Directory Permission Watcher in c#

 

I have created the program which is monitoring a directory (eg serversharefolderXYZ ) for changed events (like created, deleted, renamed and permission changes). I also got the notification if anything changed but I can't get exact details what has changed.

For example I have changed the permission for above directory from folder properties (Properties -> Security -> Edit ->Add new user or group or change permission for user and groups). File system watcher give notification if something changed but I can't get other details like:

  • For which user permission has changed?
  • Who changed the user permissions?
  • If any new group has been added(need to get all users in the group if new group added)?
  • If any new user is added to group and who added and need to get added user details?
  • If any user or group is removed than removed group or user details?
  • If any permission is added or changed for user than what permission are added or changed?
  • If any permission are changed for group than what permission changed?

    • Example Scenarios:

    Action: At 11am, the Admin added User A to Trainees (Existing group)

    Expected Result:
    Access to serversharefolderXYZ changed: User A now has Read access, given by Admin at 11am, because he is now member of Trainees, which has Read Access.

    Hope question is clear. I have done lots of search and couldn't find the solution. Please let me know if any API or Service available or any alternatives available?

    -Thanks

    The way to get the information you want is to use Windows Security Auditing, esp. since you want to know who made a change, not just what the change was.

    The following code (and settings), produce output like this:

    11-07-2011 17:43:10: 'FujitsuGrynn' changed security descriptor on file 'C:UsersGrynnDocumentsExcelToolstest.txt'
    from
    'D:AI(A;;0x1200a9;;;BU)(A;ID;FA;;;S-1-5-21-559386011-2179397067-1987725642-1000)(A;ID;FA;;;SY)(A;ID;FA;;;BA)'
    to
    'D:ARAI(A;ID;FA;;;S-1-5-21-559386011-2179397067-1987725642-1000)(A;ID;FA;;;SY)(A;ID;FA;;;BA)'
    using 'C:Windowsexplorer.exe'

    12-07-2011 17:55:10: 'FujitsuGrynn' changed security descriptor on file 'C:UsersGrynnDocumentsExcelToolstest.txt'
    from
    'D:AI(A;ID;FA;;;S-1-5-21-559386011-2179397067-1987725642-1000)(A;ID;FA;;;SY)(A;ID;FA;;;BA)'
    to
    'D:ARAI(D;;FA;;;S-1-5-21-559386011-2179397067-1987725642-1001)(A;ID;FA;;;S-1-5-21-559386011-2179397067-1987725642-1000)(A;ID;FA;;;SY)(A;ID;FA;;;BA)'
    using 'C:Windowsexplorer.exe'

    Turning on Auditing has 2 steps:

    1. Use gpedit.msc to turn on "Audit Object access" 组策略

    2. Modify "Auditing" for the folder you want to watch 示例文件夹“ExcelTools”的审核条目

    Now whenever a File System Change event occurs (or via polling) query the security event log.

    Code to query 'Security' event log: 

    var props = new EventLogPropertySelector(new string[] { 
                "Event/System/TimeCreated/@SystemTime",
                "Event/EventData/Data[@Name='SubjectDomainName']",
                "Event/EventData/Data[@Name='SubjectUserName']",
                "Event/EventData/Data[@Name='ObjectName']",
                "Event/EventData/Data[@Name='OldSd']",
                "Event/EventData/Data[@Name='NewSd']",
                "Event/EventData/Data[@Name='ProcessName']"  });

using (var session = new System.Diagnostics.Eventing.Reader.EventLogSession())
{
    //4670 == Permissions on an object were changed
    var q = new EventLogQuery("Security", PathType.LogName, "*[System[(EventID=4670)]]");
    q.Session = session;

    EventLogReader rdr = new EventLogReader(q);

    for (EventRecord eventInstance = rdr.ReadEvent();
            null != eventInstance; eventInstance = rdr.ReadEvent())
    {
        var elr = ((EventLogRecord)eventInstance);
        Console.WriteLine(
            "{0}: '{1}{2}' changed security descriptor on file '{3}' from n'{4}' nto n'{5}' nusing '{6}'n----n", 
            elr.GetPropertyValues(props).ToArray());
    }
}

    From what i know/been reading, FileSystemWatcher can only tell you the file that was affected along with the change type only.

    One way to go is for you to maintain a cache of the file attributes you're interested in, an in the presence of an event notifying a change, you query the cache to get the changes made and update it as necessary.

    链接地址: http://www.djcxy.com/p/8308.html

    上一篇: 如何使用CUDA执行struct的深层复制?

    下一篇: 目录权限观察者在C#