如何找出谁使用 .NET 在 Windows 中创建了文件?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3370146/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How can I find out who created a file in Windows using .NET?
提问by Dan Harris
I need to find out who created a file using .NET
我需要找出谁使用 .NET 创建了一个文件
I have already tried the following:
我已经尝试过以下方法:
string FileLocation = @"C:\test.txt";
FileInfo droppedFile = new FileInfo(FileLocation);
FileSecurity fileSecurity = droppedFile.GetAccessControl();
IdentityReference identityReference = fileSecurity.GetOwner(typeof(NTAccount));
string userName = identityReference.Value;
Console.WriteLine(userName);
All this returns is "BUILTIN\Administrators"
所有这些返回的是“BUILTIN\Administrators”
Am I doing something wrong here? Because when I look at the C:\ in explorer, the owner shows the correct username, when I exectute the code above it returns "BUILTIN\Administrators"
我在这里做错了吗?因为当我在资源管理器中查看 C:\ 时,所有者显示了正确的用户名,当我执行上面的代码时,它返回“BUILTIN\Administrators”
Which isn't even a domain and username, I think it's a security group.
这甚至不是域和用户名,我认为它是一个安全组。
Any help appreciated.
任何帮助表示赞赏。
采纳答案by Tim Robinson
If a user is an administrator, then the files they created are considered to be owned by the whole administrators group, not the individual user.
如果用户是管理员,那么他们创建的文件将被视为整个管理员组拥有,而不是单个用户。
You can see the same behaviour in Explorer's properties dialog. Annoyingly, I don't think there is any workaround, other than not making users admins.
您可以在资源管理器的属性对话框中看到相同的行为。令人讨厌的是,除了不让用户成为管理员之外,我认为没有任何解决方法。
Edit:This Technet articleexplains this behaviour in more detail. The rationale is that Windows treats all administrators as a single entity; any administrator on the system can do anything that the other administrators can.
编辑:这篇 Technet 文章更详细地解释了这种行为。理由是 Windows 将所有管理员视为一个实体;系统上的任何管理员都可以做其他管理员可以做的任何事情。
- If one administrator is permissioned on a file, so are all other administrators
- If one administrator is denied access, then likewise the rest of the admins
- And if one administrator owns a file -- the owner of the file is given privileged access to that file -- then all other administrators must also own that file.
- 如果一个管理员对文件有权限,那么所有其他管理员也有权限
- 如果一个管理员被拒绝访问,那么其他管理员也是如此
- 如果一个管理员拥有一个文件——该文件的所有者被授予对该文件的特权访问权——那么所有其他管理员也必须拥有该文件。
回答by invert
Update:I am wrong, there is an owner descriptor for file objects! (where was my head). Have a look at this MSDN article.
更新:我错了,文件对象有一个所有者描述符!(我的头在哪里)。看看这篇 MSDN 文章。
Possibly because the file object does not define a creator or owner, but instead is owned by the system itself (builtin\administrators). The "group or user names" list only specifies a list of groups and users that have access to the file, but not a creator specifically.
可能是因为文件对象没有定义创建者或所有者,而是由系统本身(内置\管理员)拥有。“组或用户名”列表仅指定有权访问该文件的组和用户的列表,而不是具体的创建者。
Best you can do is iterate through the list of "group or user names" and take a best guess which one the creator.
您能做的最好的事情是遍历“组或用户名”列表,并最好地猜测创建者是哪一个。
