RE: GetNamedSecurityInfo - Read Owner pt II
From: jzhu (jzhu_at_discussions.microsoft.com)
Date: 10/19/04
- Next message: Robert Jordan: "Re: Files required for IE Interop"
- Previous message: Sunny: "COM, STA threads and internal threads"
- In reply to: Dave Coate: "GetNamedSecurityInfo - Read Owner pt II"
- Next in thread: Dave Coate: "Re: GetNamedSecurityInfo - Read Owner pt II"
- Reply: Dave Coate: "Re: GetNamedSecurityInfo - Read Owner pt II"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 19 Oct 2004 08:51:01 -0700
Take a look at Knowledge Base article Q240184:
INFO: Reading/Modifying DACL of a File or Folder with Backup and Restore
Privileges
ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/enu_kbwin32sdk/en-us/win32sdk/Q240184.htm
To use the privileges, check out:
ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/enu_kbwin32sdk/en-us/win32sdk/Q240184.htm
If you need addtional Win32 security APIs in VB.NET, check out
http://www.DataMarvel.com
It has samples on enabling privileges through a higher level wraper, which
is much simplier than the raw PInvoke Win32 APIs.
"Dave Coate" wrote:
> Hello again,
>
> I am going to re-post a question. I got some excellent suggestions from
> Rob and Mattias on this but their ideas did not solve the problem. Here is
> the original post:
>
> *****************************************************
> I am looking for a way to 'override' file security and read the Owner of
> a file to which I have no access. I am a system administrator, as such I
> have administrative rights to all the computers in the company. Some of my
> user base has full control rights to their files and have elected to remove
> my access to some files. It is possible for an administrator to regain
> access, but it is a messy process and can be time consuming. I have had more
> than one long night copying data to a larger partition having to wach the
> job for files that will not copy and go back to clean it up.
>
> I have written a vb.net program that uses Windows API functions to
> automate this. It takes ownership of problem files, grants administrative
> access, copies the file or folder plus the security information and then
> sets everything back the way it was. There is only one hitch. I have been
> unsuccessful reading the owner of a file using Win APIs such as
> GetNamedSecurityInfo when I do not have access to the file. I can WRITE a
> new owner to such a file, but not read it. I need to be able to do this so I
> can subsequently restore the original owner after I copy the file.
>
> My current work around is to make a command shell call to fileacl.exe.
> This utility will read a file's owner regardless of permissions if you use
> the /force switch. This works, but I am not very happy with it and I would
> like to do the whole job with Win APIs. For one thing it makes the program
> more portable because I do not need to remember to have the fileacl.exe
> utility on every server/computer from which I run this program.
>
> Since the fileacl utility does read the file owner without permissions,
> it must be possible. Can anyone give me a hint on how this might be
> accomplished?
>
> *****************************************************
>
> I tried placing myself in the backup operators group and that did not help.
> I have tried adjusting my token with the SeRestorePrivilege and
> SeBackupPrivilege and that did not help either. (I am not certain I am doing
> the latter properly, but the code I wrote does not return any errors,
> including dll errors.) Does anyone have any other suggestions? Keep in
> mind, I am an administrator on all boxes for which I have tried this.
>
> Dave Coate
>
>
>
- Next message: Robert Jordan: "Re: Files required for IE Interop"
- Previous message: Sunny: "COM, STA threads and internal threads"
- In reply to: Dave Coate: "GetNamedSecurityInfo - Read Owner pt II"
- Next in thread: Dave Coate: "Re: GetNamedSecurityInfo - Read Owner pt II"
- Reply: Dave Coate: "Re: GetNamedSecurityInfo - Read Owner pt II"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
