为什么 DirectoryEntry(“WinNT://”) 不显示组中的所有人?
下面的函数(应该)列出本地计算机上的所有组。
现在的问题是:为什么“所有人”组没有出现?
如果我以用户身份更改目录权限,我会看到“每个人”组,因此它必须存在于某处。
Public Shared Function GetAllGroups() As DataTable
Return GetAllGroups(System.Environment.MachineName)
End Function
' Tools.Permissions.Local.GetAllGroups() '
Public Shared Function GetAllGroups(ByVal strDomain As String) As DataTable
Dim dt As New DataTable
Dim dr As DataRow = Nothing
Try
Dim bException As Boolean = False
Dim deLocalMachine As System.DirectoryServices.DirectoryEntry = New System.DirectoryServices.DirectoryEntry("WinNT://" + strDomain)
'Dim deRootObject As System.DirectoryServices.DirectoryEntry = GetDirectoryEntry(strPath, strUserName, strPassword, bException) '
If bException Then
Return Nothing
End If
For Each child As System.DirectoryServices.DirectoryEntry In deLocalMachine.Children
Try
If StringComparer.OrdinalIgnoreCase.Equals(child.SchemaClassName, "group") Then
If Not dt.Columns.Contains("Members") Then
dt.Columns.Add("Members", GetType(System.String))
End If
For Each strPropertyName As String In child.Properties.PropertyNames
If Not dt.Columns.Contains(strPropertyName) Then
dt.Columns.Add(strPropertyName, GetType(System.String))
End If
Next strPropertyName
dr = dt.NewRow
Dim strMembers As String = ""
For Each member As Object In DirectCast(child.Invoke("Members"), IEnumerable)
Using memberEntry As New System.DirectoryServices.DirectoryEntry(member)
Try
strMembers += memberEntry.Properties("Name").Value.ToString() + Environment.NewLine
Console.WriteLine(memberEntry.Path)
Catch exFixMeIsNotNullNotWorking As Exception
End Try
End Using
Next
dr("Members") = strMembers
For Each strPropertyName As String In child.Properties.PropertyNames
If StringComparer.OrdinalIgnoreCase.Equals(strPropertyName, "objectSid") Then
Dim strSID As String = ""
Try
Dim sidThisSid As New System.Security.Principal.SecurityIdentifier(child.Properties(strPropertyName).Value, 0)
strSID = sidThisSid.ToString()
' http://stackoverflow.com/questions/1040623/convert-a-username-to-a-sid-string-in-c-net '
' NTAccount ntAccount = (NTAccount)sid.Translate( typeof( NTAccount ) ); '
' Dim ntAccount As Security.Principal.NTAccount = CType(sidThisSid.Translate(GetType(Security.Principal.NTAccount)), Security.Principal.NTAccount) '
Catch ex As Exception
End Try
dr(strPropertyName) = strSID
Else
dr(strPropertyName) = child.Properties(strPropertyName).Value.ToString()
End If
Next strPropertyName
dt.Rows.Add(dr)
End If
Catch ex As Exception ' Don't finish just because one fails
Console.WriteLine(ex.Message.ToString & vbLf & vbLf & ex.StackTrace.ToString, MsgBoxStyle.Critical, "FEHLER ...")
End Try
Next
Catch ex As Exception
Console.WriteLine(ex.Message.ToString & vbLf & vbLf & ex.StackTrace.ToString, MsgBoxStyle.Critical, "FEHLER ...")
End Try
Return dt
End Function ' ListEverything
The below function (is supposed to) lists all groups on the local machine.
Now the question: Why does the "everyone" group not show up ?
If I change directory permissions as user, I see the "everyone" group, so it must be there, somewhere.
Public Shared Function GetAllGroups() As DataTable
Return GetAllGroups(System.Environment.MachineName)
End Function
' Tools.Permissions.Local.GetAllGroups() '
Public Shared Function GetAllGroups(ByVal strDomain As String) As DataTable
Dim dt As New DataTable
Dim dr As DataRow = Nothing
Try
Dim bException As Boolean = False
Dim deLocalMachine As System.DirectoryServices.DirectoryEntry = New System.DirectoryServices.DirectoryEntry("WinNT://" + strDomain)
'Dim deRootObject As System.DirectoryServices.DirectoryEntry = GetDirectoryEntry(strPath, strUserName, strPassword, bException) '
If bException Then
Return Nothing
End If
For Each child As System.DirectoryServices.DirectoryEntry In deLocalMachine.Children
Try
If StringComparer.OrdinalIgnoreCase.Equals(child.SchemaClassName, "group") Then
If Not dt.Columns.Contains("Members") Then
dt.Columns.Add("Members", GetType(System.String))
End If
For Each strPropertyName As String In child.Properties.PropertyNames
If Not dt.Columns.Contains(strPropertyName) Then
dt.Columns.Add(strPropertyName, GetType(System.String))
End If
Next strPropertyName
dr = dt.NewRow
Dim strMembers As String = ""
For Each member As Object In DirectCast(child.Invoke("Members"), IEnumerable)
Using memberEntry As New System.DirectoryServices.DirectoryEntry(member)
Try
strMembers += memberEntry.Properties("Name").Value.ToString() + Environment.NewLine
Console.WriteLine(memberEntry.Path)
Catch exFixMeIsNotNullNotWorking As Exception
End Try
End Using
Next
dr("Members") = strMembers
For Each strPropertyName As String In child.Properties.PropertyNames
If StringComparer.OrdinalIgnoreCase.Equals(strPropertyName, "objectSid") Then
Dim strSID As String = ""
Try
Dim sidThisSid As New System.Security.Principal.SecurityIdentifier(child.Properties(strPropertyName).Value, 0)
strSID = sidThisSid.ToString()
' http://stackoverflow.com/questions/1040623/convert-a-username-to-a-sid-string-in-c-net '
' NTAccount ntAccount = (NTAccount)sid.Translate( typeof( NTAccount ) ); '
' Dim ntAccount As Security.Principal.NTAccount = CType(sidThisSid.Translate(GetType(Security.Principal.NTAccount)), Security.Principal.NTAccount) '
Catch ex As Exception
End Try
dr(strPropertyName) = strSID
Else
dr(strPropertyName) = child.Properties(strPropertyName).Value.ToString()
End If
Next strPropertyName
dt.Rows.Add(dr)
End If
Catch ex As Exception ' Don't finish just because one fails
Console.WriteLine(ex.Message.ToString & vbLf & vbLf & ex.StackTrace.ToString, MsgBoxStyle.Critical, "FEHLER ...")
End Try
Next
Catch ex As Exception
Console.WriteLine(ex.Message.ToString & vbLf & vbLf & ex.StackTrace.ToString, MsgBoxStyle.Critical, "FEHLER ...")
End Try
Return dt
End Function ' ListEverything
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Everyone组不是标准组,而是隐式组或内置主体。如果您打开本地“用户和组”,您也不会看到它在那里列出。其他“组”(例如经过身份验证的用户)也是如此。如果您想访问这些,您需要使用System.Security.Principal.WellKnownSidType枚举。这篇Windows 2008 文章也确实与旧版本的 Windows 相关。The
Everyonegroup isn't a standard group but rather an implicit group or built-in principal. If you open your local "Users and Groups" you won't see it listed there either. The same is true of other "groups" such asAuthenticated Users. If you want to access these you need to use theSystem.Security.Principal.WellKnownSidTypeenumeration. This Windows 2008 article is really relevant for older versions of Windows, too.