none
Using Trustee Class in localize environment RRS feed

  • Question

  • I am using the following code to add rights to "Users" group and "Administators" group of a message queue. It works fine in English Windows 7.

    Things get ugly in  none English Windows 7.  The reason is that strings "Users" and "Administrators" in Trustee constructor  doesn't exist in a none English OS. Because these are localized strings in none English Windows 7.

    How do I handle this on none English Windows 7?. I don't want to create resource file for each locale and create maintenance nightmare.

    Any solution will be greatly appreciated.

    Cheers,

    ~Nakees

     AccessControlList qAccessControlList = new AccessControlList();
                    //Set Generic Read & Write permission for local user group of this computer.
                    Trustee userGroupTr = new Trustee("Users", null, TrusteeType.Group);
                    AccessControlEntry userGroupEntry = new AccessControlEntry(userGroupTr, GenericAccessRights.Read|GenericAccessRights.Write, StandardAccessRights.Read, AccessControlEntryType.Allow);
                     qAccessControlList.Add(userGroupEntry);                
                    //Add ownership to local administrators group of this computer.
                    Trustee administratorsGroupTr = new Trustee("Administrators", null, TrusteeType.Group);
                    AccessControlEntry administratorsGroupEntry = new AccessControlEntry(administratorsGroupTr, GenericAccessRights.All, StandardAccessRights.All, AccessControlEntryType.Allow);
                    qAccessControlList.Add(administratorsGroupEntry);          
                    gdQueue.SetPermissions(qAccessControlList);


    nakees



    • Edited by Nakees Tuesday, December 18, 2012 8:38 PM
    Tuesday, December 18, 2012 8:34 PM

Answers

  • Figure out how to get ti working. The using SID of the build it user group will always return the group name and SID is same for any non english win7.

    SID for Administrators group is  S-1-5-32-544

    Here is the partial code

      public static string GetNameBySid(string sid)
            {
                 return new SecurityIdentifier(sid).Translate(typeof(NTAccount)).ToString();
            }
    //Set Generic Read & Write permission for local user group of this computer.
                    string users = GetNameBySid("S-1-5-32-545");
                    Trustee userGroupTr = new Trustee(users, null, TrusteeType.Group);
                    AccessControlEntry userGroupEntry = new AccessControlEntry(userGroupTr, GenericAccessRights.Read|GenericAccessRights.Write, StandardAccessRights.Read, AccessControlEntryType.Allow);
                    qAccessControlList.Add(userGroupEntry);                
                    //Add ownership to local administrators group of this computer.
                    string administrators = GetNameBySid("S-1-5-32-544");
                    Trustee administratorsGroupTr = new Trustee(administrators, null, TrusteeType.Group);
                    AccessControlEntry administratorsGroupEntry = new AccessControlEntry(administratorsGroupTr, GenericAccessRights.All, StandardAccessRights.All, AccessControlEntryType.Allow);
                    qAccessControlList.Add(administratorsGroupEntry); 
    MessageQueue gdQueue = MessageQueue.Create(privateQueuePath, true);         
                    gdQueue.SetPermissions(qAccessControlList);


    nakees

    • Marked as answer by Nakees Wednesday, December 19, 2012 7:55 PM
    Wednesday, December 19, 2012 7:53 PM

All replies

  • I think you will need to get into the DirectoryServices namespaces and find your user and get their display name from a query.   For example....
    Tuesday, December 18, 2012 11:15 PM
  • You might try using SecurityIdentifier class to get SID of built-in group and translate it into NT account name:

    var usersSid = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
    var usersGroup = (NTAccount)usersSid.Translate(typeof(NTAccount));
    
    Console.WriteLine(usersGroup.Value);

    Wednesday, December 19, 2012 1:18 AM
  • Figure out how to get ti working. The using SID of the build it user group will always return the group name and SID is same for any non english win7.

    SID for Administrators group is  S-1-5-32-544

    Here is the partial code

      public static string GetNameBySid(string sid)
            {
                 return new SecurityIdentifier(sid).Translate(typeof(NTAccount)).ToString();
            }
    //Set Generic Read & Write permission for local user group of this computer.
                    string users = GetNameBySid("S-1-5-32-545");
                    Trustee userGroupTr = new Trustee(users, null, TrusteeType.Group);
                    AccessControlEntry userGroupEntry = new AccessControlEntry(userGroupTr, GenericAccessRights.Read|GenericAccessRights.Write, StandardAccessRights.Read, AccessControlEntryType.Allow);
                    qAccessControlList.Add(userGroupEntry);                
                    //Add ownership to local administrators group of this computer.
                    string administrators = GetNameBySid("S-1-5-32-544");
                    Trustee administratorsGroupTr = new Trustee(administrators, null, TrusteeType.Group);
                    AccessControlEntry administratorsGroupEntry = new AccessControlEntry(administratorsGroupTr, GenericAccessRights.All, StandardAccessRights.All, AccessControlEntryType.Allow);
                    qAccessControlList.Add(administratorsGroupEntry); 
    MessageQueue gdQueue = MessageQueue.Create(privateQueuePath, true);         
                    gdQueue.SetPermissions(qAccessControlList);


    nakees

    • Marked as answer by Nakees Wednesday, December 19, 2012 7:55 PM
    Wednesday, December 19, 2012 7:53 PM