|
-
May 12th, 2011, 06:57 AM
#1
Group Sid (description and domain) attached to every file
At the moment I am using GetFileSecurity, GetSecurityDescriptorGroup, and LookupAccountSid to get the group information attached to a file (via the sid).
I tried creating a couple of files on a stand alone machine and realised that the default seems to be:
Group: None, Domain: (The computer's name)
I looked at some system files e.g. C:\Program Files (x86)\Windows Defender\MpClient.dll and the results were:
Group: TrustedInstaller, Domain: NT SERVICE
The questions I have are:
1. When a new file is created will the group always be None, and the associated domain always be the name of the machine?
2. Is the group and domain ever likely to change over the lifetime of a file?
Last edited by Witis; May 12th, 2011 at 06:59 AM.
-
May 12th, 2011, 08:10 AM
#2
Re: Group Sid (description and domain) attached to every file
While I can't fully answer your question, I would expect that the group and domain are set based on the user that created the file. If the file was created by installing new software, there is a good chance that it may show TrustedInstaller as the group.
Likewise, if you look at the properties of a file, on the security tab there is an Advanced button. Click that and click on the owner tab... If you change the owner of the file, it may well change the group and domain for the file.
As I say, I haven't tested that as I haven't written a program like yours, but you probably can test that easily yourself.
Hope this helps.
Be sure to rate those who help!
-------------------------------------------------------------
Karl - WK5M
PP-ASEL-IA (N43CS)
PGP Key: 0xDB02E193
PGP Key Fingerprint: 8F06 5A2E 2735 892B 821C 871A 0411 94EA DB02 E193
-
May 12th, 2011, 05:39 PM
#3
Re: Group Sid (description and domain) attached to every file
Thanks for the reply krmed,
In order to test as you suggested I created 2 accounts, one a regular user and the other a member of the administrators group, and used each account to create a new text file (2 files in total). Then I looked at the owner and group properties for each file: it turns out that although each file is owned by [machine name\name of user] when I looked at the group name and domain, the group name was "none" and the associated domain is only [machine name] and excludes the specific user who created the file.
From this result is appears that the group name will always be "none" (why is this?) and the associated domain only includes higher level information. Do these results have any thing to do with a user's primary group, or are they unrelated concepts?
-
May 12th, 2011, 05:59 PM
#4
Re: Group Sid (description and domain) attached to every file
I suspect that what you see may be somewhat "normal" for a non-domain system.
If you try the same with a couple of different computers on a domain, you'll probably see different results. It may well set the group to the user's primary group.
You might see a difference also on the local machine if you add the user to a different group - like perhaps backup operators or such. On a non-domain computer, it might even behave differntly under Windows 7 than it does on XP. (I've seen several items that act differently on 7).
Good luck.
Be sure to rate those who help!
-------------------------------------------------------------
Karl - WK5M
PP-ASEL-IA (N43CS)
PGP Key: 0xDB02E193
PGP Key Fingerprint: 8F06 5A2E 2735 892B 821C 871A 0411 94EA DB02 E193
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote