locked
Removing a user from built in groups RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi,

    My question is more related to windows OS than to .NET programming.

    I have created a user account and named it "DummyUser". I have removed the user from all the groups.

    When I try to access the groups in which the user is present programatically, it shows that it is still present in the following user groups:
    None
    Everyone
    Users
    Interactive
    Authenticated Users
    Local

    The code I have used to retrieve the user groups of current user is:

    currentUserGroups = WindowsIdentity.GetCurrent().Groups;

            WindowsIdentity wi = WindowsIdentity.GetCurrent();
            WindowsPrincipal wp = new WindowsPrincipal(wi);
            userInGroups = null;
            List<string> groupValues = new List<string>();
            foreach (IdentityReference grp in wi.Groups)
            {
                try
                {                    
                    SecurityIdentifier sid = new SecurityIdentifier(grp.Value);
                    IdentityReference acct = sid.Translate(typeof(NTAccount));
                    string groupName = acct.Value;

                    //Trim the domain name which comes before the first slash
                    if (groupName.Contains("\\"))
                    {
                        int slashOccurrence = groupName.IndexOf('\\');
                        groupName = groupName.Substring(slashOccurrence);
                        groupName = groupName.TrimStart('\\');
                    }
                    groupValues.Add(groupName);
                }
                catch
                { }
            }

    When I have removed the user account from all the groups, how can the code retrieve that the user account is in these user groups?


    Thanks in advance,

    Regards,
    Praveen
    Praveen Gurrapu
    Wednesday, April 22, 2009 1:30 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    There are certain groups you cannot remove your users from.  These include some of the built in groups such as Everyone.  Everyone returns, well, everyone.  Everyone is someone.  :)  Nevertheless, unless you've granted permission to resources to "EVERYONE" you shouldn't have a problem security-wise.  To remove them from these groups, you'll have to delete the user account.
    David Morton - http://blog.davemorton.net/
    • Proposed as answer by Guo Surfer Friday, April 24, 2009 9:23 AM
    • Marked as answer by Guo Surfer Wednesday, April 29, 2009 6:39 AM
    Wednesday, April 22, 2009 7:40 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    You mean the code works or it does not?

    Ming Man
    chanmm
    Wednesday, April 22, 2009 3:11 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    My doubt is, "When we remove the windows user account from all the groups manually, is it still part of None, Everyone, Users, Interactive, Authenticated Users and Local groups? If so, then why is the provison to remove the association of the windows user with these groups?"


    Thaks and Regards,
    Praveen.
    Praveen Gurrapu
    Wednesday, April 22, 2009 7:36 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    There are certain groups you cannot remove your users from.  These include some of the built in groups such as Everyone.  Everyone returns, well, everyone.  Everyone is someone.  :)  Nevertheless, unless you've granted permission to resources to "EVERYONE" you shouldn't have a problem security-wise.  To remove them from these groups, you'll have to delete the user account.
    David Morton - http://blog.davemorton.net/
    • Proposed as answer by Guo Surfer Friday, April 24, 2009 9:23 AM
    • Marked as answer by Guo Surfer Wednesday, April 29, 2009 6:39 AM
    Wednesday, April 22, 2009 7:40 PM