473,326 Members | 2,438 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

GetNamedSecurityInfo - Read Owner

Hi everyone,

I am looking for a way to 'override' file security and read the Owner of
a file to which I have no access. I am a system administrator, as such I
have administrative rights to all the computers in the company. Some of my
user base has full control rights to their files and have elected to remove
my access to some files. It is possible for an administrator to regain
access, but it is a messy process and can be time consuming. I have had more
than one long night copying data to a larger partition having to wach the
job for files that will not copy and go back to clean it up.

I have written a vb.net program that uses Windows API functions to
automate this. It takes ownership of problem files, grants administrative
access, copies the file or folder plus the security information and then
sets everything back the way it was. There is only one hitch. I have been
unsuccessful reading the owner of a file using Win APIs such as
GetNamedSecurityInfo when I do not have access to the file. I can WRITE a
new owner to such a file, but not read it. I need to be able to do this so I
can subsequently restore the original owner after I copy the file.

My current work around is to make a command shell call to fileacl.exe.
This utility will read a file's owner regardless of permissions if you use
the /force switch. This works, but I am not very happy with it and I would
like to do the whole job with Win APIs. For one thing it makes the program
more portable because I do not need to remember to have the fileacl.exe
utility on every server/computer from which I run this program.

Since the fileacl utility does read the file owner without permissions,
it must be possible. Can anyone give me a hint on how this might be
accomplished?

Dave Coate
Nov 21 '05 #1
7 3610
Dave,
Since the fileacl utility does read the file owner without permissions,
it must be possible. Can anyone give me a hint on how this might be
accomplished?


I believe you have to enable the SeBackupPrivilege.

Mattias

--
Mattias Sjögren [MVP] mattias @ mvps.org
http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.
Nov 21 '05 #2
I thought it might be something like that. Can you give a quick overview of
how to do that? What commands do I use? Is the privilege granted to the user
running the process or to the Security Descriptor?

"Mattias Sjögren" <ma********************@mvps.org> wrote in message
news:u3******************@tk2msftngp13.phx.gbl...
Dave,
Since the fileacl utility does read the file owner without permissions,it must be possible. Can anyone give me a hint on how this might be
accomplished?


I believe you have to enable the SeBackupPrivilege.

Mattias

--
Mattias Sjögren [MVP] mattias @ mvps.org
http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.

Nov 21 '05 #3
Dave Coate wrote:
I thought it might be something like that. Can you give a quick overview of
how to do that? What commands do I use? Is the privilege granted to the user
running the process or to the Security Descriptor?


Since SeBackupPrivilege it's a privilege, it has to be granted
to process.

I'm not a sys admin, but there is a (usually empty) "Backup Operators"
role/group that *probably* already has this privilege.
Make yourself a member of this group and try to access the files.

bye
Rob
Nov 21 '05 #4
Dave,
I thought it might be something like that. Can you give a quick overview of
how to do that? What commands do I use? Is the privilege granted to the user
running the process or to the Security Descriptor?


<disclaimer>I'm definitely not a security expert.</disclaimer>

I believe you use the OpenThreadToken and AdjustTokenPrivileges APIs.
The privilege is granted to the user (admins).

See http://support.microsoft.com/?kbid=318744 for some VB6 code that
may help you get started.

Mattias

--
Mattias Sjögren [MVP] mattias @ mvps.org
http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.
Nov 21 '05 #5
Rob and Mattias,

I am already an administrator on all systems. That should give me the
same privileges as Backup Operators and more. However, I tested both of your
suggestions. Placing my account in the Backup Operators group did not help.
I managed to adapt the code from the link Mattias suggested. It runs in
vb.net without error, but I still can not read the owner of a file to which
I have no acess. I can change the owner to anything I want, but I can not
read it. Any more ideas? Anyone?

Dave

"Mattias Sjögren" <ma********************@mvps.org> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
Dave,
I thought it might be something like that. Can you give a quick overview ofhow to do that? What commands do I use? Is the privilege granted to the userrunning the process or to the Security Descriptor?


<disclaimer>I'm definitely not a security expert.</disclaimer>

I believe you use the OpenThreadToken and AdjustTokenPrivileges APIs.
The privilege is granted to the user (admins).

See http://support.microsoft.com/?kbid=318744 for some VB6 code that
may help you get started.

Mattias

--
Mattias Sjögren [MVP] mattias @ mvps.org
http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.

Nov 21 '05 #6
Dave,
Any more ideas? Anyone?


I've tried it myself now and I couldn't get GetNamedSecurityInfo to
work either. But opening the file with
CreateFile(FILE_FLAG_BACKUP_SEMANTICS) and then calling
GetSecurityInfo on the file handle works.

Mattias

--
Mattias Sjögren [MVP] mattias @ mvps.org
http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.
Nov 21 '05 #7
Yes, it does work. Outstanding Mattias!

"Mattias Sjögren" <ma********************@mvps.org> wrote in message
news:%2******************@TK2MSFTNGP15.phx.gbl...
Dave,
Any more ideas? Anyone?


I've tried it myself now and I couldn't get GetNamedSecurityInfo to
work either. But opening the file with
CreateFile(FILE_FLAG_BACKUP_SEMANTICS) and then calling
GetSecurityInfo on the file handle works.

Mattias

--
Mattias Sjögren [MVP] mattias @ mvps.org
http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.

Nov 21 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: bdinmstig | last post by:
I refined my attempt a little further, and the following code does seem to work, however it has 2 major problems: 1. Very limited support for XPath features Basic paths are supported for...
0
by: Majordomo | last post by:
-- >>>> --36742377 **** Command '--36742377' not recognized. >>>> Content-Type: text/plain; charset=us-ascii **** Command 'content-type:' not recognized. >>>> Content-Transfer-Encoding: 7bit...
1
by: isaac rainsford | last post by:
how on earth do i call and use GetNamedSecurityInfo from Advapi32.dll in VB.NET? i can make it work on VB5/6... any tips much appreciated, thanks in advance...
7
by: Gene | last post by:
I have a number of aspx pages on which a single user control appears. All of the aspx pages and the user control make user of code-behind modules. I need for logic in the user control's code-behind...
2
by: John Regan | last post by:
Hello All I am trying to find the owner of a file or folder on our network (Windows 2000 Server) using VB.Net and/or API. so I can search for Folders that don't follow our company's specified...
3
by: Dave Coate | last post by:
Hello again, I am going to re-post a question. I got some excellent suggestions from Rob and Mattias on this but their ideas did not solve the problem. Here is the original post: ...
2
by: dba123 | last post by:
I need help in coding the following or if you can just point me in the right direction: 1) Reading the follwoing XML document 2) Hook up a GridView to the data received from the XML document. ...
3
by: eholz1 | last post by:
Hello PHP Group, I am having trouble setting permissions correctly so that the magickwand api (php 5.2) can read and write images. I usually read a file from one directory, create a magickwand...
1
by: leiger | last post by:
Hi, I need help with this problem as soon as possible (within a couple of days). This is the first time I have ever used Access 2007 and therefore I am having some problems - especially as I...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.