TripleB Posted August 21, 2004 Posted August 21, 2004 Hello all, I am writing some kind of a backup program to be used in a techinical service department of a store. the idea is to scan a harddisk for possible backups and so on. Now most of it offers no problem except the fact if the directory is protected with a password, meaning that a user account is coupled to the directories. I know how to by pass this manualy but i would like to do this through code, so that the user of the backup program doesn't need to know how to do this. so this in a few words. how to change the owner of a directory/ directories.... any help would be appreciated ps language being used is c# thx in advance Quote
Joe Mamma Posted August 21, 2004 Posted August 21, 2004 would this be exe run as a scheduled task? Quote Joe Mamma Amendment 4: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Amendment 9: The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
TripleB Posted August 21, 2004 Author Posted August 21, 2004 No but let me explain.... would this be exe run as a scheduled task? No, it would be used in a store that repares pc's does formats and so on, the idea is that you connect the harddisk to a pc where the application is installed on then you start a scan, and automaticly copy or copy some files manualy, but as i said in my main post if the user directory is protected with a password then you aren't able to acces these files, so that is what i need to bypass through code.... Greetz Quote
*Gurus* Derek Stone Posted August 23, 2004 *Gurus* Posted August 23, 2004 You have three choices: Launch the process with the same credentials that are included in the file/directory ACL. Launch a new thread within the process with the same credentials that are included in the file/directory ACL. Create a new user account for the backup application and assign it to all the files/directories it requires access to. Quote Posting Guidelines
TripleB Posted August 23, 2004 Author Posted August 23, 2004 Hey Derek, thx for your reply, I have to admit you've lost me a bit... the only solution that i understand a bit is the last one with the account, this is what i would do manualy just reassign all the files to an other account. But how can i do this through code... for the other solutions can you give me a direction where i can find info about setting credentials in a process and about ACL, thx Greetz You have three choices: Launch the process with the same credentials that are included in the file/directory ACL. Launch a new thread within the process with the same credentials that are included in the file/directory ACL. Create a new user account for the backup application and assign it to all the files/directories it requires access to. Quote
*Gurus* Derek Stone Posted August 23, 2004 *Gurus* Posted August 23, 2004 http://msdn.microsoft.com/library/en-us/cpguide/html/cpconrole-basedsecurity.asp http://msdn.microsoft.com/library/en-us/cpref/html/frlrfSystemThreadingThreadClassCurrentPrincipalTopic.asp http://msdn.microsoft.com/library/en-us/cpref/html/frlrfSystemSecurityPrincipalWindowsPrincipalClassTopic.asp Quote Posting Guidelines
Arch4ngel Posted August 23, 2004 Posted August 23, 2004 hummm... near hacking but not yet Your problem seems a little bit... "invasive" if you know what I mean. You enter a computer and take ownership of everything and you copy everything. If you can copy... you'll probably have the right to delete or alter files. First of all... remember that you can't bypass Microsoft Windows NTFS security policy. If you want to do what you want to do... you'll have to already have an Administrator account on this computer so that you can scan everything. By "Administrator account" I mean an account in the Administrators group. This could be done on machine that you have installed yourself for clients. But this could NOT be done to self installed client machine. Understand what I want to say ? :) have a good day dude Quote "If someone say : "Die mortal !"... don't stay to see if he isn't." - Unknown "Learning to program is like going out with a new girl friend. There's always something that wasn't mentioned in the documentation..." - Me "A drunk girl is like an animal... it scream at everything like a cat and roll in the grass like a dog." - Me after seeing my girlfriend drunk and some of her drunk friend. C# TO VB TRANSLATOR
Joe Mamma Posted August 23, 2004 Posted August 23, 2004 this poses an interesting question. . . I physically move a disk drive from one computer to another. . . Does the new computer administrator have all rights to the moved disk? Quote Joe Mamma Amendment 4: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Amendment 9: The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
Administrators PlausiblyDamp Posted August 23, 2004 Administrators Posted August 23, 2004 On windows the answer is no, not right away; but he does have the ability to go and grant himself those rights. Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
TripleB Posted August 23, 2004 Author Posted August 23, 2004 invasive or not In my situation not... Hello all, Arch4Angel: I know it seems invasive but everything I would do with that application (and currently doing manualy) happens with the conscent of the customer, .... I work in a computer store that repares pc's does formats etc... for example customer brings in pc windows doesn't boot anymore no way of repairing the windows... Customer wants windows to be reinstalled and wants backups to be taken but his account is secured with a password, so now I grant my self acces to his account by changing the owner of the files and directories. So manualy this poses no problem, but it in this application I would like to automate it. I am going to read the links Derek provided me maybe. If it is possible to supply the user account name + password to make the copy work would also be an option because I have acces to it if I ask the client for it so... Greetz and thx for your replies Quote
TripleB Posted September 17, 2004 Author Posted September 17, 2004 (edited) impersonate Hey all, I have found an example of microsoft: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemSecurityPrincipalWindowsIdentityClassImpersonateTopic.asp this works as it should but the problem I am facing is that I fysicaly attach the hard disk to another pc (our pc) and acces those directories witch are linked to an user account, as far as I know this isn't possible because the windows on our pc doesnt know the excistence of that user account correct? now the question is: Can I acces that user account from our windows. I have the user account name and pasword if that helps. the easiest way would be if i could change the owner of that account to our user account (which i do manualy now) but i don't know where to look for this to implement this... thx in advance Edited September 17, 2004 by TripleB Quote
Arch4ngel Posted September 17, 2004 Posted September 17, 2004 Yes... I think windows can do that by the "System" account (which is a system one). I don't know however if windows can do those kind of trick without "System" access. Quote "If someone say : "Die mortal !"... don't stay to see if he isn't." - Unknown "Learning to program is like going out with a new girl friend. There's always something that wasn't mentioned in the documentation..." - Me "A drunk girl is like an animal... it scream at everything like a cat and roll in the grass like a dog." - Me after seeing my girlfriend drunk and some of her drunk friend. C# TO VB TRANSLATOR
TripleB Posted September 17, 2004 Author Posted September 17, 2004 Yes... I think windows can do that by the "System" account (which is a system one). I don't know however if windows can do those kind of trick without "System" access. Ok, I have allready considered that, I even tried it, but the function to impersonate a user needs a password, and the System account doesn't have one or am i mistaking? Or is there another way to act as the system account? Thx in advance Greetz Quote
bri189a Posted September 17, 2004 Posted September 17, 2004 I haven't seen anybody ask this question. How are you doing it manually now? (detailed)...sorry if I missed it. Quote
TripleB Posted September 17, 2004 Author Posted September 17, 2004 I haven't seen anybody ask this question. How are you doing it manually now? (detailed)...sorry if I missed it. How you would do it manualy step by step: first you have te make sure you can acces the security tab in the properties dialog(xp pro: turn of simple file sharing, xp home: boot in save mode) there you choose advanced, there you choose owner, then you can choose wich user to transfer the ownership to, you can choose between the administrators group and the user account you are logged on with, there you choose your account, and make sure you select the replace owner of subcontainers and objects then you confirm this let windows do its work changing the permissions. And you have granted yourself access to the other accounts files.... now my problem is that I want this to be automated, so that I can let the app backup all the nessesary files without interaction of the user... If there is a way to do this in means of imersonating the system and or supplying the accounts username and password this would be fine for me as this is no problem but the way I have mentioned above only can impersonate excisting users in that environment, and the account's files are assigned to an unknown user which is identified just by an SID (can I use this in any way??) OK this is a lot I know,... but hopefully it clarifies (how do you spell this :-\ ) the problem a bit THX in advance Greetz Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.