none
Changing folder permissions on a remote computer RRS feed

  • Question

  • I'm attempting to add full permissions to a folder for a specific domain user programmatically. The catch is, I need to be able to do this from a computer not in the domain. For simplicity's sake, the following assumptions are safe:

    Domain: Rose.Labs

    Username: bob-mills

    Path to folder: \\fileserver1\d$\studentaccess\bob-mills

     

    So here is the code that I have:

          try
          {
            // get current ACL 
            DirectoryInfo dInfo = new DirectoryInfo(@"\\fileserver1\d$\studentaccess\bob-mills");
            DirectorySecurity dSecurity = dInfo.GetAccessControl();
    
            // Add full control for the user and set owner to them 
            IdentityReference newUser = new NTAccount("Rose.Labs", "bob-mills");
    
            dSecurity.SetOwner(newUser);
            FileSystemAccessRule permissions = new FileSystemAccessRule(newUser, FileSystemRights.FullControl, AccessControlType.Allow);
            dSecurity.AddAccessRule(permissions);
    
            // Set the new access settings. 
            dInfo.SetAccessControl(dSecurity);
          }
          catch (Exception e)
          {
            Console.WriteLine(e.Message);
          }

     

    However, when I run this, I get the exception:

    Some or all identity references could not be translated.

    The reason I get this is because the computer I'm running the code on is NOT a member of the domain. When I join the domain and run this, it works perfectly. So my question is, how do I modify this so it works on a computer not on the domain?


     

    Wednesday, June 30, 2010 9:51 PM

All replies

  • That's more of a security question I think, not C#.  However I do know that an administrator can set up the domain to disallow connection from any computer that is not in the domain. It's a security feature that restricts communication to stay within the domain, and if that has been set up then you can't do it. 

    Apart from that, I'm not an expert, but you need to be using an account that is 1) a full valid domain account or 2) a full valid local account at that remote computer. You can't use 1) because you can't logon to the domain, and you can't use 2) without maybe doing some kind of impersonation with a valid account.  Also, I can't imagine that Windows security will let you alter a remote system by just specifying a domain name and user name that are public knowledge! If anything you would need a complete identity including your password on that domain system. Maybe FileSystemAccessRule takes a complete identity that includes a password, maybe a WindowsIdentity.


    Phil Wilson
    Wednesday, June 30, 2010 10:38 PM
  • In that case, I've written a web app that allows authenticated administrators to add new users to the active directory. One of the tasks that we want to accomplish is create of an ftp home directory and giving that user permission to it. I can create the folder fine but the permission is what's throwing me for a loop. 

    How would you recommend I go about setting that folder permission?

    Wednesday, June 30, 2010 11:01 PM