cm_ShowFileUser Requires admin rights

[VSB]

cm_ShowFileUser Requires admin rights, but no elevation dialog shown, instead get

Access denied! (error=5)

[Horst.Epp]

Confirmed

[ghisler(Author)]

Does cm_ShowFileUser work correctly for you when running TC as an administrator?

It does not show the right user name here. For example, I have user "Christian" on one PC, and "admin" on the other. I open file with user "Christian", but cm_ShowFileUser shows me that the file is opened by user "admin".

I'm quite sure that cm_ShowFileUser worked without admin rights and showed correct values when I created this function. It must have been broken by a recent Windows security update.

If you get the same wrong results, I will remove cm_ShowFileUser because it's completely useless this way.

[VSB]

Command is extremely useful in enterprise environment (e.g. where AD domain exists).
It shows correct username

But currently it is totally bugged - random crashes etc.

Please, rework it.
Also may be try to show additional info like computer of user and info from AD (CommonName)?

[VSB]

UPD

I suppose you use NetFileEnum which has Remark

Only members of the Administrators or Server Operators local group can successfully execute the NetFileEnum function.

Sad, but I don't see clear way to get AD info

It is possible to use something like

Code: Select all

	LPCWSTR lpcwszDCName;
	FILE_INFO_3 fi;//get related element iterating over NetFileEnum result
	if (NetGetDCName(nullptr, nullptr, (LPBYTE*)&lpcwszDCName) == NERR_Success)
	{
		LPUSER_INFO_10 pBuf10;
		if(NetUserGetInfo(lpcwszDCName, fi.fi3_username, 10, (LPBYTE *)&pBuf10) == NERR_Success)
		{
			wprintf(L"\tUser account name: %s\n", pBuf10->usri10_name);
			wprintf(L"\tComment: %s\n", pBuf10->usri10_comment);
			wprintf(L"\tUser comment: %s\n", pBuf10->usri10_usr_comment);
			wprintf(L"\tFull name: %s\n", pBuf10->usri10_full_name);
		}
	}

I suppose, that it is not clear way to determine which user from which domain is accessing file - it's only possible by SID, but I don't know how to get SIDs who are accessing file at the moment. I can't perform complete test because I have single forest/single domain configuration

[ghisler(Author)]

2VSB
I found the reason of the crash, it will be fixed in the next version.

2VSB
Users on Windows Vista and newer actually ARE member of the administrators group, but have restricted rights when not elevated. I seem to remember that this function did work without elevation in the past.

Anyway, I will not handle the original bug report because it would require extrnsive changes to tcmadmin.exe - I would have to call NetFileEnum from there, and pass the results back to TC. I would have added that earlier in the beta test, but not at this time, sorry. You will have to run TC as administrator for now to use this function.

[VSB]

Users on Windows Vista and newer actually ARE member of the administrators group, but have restricted rights when not elevated. I seem to remember that this function did work without elevation in the past.

It's half of truth - they may be or may not be members of administrators group - anyway, they need elevation (often as different security principal)

Anyway, I will not handle the original bug report because it would require extrnsive changes to tcmadmin.exe - I would have to call NetFileEnum from there, and pass the results back to TC. I would have added that earlier in the beta test, but not at this time, sorry. You will have to run TC as administrator for now to use this function.

I understand, that I found this too late, but on another side - may be I'll find more deterministic way to get AD info for this, having more time for search.