How to distinguish users and groups from folder security?

Question

How to distinguish users and groups from folder security?

I wrote a simple code to extract the security information of a folder the information contains user and groups and the rights they have in the folder

public void GetSecurityRules(DirectoryInfo directoryInfo)
    {
        DirectorySecurity DSecurity = directoryInfo.GetAccessControl();
        AuthorizationRuleCollection Rules = DSecurity.GetAccessRules(true, true, typeof(NTAccount));


        foreach (FileSystemAccessRule fileSystemAccessRule in Rules)
        {
            Console.WriteLine("User/Group name {0}",fileSystemAccessRule.IdentityReference.Value);
            Console.WriteLine("Permissions: {0}", fileSystemAccessRule.FileSystemRights.ToString());
        }
    }

On a line fileSystemAccessRule.IdentityReference.Value

, I have both users and groups, but how do I know if this value is a user or a group?

+3

c # .net

Maro 04 Feb 13 at 13:14

source to share

1 answer

Anton Tykhyy · Answer 1 · 2013-02-04T13:37:23+0000

As far as I know, the CLR does not disclose this information. You will have to p / invoke LsaLookupSids

manually and check the SID_NAME_USE value it returns. The CLR also calls this function to translate SIDs to account names, but this rejects SID_NAME_USE values. For the code, highlight Reflector, open mscorlib and see how the inner function works TranslateToNTAccounts

in System.Security.Principal.SecurityIdentifier

.

Alternatively, if you do not intend to repeat these queries again, it may be easier to use WMI Win32_Account

by querying by SID and checking the SIDType member.

How to distinguish users and groups from folder security?

More articles: