I am trying to use active directory to tell if a user is logged in currently. Is this possible with active directory?
I can check what role the user has User.IsInRole(#"domain.com\TeamLead")
But I'm not seeing anything to see if they are currently logged in or not.
By strictly using Active Directory, you will not be able to get this information. Active Directory doesn't store this type of information. You can turn on Login Auditing through GPO and query individuals computers, but that could be messy.
An outside solution could be psloggedon:
http://technet.microsoft.com/en-us/sysinternals/bb897545.aspx
Though that is hardly ideal.
AFAIK there is no out of the box datastore that keeps track of which users are currently logged into a domain.
Another alternative could be to craft a logon/logoff script that writes to a particular file/database and you could monitor that file to see who is logged in.
Related
i have windows service which is deployed using service.msc using c#,
i want to access the current logged in users download folder
eg: if the current logged in username is admin, then i want to access
C:\Users\admin\Downloads
and if the current logged in username is tomas, then i want to acess
C:\Users\tomas\Downloads.
You can use SHGetKnownFolderPath(FOLDERID_Downloads), passing in a token for the desired user account. The trick will be in knowing which user you want. There may be more than one user logged in at the same time. There may be no users logged in at all. If your service is running under the SYSTEM account, it can enumerate active user sessions via WTSEnumerateSessions() and get their user token via WTSQueryUserToken().
I've been tasked with developing an installer that creates and sets up a new local user account with predefined accessibility to our windows application before first login. As we know, the user's directory in C:\Users is only created when the user logs in for the first time. This means that I have to also create the user's directory in C:\Users and the Desktop and AppData directories within.
I have already created the User and the directories programmatically. However, while manually logging into the user account for the first time, Windows goes through the pains of creating and assigning a different user directory, completely ignoring the directory that I would have wanted the user to be able use.
I have thought of some possible workarounds, but they all require the user to login manually. Is there a way of approaching this problem without the user account having been logged into before?
I have an Application that needs to store User Info such as their Username and there score and etc...
I have selected LocalApplicationData of the Environment.SpecialFolder Enumeration.
but I can access the directory for my application manually using file explorer and can edit or delete the file that can prove as a weak spot for the application and the users may be able to mess with my application.
So, Is there any directory that I can write to using code that the user will not be able to access it.
tnx
Is there any directory that I can write to using code that the user will not be able to access it.
No. An application run by a user account has the same privileges and permissions as that user. Therefore, there is no way that the application could do something the user couldn't do on his own.
If the data you need to store is intended to be browsed or modified by the user, it should go in Environment.SpecialFolder.Personal.
Otherwise, data should be stored in either Environment.SpecialFolder.ApplicationData (if it should roam with the user account) or Environment.SpecialFolder.LocalApplicationData (if it should not roam with the user, and instead should be limited to the local machine).
Yes, the user can get into these folders and destroy the data. By doing so, they run the risk of breaking your application. You can't secure yourself from yourself.
Develop a "repair" utility that can recover from the damage by recreating the necessary files on startup of your application if necessary.
As your application is running with your users privileges, there is no place your application can access that your user would not be able to access.
Your only option is to use encryption so your user cannot tamper with the file easily once it's written. But even then... what you did with the user's privileges can be undone by the user with the same privileges. You can only make it hard enough so he or she won't bother.
You can not prevent use open the file, but have some method to check if a file is being modified by user.
You can save it at Registry, or if your data is big, you can encrypt it before save to file. When you encrypt data, user can not know which infomartion it contains, and if user open the file and modify it, the data become invalid and you can know it is modified.
I am working on a C# Asp.net site that adds users to Active Directory and assigns them to security groups.
The whole script works great except for one issue. I can add users to groups, but I get an "Access Denied" exception when trying to add the user to a group that the Application Pool's Identity is a member of.
I think it's a windows permissions issue, but I'm not sure what permission is required. We had the same issue in the past when using an older VB script.
Any ideas?
I had this kind of issue with a website designed for active directory management. The execution environment was not allowed to manage AD so far. So, through IIS, we changed the default account to local system, who has full permission (almost, he can't reboot the system for example) and cannot be logged (security first). This works for you are impersonating your website.
If not, You will need an advanced group and user management. AD permissions are very touchy.
Edit:
In your case, using a specific account is not a problem. Check the identity when your admin logs, and use impersonation with Local System. Your application environment will be alright, and only your admin will have an access.
I am writing a c# application.
As part of my application, I need to read the users' profiles.
In order to get all the users, I am using Registry.Users.GetSubKey().
The problem is that on Windows 8 the HKEY_USERS contains only logged in users! (when there is 2 users logged in I wiil see 2 users under HKEY_USERS, but if one of the users will sign out, then there will be only 1 user under HKEY_USERS)
As a result, I get the profiles only for logged in users.
I tried to search the entire registry to find where the data is saved, but I can't find this information anywhere.... it seems like the info is gone when the user logs out.
Is it by design, or a bug?
Where the data is saved - it must be in the registry, but I can't find it...
Could it be something in the permissions? Maybe the info is there but it's hidden when the user is not logged in? Is there a flag or something I can use to read the profile for non logged in users?
This may not work in all cases, but has suited my needs. Load Registry Hive
reg load HKU\Steven C:\Users\Steven\ntuser.dat
Read necessary data, then unload
reg unload HKU\Steven
As part of my application, I need to read the users' profiles.
Then you need to redesign your application. What you're asking for is not possible.
From Raymond Chen's blog post, "Beware of roaming user profiles":
[Y]ou cannot just cruise through the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList registry key expecting to find all the user profiles and possibly even modify them, because the copy of the user profile on the local computer might not be the authoritative one.
Anything you see on your local machine relating to other users' profiles -- whether under HKEY_USERS, or in their profile directories under C:\Users -- is just a local cache from the last time they logged in on that machine. The real data, the up-to-date data, is stored on a domain controller somewhere.
You can't rely on other users' locally-stored profile data for anything at all. You're better off pretending it's not even there.