C# - 如何获取有权访问远程计算机上共享文件夹的用户/组列表答案

【问题标题】：C# - How to get list of USERs/GROUPs having access to shared folder on a Remote MachineC# - 如何获取有权访问远程计算机上共享文件夹的用户/组列表
【发布时间】：2012-02-18 15:28:48
【问题描述】：

我想用 C# 编写代码来列出所有有权访问（读/写/完整）服务器上共享文件夹的用户/组。

例如：我有一个共享文件夹\servername\MyData。现在我想列出有权访问此文件夹的用户/组。

【问题讨论】：

共享文件夹位于哪台机器上？ Active Directory 环境？
是的..它在远程生产服务器上。

标签： c# user-permissions shared-directory

【解决方案1】：

    private DataTable GetSharedFolderAccessRule()
    {
        DataTable DT = new DataTable();

        try
        {
            DT.Columns.Add("ShareName");
            DT.Columns.Add("Caption");
            DT.Columns.Add("Path");
            DT.Columns.Add("Domain");
            DT.Columns.Add("User");
            DT.Columns.Add("AccessMask");
            DT.Columns.Add("AceType");

            ManagementScope Scope = new ManagementScope(@"\\.\root\cimv2");
            Scope.Connect();
            ObjectQuery Query = new ObjectQuery("SELECT * FROM Win32_LogicalShareSecuritySetting");
            ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Scope, Query);
            ManagementObjectCollection QueryCollection = Searcher.Get();

            foreach (ManagementObject SharedFolder in QueryCollection)
            {
                {
                    String ShareName = (String) SharedFolder["Name"];
                    String Caption   = (String)SharedFolder["Caption"];
                    String LocalPath = String.Empty;
                    ManagementObjectSearcher Win32Share = new ManagementObjectSearcher("SELECT Path FROM Win32_share WHERE Name = '" + ShareName + "'");
                    foreach (ManagementObject ShareData in Win32Share.Get())
                    {
                        LocalPath = (String) ShareData["Path"];
                    }

                    ManagementBaseObject Method = SharedFolder.InvokeMethod("GetSecurityDescriptor", null, new InvokeMethodOptions());
                    ManagementBaseObject Descriptor = (ManagementBaseObject)Method["Descriptor"];
                    ManagementBaseObject[] DACL = (ManagementBaseObject[])Descriptor["DACL"];
                    foreach (ManagementBaseObject ACE in DACL)
                    {
                        ManagementBaseObject Trustee = (ManagementBaseObject)ACE["Trustee"];

                        DataRow Row = DT.NewRow();
                        Row["ShareName"]  = ShareName;
                        Row["Caption"]    = Caption;
                        Row["Path"]       = LocalPath;
                        Row["Domain"]     = (String) Trustee["Domain"];
                        Row["User"]       = (String) Trustee["Name"];
                        Row["AccessMask"] = (UInt32) ACE["AccessMask"];
                        Row["AceType"]    = (UInt32)ACE["AceType"];
                        DT.Rows.Add(Row);
                        DT.AcceptChanges();
                    }
                }
            }
        }
        catch (Exception ex) 
        {
            MessageBox.Show(ex.StackTrace, ex.Message);
        }

        return DT;
    }

【讨论】：

【解决方案2】：

这应该会让你指向正确的方向，我无法在 atm 测试它，但应该是类似的。

private bool CheckAccess(DirectoryInfo directory)
{

    // Get the collection of authorization rules that apply to the current directory
    AuthorizationRuleCollection acl = directory.GetAccessControl().GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));

    foreach (var rule in acl)
    {
        // do something here
    }
}

【讨论】：

有了typeof(System.Security.Principal.NTAccount)，我们可以有更友好的IdentityReference（即：BUILTIN\Administrators）