0

Issue description

I am trying to create Active directory Users with my Program. All active directory related parts are working. What proves an Issue for me is the impersonation to create a folder on our file server and set the apropriate permissions. The issue with the impersonation is that multiple administrative accounts need to be used by the software. Hence it is not a solution to shift + rightclick -> run as different user

Task approach

So how I would handle it normally would include the following steps:

  1. Log in with an account with apropriate permissions on the home drive folder
  2. Navigate to '\FileServer\Data\Home'
  3. Create a folder for the user like '\FileServer\Data\Home\exampleuser1'
  4. Set the apropriate read/write permissions for that given user

Programmatically I would do something in the lines of (pseudocode):

string path = "\\FileServer\Data\Home\exampleuser1"
if (!Directory.Exists(path))
{
    Directory.Create(path);
    AddDirectorySecurity(path, @"MYDOMAIN\exampleuser1", FileSystemRights.TakeOwnership, AccessControlType.Allow);
}

however, this code would have to be executed with another user account "domain\admin_julian"

julian bechtold
  • 1,875
  • 2
  • 19
  • 49
  • Let me understand your issue... You want to let user to run above code with admin permissions? I wouldn't do that due to security reasons. – Maciej Los Jul 23 '21 at 08:16
  • No. at the point where I (the administrator) create the user account from my software, I want the software to create the user home folder automatically – julian bechtold Jul 23 '21 at 08:44
  • 2
    Just an idea. Why not create a service that runs with appropriate rights (for example on the file server) which performs the task of folder creation and rights assignment, triggered by a task that searches AD for new users. – MartinM43 Jul 23 '21 at 08:45
  • The idea is great but beeing in a large company, I do only have the permission to do my daily business. I do not have the permissions to change anything on the given server except creating folders and manage permissions at the given task. – julian bechtold Jul 23 '21 at 08:48
  • that beeing said, a local task running under specific privileges might be a failover solution for me but would represent another location where I have to manage my password every 3 months. – julian bechtold Jul 23 '21 at 08:49
  • You can only run a C# program as a single user and not separate "parts" of the program as admin. (As far as i know) Maybe you can solve this with several little programs and a batch file using "runas" to invoke them as the desired user. – MartinM43 Jul 23 '21 at 09:02

1 Answers1

0

answer has been found here: How to provide user name and password when connecting to a network share (answer from Luke Quinane)

implement his class and then use it like:

using (new NetworkConnection(@"\\server\Data\Home", cred))
{
    string path = $@"\\server\Data\Home\testuserfolder";
    string domainName = "domain.com";
    string userNameToCreate = "testuser";
    Directory.CreateDirectory(path);
    SetFullPermission(path, userNameToCreate);
}
julian bechtold
  • 1,875
  • 2
  • 19
  • 49