我正在努力阅读
- Windows 中的所有用户组
- 每个组的权限(ACL、DACL 等)。
这是我的代码
public List<GroupPermissions> GetGroups()
{
var scope = new ManagementScope("\\\\.\\ROOT\\cimv2");
var sQuery = new SelectQuery("Select * from Win32_SecurityDescriptor");
var secDesc = new List<GroupPermissions>();
try
{
var mSearcher = new ManagementObjectSearcher(scope,sQuery);
foreach (ManagementObject mObject in mSearcher.Get())
{
var sDObj = new GroupPermissions();
var aceList = new List<ACE>();
var saceList = new List<ACE>();
var aceobjs = (ManagementObjectCollection)mObject["DACL"];
var aceobjsS = (ManagementObjectCollection)mObject["SACL"];
var gpTt = (ManagementObject)mObject["Group"];
var ownerTt = (ManagementObject)mObject["Owner"];
var sids = (UInt16[]) gpTt["SID"];
var osids= (UInt16[]) ownerTt["SID"];
var groupTrustee = new Trustee()
{
Domain =Convert.ToString(gpTt["Domain"]),
Name = Convert.ToString(gpTt["Name"]),
SIDString = Convert.ToString(gpTt["SIDString"]),
SidLength = Convert.ToUInt32(gpTt["SidLength"]),
SID = sids
};
var ownerTrustee = new Trustee()
{
Domain =Convert.ToString(ownerTt["Domain"]),
Name = Convert.ToString(ownerTt["Name"]),
SIDString = Convert.ToString(ownerTt["SIDString"]),
SidLength = Convert.ToUInt32(ownerTt["SidLength"]),
SID = osids
};
foreach (ManagementObject ace in aceobjs)
{
var dTrustee = (ManagementObject)ace["Trustee"];
var daclSids= (UInt16[]) dTrustee ["SID"];
var daclTrustee = new Trustee()
{
Domain =Convert.ToString(gpTt["Domain"]),
Name = Convert.ToString(gpTt["Name"]),
SIDString = Convert.ToString(gpTt["SIDString"]),
SidLength = Convert.ToUInt32(gpTt["SidLength"]),
SID = daclSids
};
aceList.Add(new ACE()
{
AccessMask = Convert.ToUInt32(ace["AccessMask"]),
AceFlags = Convert.ToUInt32(ace["AceFlags"]),
GuidInheritedObjectType = Convert.ToString(ace["GuidInheritedObjectType"]),
AceType = Convert.ToUInt32(ace["AceType"]),
GuidObjectType = Convert.ToString(ace["GuidObjectType"]),
Trustee = daclTrustee
});
}
foreach (ManagementObject sace in aceobjsS)
{
var dTrustee = (ManagementObject)sace["Trustee"];
var daclSids = (UInt16[])dTrustee["SID"];
var daclTrustee = new Trustee()
{
Domain = Convert.ToString(gpTt["Domain"]),
Name = Convert.ToString(gpTt["Name"]),
SIDString = Convert.ToString(gpTt["SIDString"]),
SidLength = Convert.ToUInt32(gpTt["SidLength"]),
SID = daclSids
};
saceList.Add(new ACE()
{
AccessMask = Convert.ToUInt32(sace["AccessMask"]),
AceFlags = Convert.ToUInt32(sace["AceFlags"]),
GuidInheritedObjectType = Convert.ToString(sace["GuidInheritedObjectType"]),
AceType = Convert.ToUInt32(sace["AceType"]),
GuidObjectType = Convert.ToString(sace["GuidObjectType"]),
Trustee = daclTrustee
});
}
sDObj.ControlFlags = Convert.ToUInt32(mObject["ControlFlags"] ?? 0);
sDObj.DACL = aceList.ToArray();
sDObj.Group = groupTrustee;
sDObj.Owner = ownerTrustee;
sDObj.SACL = saceList.ToArray();
secDesc.Add(sDObj);
}
}
catch (Exception ex)
{
}
return secDesc;
}
和我创建的依赖类(在 WMI 类的副本中)
public class GroupPermissions
{
public UInt32 ControlFlags;
public ACE[] DACL;
public Trustee Group;
public Trustee Owner;
public ACE[] SACL;
}
public class ACE
{
public UInt32 AccessMask;
public UInt32 AceFlags;
public UInt32 AceType;
public string GuidInheritedObjectType;
public string GuidObjectType;
public Trustee Trustee;
};
public class Trustee
{
public string Domain;
public string Name;
public UInt16[] SID;
public UInt32 SidLength;
public string SIDString;
};
它什么也不返回。列表对象为空。我肯定做错了什么。有人可以帮我吗?