File/directory permissions


  • This is the closest forum that I could find. If this question seems out-of-scope for this forum please redirect me.

    I have some code that impersonates the Administrator of a domain using the LoginUser API.

            #region GetWindowsIdentity
            private WindowsIdentity GetWindowsIdentity(string userName, string domain, string password)
                IntPtr userHandle = IntPtr.Zero;
                bool loggedOn = Win32.LogonUser(userName, domain, password,
                                                out userHandle);
                if (!loggedOn)
                    throw new Win32Exception(Marshal.GetLastWin32Error());
                return new WindowsIdentity(userHandle);
                    identity = GetWindowsIdentity("Administrator", "xxxx", "xxxx");
                    impersonationContext = identity.Impersonate();
                    string file = tempDir + @"\TempFile.cs";
                    string directoryName = Path.GetDirectoryName(file);
                    if (directoryName == string.Empty || !Directory.Exists(directoryName))
                        Debug.WriteLine(string.Format("Error: Unable to locate the output directory '{0}'.", directoryName));
                    if (impersonationContext != null)
                    if (identity != null)
    The problem is that when this code is run the directory "C:/Temp" is not found. I have given "Everyone" full control of this directory but the call Directory.Exists says that this directory is not there. If I comment out the lines to impersonate the Administrator the directory is found. What part of security or access control do I not understand? The OS for this machine is a 64-bit version of Windows 7.

    Thank you.

    Saturday, February 6, 2010 4:01 PM

All replies

  • There are two set of virtualization which can redirect your program's file access. One is the 64bit Windows's File System Redirector, another is Vista/2008/Windows 7/2008 R2's file and registry virtualization. I suggest you to run procmon to see where your program's file access is redirected to and adjust your code accordingly.

    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful.
    Visual C++ MVP
    • Marked as answer by SamAgain Friday, February 12, 2010 11:56 AM
    • Unmarked as answer by KevinBurton Friday, February 12, 2010 2:45 PM
    Saturday, February 6, 2010 7:07 PM
  • I am sorry I guess I need a little more help in using procmon. When I run it I see headings of "Time, Process Name, PID, Operation, Path, Result, Detail". Which of these columns tells me the virtualization that is redirecting the file access?

    Thanks again.

    Friday, February 12, 2010 2:55 PM
  • It is task manager, sorry. The UAC virtualization column is default invisible, go the view menu to choose it.

    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful.
    Visual C++ MVP
    Friday, February 12, 2010 2:59 PM
  • Adding this column just shows enabled/disabled and it only shows this for running processes. Testing file access takes a very short time.
    Friday, February 12, 2010 3:02 PM
  • You can setup filter in procmon and only include the file names you are interested in if you want to audit file access.

    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful.
    Visual C++ MVP
    Friday, February 12, 2010 3:04 PM
  • I thought we switched to TaskManager. For procmon I am checking for a directories existence "C:/Temp" is this the path that should be in procmon?

    I get a stack trace like:

    0	fltmgr.sys	FltpPerformPreCallbacks + 0x2f7	0xfffff880010e5027	C:\Windows\system32\drivers\fltmgr.sys
    1	fltmgr.sys	FltpPassThroughInternal + 0x4a	0xfffff880010e78ca	C:\Windows\system32\drivers\fltmgr.sys
    2	fltmgr.sys	FltpCreate + 0x293	0xfffff880011052a3	C:\Windows\system32\drivers\fltmgr.sys
    3	ntoskrnl.exe	IopParseDevice + 0x5a7	0xfffff80002d85477	C:\Windows\system32\ntoskrnl.exe
    4	ntoskrnl.exe	ObpLookupObjectName + 0x585	0xfffff80002d7b764	C:\Windows\system32\ntoskrnl.exe
    5	ntoskrnl.exe	ObOpenObjectByName + 0x306	0xfffff80002d80876	C:\Windows\system32\ntoskrnl.exe
    6	ntoskrnl.exe	NtQueryFullAttributesFile + 0x14f	0xfffff80002d16da0	C:\Windows\system32\ntoskrnl.exe
    7	ntoskrnl.exe	KiSystemServiceCopyEnd + 0x13	0xfffff80002a84153	C:\Windows\system32\ntoskrnl.exe
    8	ntdll.dll	NtQueryFullAttributesFile + 0xa	0x76ef101a	C:\Windows\SYSTEM32\ntdll.dll
    9	KERNELBASE.dll	GetFileAttributesExW + 0x9d	0x7fefced860d	C:\Windows\system32\KERNELBASE.dll
    10	mscorwks.dll	mscorwks.dll + 0x2ccd27	0x7fef7a3cd27	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
    11 + 0x36ced8	0x7fef6bfced8	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9a017aa8d51322f18a40f414fa35872d\
    12 + 0x36cbbc	0x7fef6bfcbbc	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9a017aa8d51322f18a40f414fa35872d\
    13 + 0x3159a8	0x7fef6ba59a8	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9a017aa8d51322f18a40f414fa35872d\
    14 + 0x315ae1	0x7fef6ba5ae1	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9a017aa8d51322f18a40f414fa35872d\
    15	<unknown>	0x7ff003b04bd	0x7ff003b04bd	
    Date & Time:	2/12/2010 9:09:22 AM
    Event Class:	File System
    Operation:	CreateFile
    Path:	C:\Temp
    TID:	3980
    Duration:	0.0000262
    Desired Access:	Read Attributes
    Disposition:	Open
    Options:	Open Reparse Point
    Attributes:	n/a
    ShareMode:	Read, Write, Delete
    AllocationSize:	n/a
    Impersonating:	ASGARD\Administrator
    Description:	TestDriven.NET 2.0
    Company:	Mutant Design
    Name:	ProcessInvocation.exe
    Version:	2.22.2468.0
    Path:	C:\Program Files (x86)\TestDriven.NET 2.0\ProcessInvocation.exe
    Command Line:	"C:\Program Files (x86)\TestDriven.NET 2.0\ProcessInvocation.exe" /assemblyName:"TestDriven.TestRunner.Server, Version=2.22.2468.0, Culture=neutral, PublicKeyToken=50ecb853f8c6b8d2" /xmlName:"M:TestDriven.TestRunner.ProcessManager.Listen(System.String,System.
    PID:	4352
    Parent PID:	852
    Session ID:	2
    User:	ASGARD\kevinb
    Auth ID:	00000000:00b14b3c
    Architecture:	64-bit
    Virtualized:	False
    Integrity:	Medium
    Started:	2/12/2010 8:50:56 AM
    Ended:	(Running)
    TestDriven.Framework.dll	0x1db0000	0x8000	C:\Program Files (x86)\TestDriven.NET 2.0\TestDriven.Framework.dll	 
    TestDriven.TestRunner.Server.dll	0x2b40000	0x1a000	C:\Program Files (x86)\TestDriven.NET 2.0\TestDriven.TestRunner.Server.dll	Mutant Design
    TestDriven.TestRunner.dll	0x2ba0000	0x2e000	C:\Program Files (x86)\TestDriven.NET 2.0\TestDriven.TestRunner.dll	Mutant Design
    System.Data.dll	0x5030000	0x302000	C:\Windows\assembly\GAC_64\System.Data\\System.Data.dll	Microsoft Corporation
    System.Data.dll	0x56c0000	0x302000	C:\Windows\assembly\GAC_64\System.Data\\System.Data.dll	Microsoft Corporation
    ProcessInvocation.exe	0x10e10000	0xa000	C:\Program Files (x86)\TestDriven.NET 2.0\ProcessInvocation.exe	Mutant Design
    System.dll	0x59350000	0x30a000	C:\Windows\assembly\GAC_MSIL\System\\System.dll	Microsoft Corporation
    System.Xml.dll	0x5ac00000	0x1f8000	C:\Windows\assembly\GAC_MSIL\System.Xml\\System.Xml.dll	Microsoft Corporation
    System.Configuration.dll	0x5ae00000	0x6c000	C:\Windows\assembly\GAC_MSIL\System.Configuration\\System.Configuration.dll	Microsoft Corporation
    MSVCR80.dll	0x73a70000	0xc9000	C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_88dce9872fb18caf\MSVCR80.dll	Microsoft Corporation
    KERNEL32.dll	0x76c80000	0x11f000	C:\Windows\system32\KERNEL32.dll	Microsoft Corporation
    USER32.dll	0x76da0000	0xfa000	C:\Windows\system32\USER32.dll	Microsoft Corporation
    ntdll.dll	0x76ea0000	0x1ab000	C:\Windows\SYSTEM32\ntdll.dll	Microsoft Corporation
    diasymreader.dll	0x516f00000	0xc6000	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll	Microsoft Corporation	0x7fee8c20000	0xe8a000	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\d753bba0990df9a19883f05d5b681d3b\	Microsoft Corporation	0x7feeb590000	0x1096000	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\2e0044fa7cabadce65fa8964fe2c90dd\	Microsoft Corporation	0x7feec630000	0x237000	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\10f1e1ffca16e550af8a8fd7685a48ef\	Microsoft Corporation	0x7feed010000	0xfd000	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\28b3698c0e8eac7c31e65542ece11346\	Microsoft Corporation
    shfolder.dll	0x7fef26c0000	0x7000	C:\Windows\system32\shfolder.dll	Microsoft Corporation	0x7fef3c80000	0x6a5000	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\1fb1b14199d6aec70df1a0626a3ae5f2\	Microsoft Corporation	0x7fef4390000	0x143000	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\907b2b3dae591e0484acfc0ea63e8caa\	Microsoft Corporation	0x7fef5ce0000	0xa1e000	C:\Windows\assembly\NativeImages_v2.0.50727_64\System\247913fa7ae6fcf04ea33d28d24ab611\	Microsoft Corporation
    mscorjit.dll	0x7fef6700000	0x184000	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll	Microsoft Corporation	0x7fef6890000	0xedb000	C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9a017aa8d51322f18a40f414fa35872d\	Microsoft Corporation
    mscorwks.dll	0x7fef7770000	0x9ae000	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll	Microsoft Corporation
    MSCOREE.DLL	0x7fef8120000	0x66000	C:\Windows\SYSTEM32\MSCOREE.DLL	Microsoft Corporation
    LMIRfsClientNP.dll	0x7fefa010000	0x18000	C:\Windows\System32\LMIRfsClientNP.dll	LogMeIn, Inc.
    mpr.dll	0x7fefa050000	0x18000	C:\Windows\system32\mpr.dll	Microsoft Corporation
    dwmapi.dll	0x7fefb480000	0x18000	C:\Windows\system32\dwmapi.dll	Microsoft Corporation
    gdiplus.dll	0x7fefb7c0000	0x215000	C:\Windows\WinSxS\\gdiplus.dll	Microsoft Corporation
    uxtheme.dll	0x7fefb9e0000	0x56000	C:\Windows\system32\uxtheme.dll	Microsoft Corporation
    VERSION.dll	0x7fefbf60000	0xc000	C:\Windows\system32\VERSION.dll	Microsoft Corporation
    rsaenh.dll	0x7fefc2e0000	0x47000	C:\Windows\system32\rsaenh.dll	Microsoft Corporation
    wshtcpip.dll	0x7fefc4e0000	0x7000	C:\Windows\System32\wshtcpip.dll	Microsoft Corporation
    mswsock.dll	0x7fefc5f0000	0x54000	C:\Windows\system32\mswsock.dll	Microsoft Corporation
    CRYPTSP.dll	0x7fefc650000	0x17000	C:\Windows\system32\CRYPTSP.dll	Microsoft Corporation
    wship6.dll	0x7fefc7d0000	0x7000	C:\Windows\System32\wship6.dll	Microsoft Corporation
    SspiCli.dll	0x7fefcca0000	0x25000	C:\Windows\system32\SspiCli.dll	Microsoft Corporation
    CRYPTBASE.dll	0x7fefcd30000	0xf000	C:\Windows\system32\CRYPTBASE.dll	Microsoft Corporation
    RpcRtRemote.dll	0x7fefcde0000	0x14000	C:\Windows\system32\RpcRtRemote.dll	Microsoft Corporation
    profapi.dll	0x7fefce00000	0xf000	C:\Windows\system32\profapi.dll	Microsoft Corporation
    msasn1.dll	0x7fefcea0000	0xf000	C:\Windows\System32\msasn1.dll	Microsoft Corporation
    KERNELBASE.dll	0x7fefced0000	0x6b000	C:\Windows\system32\KERNELBASE.dll	Microsoft Corporation
    crypt32.dll	0x7fefcf80000	0x166000	C:\Windows\System32\crypt32.dll	Microsoft Corporation
    NSI.dll	0x7fefd270000	0x8000	C:\Windows\system32\NSI.dll	Microsoft Corporation
    USP10.dll	0x7fefd740000	0xca000	C:\Windows\system32\USP10.dll	Microsoft Corporation
    msvcrt.dll	0x7fefd810000	0x9f000	C:\Windows\system32\msvcrt.dll	Microsoft Corporation
    shell32.dll	0x7fefd950000	0xd86000	C:\Windows\system32\shell32.dll	Microsoft Corporation
    sechost.dll	0x7fefe6e0000	0x1f000	C:\Windows\SYSTEM32\sechost.dll	Microsoft Corporation
    SHLWAPI.dll	0x7fefe700000	0x71000	C:\Windows\system32\SHLWAPI.dll	Microsoft Corporation
    LPK.dll	0x7fefe780000	0xe000	C:\Windows\system32\LPK.dll	Microsoft Corporation
    MSCTF.dll	0x7fefe790000	0x109000	C:\Windows\system32\MSCTF.dll	Microsoft Corporation
    RPCRT4.dll	0x7fefea20000	0x12e000	C:\Windows\system32\RPCRT4.dll	Microsoft Corporation
    IMM32.DLL	0x7fefeb50000	0x2e000	C:\Windows\system32\IMM32.DLL	Microsoft Corporation
    ole32.dll	0x7fefeb80000	0x201000	C:\Windows\system32\ole32.dll	Microsoft Corporation
    ADVAPI32.dll	0x7fefed90000	0xdb000	C:\Windows\system32\ADVAPI32.dll	Microsoft Corporation
    GDI32.dll	0x7feff010000	0x67000	C:\Windows\system32\GDI32.dll	Microsoft Corporation
    ws2_32.dll	0x7feff160000	0x4d000	C:\Windows\system32\ws2_32.dll	Microsoft Corporation

    This is pretty Greek to me.

    Friday, February 12, 2010 3:20 PM
  • LogonUser() returns a primary token (for interactive logon type), while WindowsIdentity expects impersonation token. Seems you need to convert your token using DuplicateHandleEx() before creating a WindowsIdentity instance.
    Also, WindowsIdentity constructor doesn't wrap your handle but internally creates its copy, so you should explicitely close your handles with CloseHandle() to avoid memory leaks.
    Friday, February 12, 2010 6:32 PM