Administrative Powers

[lothos12345]

I have written a visual basic.net class who's sole purpose is it get the user name and process id of a person that is running the particuliar application in which has this class and use that information to create a unique directory with a particularily name text file. This application works great if I am logged in as administrator into the machine but if I log in as someone else I cannot get the process information nor can I get the right to create the unique directory. Ideally the solution would be to increase the permissions of the Logon, unforunately this is not an option. I need the ability to do perform all the required actions as with administrator powers though I am logged in as the lesser user. This needs to be done in code. Any examples or help would be greatly appreciated.

 

[Qik3Coder]

if you do not have permission to write to the disk, then there are only to 3 options that i can think of:

1. get permissions

2. make the code/machine think you are logged in as someone that has the permissions to do what you need to do.

3. write to a location that you have access to, such as the TEMP dir.

Without Tek-Tips I would go Codal
-implementing random bugs for the sake of something to do.

 

[ThatRickGuy]

This should get you the User ID of the logged on user:

    Public Shared Function LoggedOnUserID() As String
      Return System.Security.Principal.WindowsIdentity.GetCurrent.Name.Replace("\", "/")
    End Function

And this will grab their full name from active directory:

    Public Shared Function LoggedOnUser() As String
      Dim DomainUser As String = LoggedOnUserID()
      Dim ADEntry As New System.DirectoryServices.DirectoryEntry("WinNT://" & DomainUser)
      Dim FullName As String = ADEntry.Properties("FullName").Value
      Return FullName
    End Function

As for write permissions, I know of two options.

1) Find a place where the user HAS create access. On locked down networks, users are often given a folder on a network share that they have full access to. Your network admins should be able to help on this one.

2) Impersonation. If you have an account that has local admin rights on every PC you can hard code that account into the code (or reference it from a DB or INI file) and have the process that creates the folder do so as that user account. I would recommend against this however as it does require either hard coding your local admin user name and password, or referencing it from a (likely unsecured) file or database.

-Rick

VB.Net Forum forum796 forum855 ASP.NET Forum
I believe in killer coding ninja monkeys.

 

[lothos12345]

what I need to do is: 2. make the code/machine think you are logged in as someone that has the permissions to do what you need to do.

Any ideas or examples on how to accomplish this would be greatly appreciated

ThatRickGuy: The first items of code you sent me returned the domain name and the user name not the processid has I was hoping, and I would also need the process name any idea what I did wrong.

 

[ThatRickGuy]

To make the code think you are someone else you will need "impersonation". There have been a few good threads on it here (maybe even a FAQ). Or Googleing for "vb.net" impersonation sample would probably get you pointed in the right direction.

So you want the user name and a process ID of an application based on a name? or the process ID of the application you are running? What are you trying to acomplish?

-Rick

VB.Net Forum forum796 forum855 ASP.NET Forum
I believe in killer coding ninja monkeys.

 

[Becks25Not]

You could also right a Windows Service installed as a Local Service to interact with your application. Local Service apps have heightened local privileges but no network.