Question:
I use the code found at http://support.microsoft.com/kb/306273
to add a windows user. The problem is i need to add the user to a group, but the groupnames are localized.
E.g. the MS-example uses an english computer, which means you can get the guest group like this: grp = AD.Children.Find("Guests", "group")
But on a non-english computer, the 'Guest' groupname is localized, meaning for example on my german language OS, the group name for Guests is "Gäste".
Which means for the support example to run on my computer i need to change that line to grp = AD.Children.Find("Gäste", "group")
then it works.
Now if the OS is any other language, how can I find the name for the guest user ? Or how can i get the guest user name from a sid ?
Note: .NET 2.0, not 3.0 or 3.5
As you have pointed out, the names of groups are localised depending on system language.
For 'well known' groups like 'Administrators' and 'Guests' you should retrieve based on the SID. The SID for Guests is:
S-1-5-32-546
There is a list of well known SIDs here:
http://support.microsoft.com/kb/243330
Code to get the group name from the SID can be found here
You can use this code, the returned value is correct for non-english systems:
var guestsGroup = new SecurityIdentifier(WellKnownSidType.BuiltinGuestsSid, null).Translate(typeof(NTAccount)).Value;
Looking up the account by SID is the best way to go. It's a bit contrived, but the way it works is this:
The Administrator account's SID always starts with
S-1-5-21and ends with-500. Everything else in-between is random (the domain's SID).The Guest account's SID always starts with
S-1-5-21and ends with-501.
The Microsoft KB article describing this is available here.
To find these accounts, you'd have to enumerate all of the accounts on the local machine and find which SIDs start with and end with those numbers. Once they match, you've got the built-in accounts. Not the nicest way to do it, but it works.
There is also a group policy setting under Security Settings\Local Policies\Security Options called Accounts: Rename administrator account and Accounts: Rename guest account. I wasn't able to find where in the registry these settings are stored, but if you are able to find out and you look them up, you will most likely be able to get the "official" names of these two accounts.
This page has some code for getting user details and checking them.
This code:
public IdentityReferenceCollection GetUserGroups()
{
System.Security.Principal.WindowsIdentity currentUser =
System.Security.Principal.WindowsIdentity.GetCurrent();
return currentUser.Groups;
}
returns the current user's groups.
More details on the WindowsIdentityclass as a whole can be found here, with the Groups property here.
You should be able to use the WindowsIdentity and WindowsPrincipal classes:
Dim currentIdentity as WindowsIdentity = WindowsIdentity.GetCurrent()
Dim currentPrincipal as WindowsPrincipal = New WindowsPrincipal(currentIdentity)
If currentPrincipal.IsInRole(WindowsBuiltInRole.Guest) Then
Foobar()
End If
Nevermind, I see you were actually trying to ADD a user to the group.
来源:https://stackoverflow.com/questions/3212862/how-can-i-get-the-local-group-name-for-guests-administrators