localized
version.

It is too bad that the .NET MQ API won't take a SID directly as then you
would not have this problem.

Joe K.

"Simon Niederberger" <si***@sincore.ch> wrote in message
news:ec**************@TK2MSFTNGP14.phx.gbl...
Hi

I need to create a MessageQueue in my C# service (running as SYSTEM).
Users
will have no permissions on this queue, so I can't look if messages are
present. When setting MessageQueue.SetPermissions, I have the problem of
knowing the Windows Group Name. I'd like to set Full Control to either
Users
or Everyone (doesn't really matter), but the service might run under
English
(Users, Everyone) or German Windows (Benutzer, Jeder). On a German
Windows,
SetPermissions failes with "Everyone" and succeeds with "Jeder".
How can I get the locale-specific name of a role, say "Users"?

Or is there a much easier way to set Full Control Permissions on a
MessageQueue for Everyone?

Thanks a lot
Simon

Jul 22 '05 #2

P: n/a
Great, got that to work. However, now my assembly has an Win32API call, so
for deployment, I need full trust on the client. I found that I should add a
custom action in the setup project, but apart from that, I'm stumped.

Can you direct me to a step-by-step guide on how to make my assembly being
distributed with a Setup Project be fully trusted on the client?
(Essentially run the .NET framework 1.1 Wizard "Trust assembly" as custom
action). I'm using VS 2003.
Thanks a lot
Simon


"Joe Kaplan (MVP - ADSI)" <jo*************@removethis.accenture.com> wrote
in message news:uL*************@TK2MSFTNGP14.phx.gbl...
Can you p/invoke the LookupAccountName API, passing in the SID of the group you want to use? Everyone and Authenticated Users are both well-known SID
values that don't change, so that might be a good way to get the localized
version.

It is too bad that the .NET MQ API won't take a SID directly as then you
would not have this problem.

Joe K.

"Simon Niederberger" <si***@sincore.ch> wrote in message
news:ec**************@TK2MSFTNGP14.phx.gbl...
Hi

I need to create a MessageQueue in my C# service (running as SYSTEM).
Users
will have no permissions on this queue, so I can't look if messages are
present. When setting MessageQueue.SetPermissions, I have the problem of
knowing the Windows Group Name. I'd like to set Full Control to either
Users
or Everyone (doesn't really matter), but the service might run under
English
(Users, Everyone) or German Windows (Benutzer, Jeder). On a German
Windows,
SetPermissions failes with "Everyone" and succeeds with "Jeder".
How can I get the locale-specific name of a role, say "Users"?

Or is there a much easier way to set Full Control Permissions on a
MessageQueue for Everyone?

Thanks a lot
Simon


Jul 22 '05 #3

P: n/a
I thought you needed full trust to call into System.Messaging anyway since
it doesn't have the AllowPartiallyTrustedCallersAttribute. If your code is
being installed to the local machine, you will have full trust by default
anyway, so that probably isn't an issue. Are you actually get security
exceptions?

If you really feel like you need to change security policy, I'd suggest
starting a new thread as Nicole is much better at that stuff than me and can
provide you with more guidance.

Joe K.

"Simon Niederberger" <si***@sincore.ch> wrote in message
news:O$*************@TK2MSFTNGP10.phx.gbl...
Great, got that to work. However, now my assembly has an Win32API call, so
for deployment, I need full trust on the client. I found that I should add
a
custom action in the setup project, but apart from that, I'm stumped.

Can you direct me to a step-by-step guide on how to make my assembly being
distributed with a Setup Project be fully trusted on the client?
(Essentially run the .NET framework 1.1 Wizard "Trust assembly" as custom
action). I'm using VS 2003.
Thanks a lot
Simon


"Joe Kaplan (MVP - ADSI)" <jo*************@removethis.accenture.com> wrote
in message news:uL*************@TK2MSFTNGP14.phx.gbl...
Can you p/invoke the LookupAccountName API, passing in the SID of the

group
you want to use? Everyone and Authenticated Users are both well-known
SID
values that don't change, so that might be a good way to get the
localized
version.

It is too bad that the .NET MQ API won't take a SID directly as then you
would not have this problem.

Joe K.

"Simon Niederberger" <si***@sincore.ch> wrote in message
news:ec**************@TK2MSFTNGP14.phx.gbl...
> Hi
>
> I need to create a MessageQueue in my C# service (running as SYSTEM).
> Users
> will have no permissions on this queue, so I can't look if messages are
> present. When setting MessageQueue.SetPermissions, I have the problem
> of
> knowing the Windows Group Name. I'd like to set Full Control to either
> Users
> or Everyone (doesn't really matter), but the service might run under
> English
> (Users, Everyone) or German Windows (Benutzer, Jeder). On a German
> Windows,
> SetPermissions failes with "Everyone" and succeeds with "Jeder".
> How can I get the locale-specific name of a role, say "Users"?
>
> Or is there a much easier way to set Full Control Permissions on a
> MessageQueue for Everyone?
>
> Thanks a lot
> Simon
>
>



Jul 22 '05 #4

P: n/a
No Joe, you're absolutely right. That was an apparent newbie question. I was
testing my test.exe from a network share, which doesn't reflect the final
setup. If I move the exe to a local drive, everything is great.

So my final solution is:
Use code from http://www.codeproject.com/csharp/SidTranslator.asp
Install application locally (was gonna do that anyway)
Use SID S-1-1-0 for group "Everyone"

Thanks a lot, Joe
Simon

"Joe Kaplan (MVP - ADSI)" <jo*************@removethis.accenture.com> wrote
in message news:Oq*************@TK2MSFTNGP15.phx.gbl...
I thought you needed full trust to call into System.Messaging anyway since
it doesn't have the AllowPartiallyTrustedCallersAttribute. If your code is being installed to the local machine, you will have full trust by default
anyway, so that probably isn't an issue. Are you actually get security
exceptions?

If you really feel like you need to change security policy, I'd suggest
starting a new thread as Nicole is much better at that stuff than me and can provide you with more guidance.

Joe K.

"Simon Niederberger" <si***@sincore.ch> wrote in message
news:O$*************@TK2MSFTNGP10.phx.gbl...
Great, got that to work. However, now my assembly has an Win32API call, so for deployment, I need full trust on the client. I found that I should add a
custom action in the setup project, but apart from that, I'm stumped.

Can you direct me to a step-by-step guide on how to make my assembly being distributed with a Setup Project be fully trusted on the client?
(Essentially run the .NET framework 1.1 Wizard "Trust assembly" as custom action). I'm using VS 2003.
Thanks a lot
Simon


"Joe Kaplan (MVP - ADSI)" <jo*************@removethis.accenture.com> wrote in message news:uL*************@TK2MSFTNGP14.phx.gbl...
Can you p/invoke the LookupAccountName API, passing in the SID of the

group
you want to use? Everyone and Authenticated Users are both well-known
SID
values that don't change, so that might be a good way to get the
localized
version.

It is too bad that the .NET MQ API won't take a SID directly as then you would not have this problem.

Joe K.

"Simon Niederberger" <si***@sincore.ch> wrote in message
news:ec**************@TK2MSFTNGP14.phx.gbl...
> Hi
>
> I need to create a MessageQueue in my C# service (running as SYSTEM).
> Users
> will have no permissions on this queue, so I can't look if messages are > present. When setting MessageQueue.SetPermissions, I have the problem
> of
> knowing the Windows Group Name. I'd like to set Full Control to either > Users
> or Everyone (doesn't really matter), but the service might run under
> English
> (Users, Everyone) or German Windows (Benutzer, Jeder). On a German
> Windows,
> SetPermissions failes with "Everyone" and succeeds with "Jeder".
> How can I get the locale-specific name of a role, say "Users"?
>
> Or is there a much easier way to set Full Control Permissions on a
> MessageQueue for Everyone?
>
> Thanks a lot
> Simon
>
>



Jul 22 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.