How can I get the local group name for guests/administrators?

霸气de小男生 提交于 2019-11-30 13:12:02

问题


Question:

I use the code found at http://support.microsoft.com/kb/306273

to add a windows user. The problem is i need to add the user to a group, but the groupnames are localized.

E.g. the MS-example uses an english computer, which means you can get the guest group like this: grp = AD.Children.Find("Guests", "group")

But on a non-english computer, the 'Guest' groupname is localized, meaning for example on my german language OS, the group name for Guests is "Gäste".

Which means for the support example to run on my computer i need to change that line to grp = AD.Children.Find("Gäste", "group")

then it works.

Now if the OS is any other language, how can I find the name for the guest user ? Or how can i get the guest user name from a sid ?

Note: .NET 2.0, not 3.0 or 3.5


回答1:


As you have pointed out, the names of groups are localised depending on system language.

For 'well known' groups like 'Administrators' and 'Guests' you should retrieve based on the SID. The SID for Guests is:

S-1-5-32-546

There is a list of well known SIDs here:

http://support.microsoft.com/kb/243330

Code to get the group name from the SID can be found here




回答2:


You can use this code, the returned value is correct for non-english systems:

var guestsGroup = new SecurityIdentifier(WellKnownSidType.BuiltinGuestsSid, null).Translate(typeof(NTAccount)).Value;



回答3:


Looking up the account by SID is the best way to go. It's a bit contrived, but the way it works is this:

  • The Administrator account's SID always starts with S-1-5-21 and ends with -500. Everything else in-between is random (the domain's SID).

  • The Guest account's SID always starts with S-1-5-21 and ends with -501.

The Microsoft KB article describing this is available here.

To find these accounts, you'd have to enumerate all of the accounts on the local machine and find which SIDs start with and end with those numbers. Once they match, you've got the built-in accounts. Not the nicest way to do it, but it works.

There is also a group policy setting under Security Settings\Local Policies\Security Options called Accounts: Rename administrator account and Accounts: Rename guest account. I wasn't able to find where in the registry these settings are stored, but if you are able to find out and you look them up, you will most likely be able to get the "official" names of these two accounts.




回答4:


This page has some code for getting user details and checking them.

This code:

public IdentityReferenceCollection GetUserGroups()
{
    System.Security.Principal.WindowsIdentity currentUser =
                      System.Security.Principal.WindowsIdentity.GetCurrent();
    return currentUser.Groups;
}

returns the current user's groups.

More details on the WindowsIdentityclass as a whole can be found here, with the Groups property here.




回答5:


You should be able to use the WindowsIdentity and WindowsPrincipal classes:

Dim currentIdentity as WindowsIdentity = WindowsIdentity.GetCurrent()
Dim currentPrincipal as WindowsPrincipal = New WindowsPrincipal(currentIdentity)

If currentPrincipal.IsInRole(WindowsBuiltInRole.Guest) Then
   Foobar()
End If

Nevermind, I see you were actually trying to ADD a user to the group.



来源:https://stackoverflow.com/questions/3212862/how-can-i-get-the-local-group-name-for-guests-administrators

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!