Re: Cannot obtain account SID using C#/WMI

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

"VictorG" <grippiconsulting@xxxxxxxxx> wrote in message news:1176401511.343225.131440@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello,

The below C# code works fine in obtaining the windows user's account
SID when the user is local to the machine. It throws a "Not Found"
exception when trying top obtain the SID for a user who is on a
domain, but logged in locally. Specifically, for a corporate domain -
the user logs into the local desktop and has a local profile - not a
roaming profile.

The below code is implemented in an NT service for the purpose of
allowing the service to access the user's registry hive under "current
user". Since the service runs under the SYSTEM account the current
user mapping is for the default SYSTEM account. We impersonate the
logged in windows user and then simulate the current user mapping by
using the SID and accessing the HKEY_USER hive (basically the same as
accessing the current user hive). This works fine for windows users
who are named: machineName/userName but not for CORPORATE/userName.

Is this SID available through WMI? Is there a different string I need
to query for it? Could there be security settings on this corporate
account? I am running under the SYTSTEM account so I should have full
privileges?


Here is the code:

string slash = @"\";
int pos = winUserName.IndexOfAny(slash.ToCharArray());
string machineName = winUserName.Substring(0, pos);
string userName = winUserName.Substring(pos + 1, winUserName.Length -
pos - 1);

// Use WMI to get the SID of the user
string p = String.Format("ROOT\\CIMV2:Win32_UserAccount.Domain=
\"{0}\",Name=\"{1}\"", machineName, userName);
ManagementPath path = new ManagementPath(p);
System.Management.ManagementObject account = new
ManagementObject(path);
sid = account["SID"] as string;
account.Dispose();


Any ideas or suggestion will be greatly appreciated.

Thanks,
Victor Grippi



The domain account SID's aren't stored on the local machine, they are stored on the DC, so will have to connect to DC of the users logon domain to obtain his SID.

Willy.

.

Relevant Pages

  • Re: EFS on crashed OS
    ... when the client logs on (user account was ... Under the new instance of Windows, import the EFS certificate that should've ... They got a new SID in the new instance ... use the Administrator account to take ownership and then give ownership ...
    (microsoft.public.security)
  • Re: Linux here we come.
    ... I dual boot with Ubuntu 10.10and agree ... an executable ubuntu that resides in the windows filesystem? ... Edit> Account Settings> Account Actions (button at bottom, ... Sorry for the delay Sid, mate just rang up and was ages on the ...
    (uk.legal)
  • Re: File Decryption
    ... Windows which has the same username and password as before. ... Because the SID for the *new* account with the same username will be ... Ownership and permissions in NTFS are ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Hibernartion is it secure???
    ... Security has nothing to do with hibernation. ... Permissions is based on the account SID. ... Windows, that instance of Windows did not create those user accounts so ...
    (microsoft.public.win2000.general)
  • Re: EFS Decryption Problem
    ... Was it only used to match up to the backed up userprofile, ... I thought the account's SID and password was involved in generating the ... a new account is created). ... instance of Windows would have a different SID even after restoring the ...
    (microsoft.public.windowsxp.security_admin)