uteseg
13th March 2008 10:57 UTC

AccessControl: Setting permissions to "Domain Users" without knowing the domain name
Hi,

I want to be able to set write permissions on a file to the "Domain Users" account, but without knowing the domain name in advance (or even that I'm in a domain at all).

I've seen in the AccessControl plugin documentation that I could use the SID (S-1-5-domain-513), but I still would need to know the domain the current user is logged onto. Is there an easy way to do that?

I found in another thread about a system call to LookupAccountSid which would also return the domain name, but I need the current user SID to do that and I don't know how to get it either.

Afrow UK
13th March 2008 11:24 UTC

Are you saying the account name is fixed, or 'Domain' is replaced with the name of the default domain?

Stu

uteseg
13th March 2008 12:59 UTC

Well, the installer should work in various environments, including with a domain (I don't have one).

Wat I want to do is: if the user launching the script is logged on to a domain, whichever it is, all users of that domain should get write permissions on a particular file.

Thus the domain name is not known at compile time, and should be found somehow at runtime, from the current user I guess.

Anders
13th March 2008 13:03 UTC

what about the Authenticated Users group?

CancerFace
13th March 2008 15:42 UTC

I found in another thread about a system call to LookupAccountSid which would also return the domain name, but I need the current user SID to do that and I don't know how to get it either.

Afrow UK
13th March 2008 18:21 UTC

Next version of AccessControl has NameToSid (and SidToName) in it.

Stu