Hi everyone,
I am looking for a way to 'override' file security and read the Owner of
a file to which I have no access. I am a system administrator, as such I
have administrative rights to all the computers in the company. Some of my
user base has full control rights to their files and have elected to remove
my access to some files. It is possible for an administrator to regain
access, but it is a messy process and can be time consuming. I have had more
than one long night copying data to a larger partition having to wach the
job for files that will not copy and go back to clean it up.
I have written a vb.net program that uses Windows API functions to
automate this. It takes ownership of problem files, grants administrative
access, copies the file or folder plus the security information and then
sets everything back the way it was. There is only one hitch. I have been
unsuccessful reading the owner of a file using Win APIs such as
GetNamedSecurit yInfo when I do not have access to the file. I can WRITE a
new owner to such a file, but not read it. I need to be able to do this so I
can subsequently restore the original owner after I copy the file.
My current work around is to make a command shell call to fileacl.exe.
This utility will read a file's owner regardless of permissions if you use
the /force switch. This works, but I am not very happy with it and I would
like to do the whole job with Win APIs. For one thing it makes the program
more portable because I do not need to remember to have the fileacl.exe
utility on every server/computer from which I run this program.
Since the fileacl utility does read the file owner without permissions,
it must be possible. Can anyone give me a hint on how this might be
accomplished?
Dave Coate 7 3653
Dave, Since the fileacl utility does read the file owner without permissions, it must be possible. Can anyone give me a hint on how this might be accomplished ?
I believe you have to enable the SeBackupPrivile ge.
Mattias
--
Mattias Sjögren [MVP] mattias @ mvps.org http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.
I thought it might be something like that. Can you give a quick overview of
how to do that? What commands do I use? Is the privilege granted to the user
running the process or to the Security Descriptor?
"Mattias Sjögren" <ma************ ********@mvps.o rg> wrote in message
news:u3******** **********@tk2m sftngp13.phx.gb l... Dave,
Since the fileacl utility does read the file owner without
permissions,it must be possible. Can anyone give me a hint on how this might be accomplished ?
I believe you have to enable the SeBackupPrivile ge. Mattias
-- Mattias Sjögren [MVP] mattias @ mvps.org http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com Please reply only to the newsgroup.
Dave Coate wrote: I thought it might be something like that. Can you give a quick overview of how to do that? What commands do I use? Is the privilege granted to the user running the process or to the Security Descriptor?
Since SeBackupPrivile ge it's a privilege, it has to be granted
to process.
I'm not a sys admin, but there is a (usually empty) "Backup Operators"
role/group that *probably* already has this privilege.
Make yourself a member of this group and try to access the files.
bye
Rob
Dave, I thought it might be something like that. Can you give a quick overview of how to do that? What commands do I use? Is the privilege granted to the user running the process or to the Security Descriptor?
<disclaimer>I 'm definitely not a security expert.</disclaimer>
I believe you use the OpenThreadToken and AdjustTokenPriv ileges APIs.
The privilege is granted to the user (admins).
See http://support.microsoft.com/?kbid=318744 for some VB6 code that
may help you get started.
Mattias
--
Mattias Sjögren [MVP] mattias @ mvps.org http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.
Rob and Mattias,
I am already an administrator on all systems. That should give me the
same privileges as Backup Operators and more. However, I tested both of your
suggestions. Placing my account in the Backup Operators group did not help.
I managed to adapt the code from the link Mattias suggested. It runs in
vb.net without error, but I still can not read the owner of a file to which
I have no acess. I can change the owner to anything I want, but I can not
read it. Any more ideas? Anyone?
Dave
"Mattias Sjögren" <ma************ ********@mvps.o rg> wrote in message
news:%2******** ********@TK2MSF TNGP09.phx.gbl. .. Dave,
I thought it might be something like that. Can you give a quick overview
ofhow to do that? What commands do I use? Is the privilege granted to the
userrunning the process or to the Security Descriptor?
<disclaimer>I 'm definitely not a security expert.</disclaimer>
I believe you use the OpenThreadToken and AdjustTokenPriv ileges APIs. The privilege is granted to the user (admins).
See http://support.microsoft.com/?kbid=318744 for some VB6 code that may help you get started. Mattias
-- Mattias Sjögren [MVP] mattias @ mvps.org http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com Please reply only to the newsgroup.
Dave, Any more ideas? Anyone?
I've tried it myself now and I couldn't get GetNamedSecurit yInfo to
work either. But opening the file with
CreateFile(FILE _FLAG_BACKUP_SE MANTICS) and then calling
GetSecurityInfo on the file handle works.
Mattias
--
Mattias Sjögren [MVP] mattias @ mvps.org http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.
Yes, it does work. Outstanding Mattias!
"Mattias Sjögren" <ma************ ********@mvps.o rg> wrote in message
news:%2******** **********@TK2M SFTNGP15.phx.gb l... Dave,
Any more ideas? Anyone?
I've tried it myself now and I couldn't get GetNamedSecurit yInfo to work either. But opening the file with CreateFile(FILE _FLAG_BACKUP_SE MANTICS) and then calling GetSecurityInfo on the file handle works. Mattias
-- Mattias Sjögren [MVP] mattias @ mvps.org http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com Please reply only to the newsgroup. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: bdinmstig |
last post by:
I refined my attempt a little further, and the following code does
seem to work, however it has 2 major problems:
1. Very limited support for XPath features
Basic paths are supported for elements, attributes, ".", and "..",
plus also the "" predicate format is supported -
however, only one predicate per path step is supported, and expr must
be a relative path.
2. Poor performance
|
by: Majordomo |
last post by:
--
>>>> --36742377
**** Command '--36742377' not recognized.
>>>> Content-Type: text/plain; charset=us-ascii
**** Command 'content-type:' not recognized.
>>>> Content-Transfer-Encoding: 7bit
**** Command 'content-transfer-encoding:' not recognized.
>>>>
>>>> something is fool
|
by: isaac rainsford |
last post by:
how on earth do i call and use GetNamedSecurityInfo from Advapi32.dll in
VB.NET?
i can make it work on VB5/6...
any tips much appreciated, thanks in advance...
|
by: Gene |
last post by:
I have a number of aspx pages on which a single user control appears. All of
the aspx pages and the user control make user of code-behind modules. I need
for logic in the user control's code-behind to read the current value of a
variable in the hosting aspx page's code-behind. How is this accomplished?
Thanks.
|
by: John Regan |
last post by:
Hello All
I am trying to find the owner of a file or folder on our network (Windows
2000 Server) using VB.Net and/or API. so I can search for Folders that don't
follow our company's specified folder structure and naming conventions and
then send a Net send message to those users telling them to rectify.
The information I want to get is when you select the file/folder and then:
Properties -> Security Tab -> Advanced Button -> Owner Tab ->...
| |
by: Dave Coate |
last post by:
Hello again,
I am going to re-post a question. I got some excellent suggestions from
Rob and Mattias on this but their ideas did not solve the problem. Here is
the original post:
*****************************************************
I am looking for a way to 'override' file security and read the Owner of
a file to which I have no access. I am a system administrator, as such I
have administrative rights to all the computers in the...
|
by: dba123 |
last post by:
I need help in coding the following or if you can just point me in the right
direction:
1) Reading the follwoing XML document
2) Hook up a GridView to the data received from the XML document. The Grid
should read lke this:
Title
Description
Title
|
by: eholz1 |
last post by:
Hello PHP Group,
I am having trouble setting permissions correctly so that the
magickwand api (php 5.2) can read and
write images. I usually read a file from one directory, create a
magickwand resource from that file,
and transform the image, and save the new image with a new name to a
different directory.
I have seen that my file and folder permissions when set incorrectly,
|
by: leiger |
last post by:
Hi,
I need help with this problem as soon as possible (within a couple of days).
This is the first time I have ever used Access 2007 and therefore I am having some problems - especially as I am attempting some things I have never used in a database before this.
As you can see in the picture, I need to create a form to edit pet details. I want to use a combo box to select the owner, then (if possible) have all of the records in the...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |