tags:

views:

48

answers:

2
+2  Q: 

How can I find out who created a file in Windows using .NET?

I need to find out who created a file using .NET

I have already tried the following:

string FileLocation = @"C:\test.txt";
FileInfo droppedFile = new FileInfo(FileLocation);
FileSecurity fileSecurity = droppedFile.GetAccessControl();
IdentityReference identityReference = fileSecurity.GetOwner(typeof(NTAccount));
string userName = identityReference.Value;
Console.WriteLine(userName);

All this returns is "BUILTIN\Administrators"

Am I doing something wrong here? Because when I look at the C:\ in explorer, the owner shows the correct username, when I exectute the code above it returns "BUILTIN\Administrators"

Which isn't even a domain and username, I think it's a security group.

Any help appreciated.

+1  A: 

Update: I am wrong, there is an owner descriptor for file objects! (where was my head). Have a look at this MSDN article.

Possibly because the file object does not define a creator or owner, but instead is owned by the system itself (builtin\administrators). The "group or user names" list only specifies a list of groups and users that have access to the file, but not a creator specifically.

Best you can do is iterate through the list of "group or user names" and take a best guess which one the creator.

Wez  2010-07-30 09:28:21
The strange thing is that in explorer if I switch to details view and display the column "owner" it shows my NT user name.So the information is there, it's just that using the code above it doesn't return the value shown by explorer
Dan Harris  2010-07-30 13:53:53
@Dan, that's unfortunate, but then again not surprising ;) Have you seen this article yet, http://www.emmet-gray.com/Articles/GetOwner.htm ?
Wez  2010-08-02 10:53:30
+1  A: 

If a user is an administrator, then the files they created are considered to be owned by the whole administrators group, not the individual user.

You can see the same behaviour in Explorer's properties dialog. Annoyingly, I don't think there is any workaround, other than not making users admins.

Edit: This Technet article explains this behaviour in more detail. The rationale is that Windows treats all administrators as a single entity; any administrator on the system can do anything that the other administrators can.

  • If one administrator is permissioned on a file, so are all other administrators
  • If one administrator is denied access, then likewise the rest of the admins
  • And if one administrator owns a file -- the owner of the file is given privileged access to that file -- then all other administrators must also own that file.
Tim Robinson  2010-07-30 09:43:37

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?