Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I find out who created a file in Windows using .NET?

Tags:

.net

filesystems

windows

I need to find out who created a file using .NET

I have already tried the following:

string FileLocation = @"C:\test.txt";
FileInfo droppedFile = new FileInfo(FileLocation);
FileSecurity fileSecurity = droppedFile.GetAccessControl();
IdentityReference identityReference = fileSecurity.GetOwner(typeof(NTAccount));
string userName = identityReference.Value;
Console.WriteLine(userName);

All this returns is "BUILTIN\Administrators"

Am I doing something wrong here? Because when I look at the C:\ in explorer, the owner shows the correct username, when I exectute the code above it returns "BUILTIN\Administrators"

Which isn't even a domain and username, I think it's a security group.

Any help appreciated.

like image 460
Dan Harris Avatar asked Jul 30 '10 09:07

Dan Harris

People also ask

How do you check who created file in Windows?

Every time a user accesses the selected file/folder, and changes the permission on it, an event log will be recorded in the Event Viewer. To view this audit log, go to the Event Viewer. Under Windows Logs, select Security. You can find all the audit logs in the middle pane as displayed below.

How do I search by owner in file Explorer?

To do that, right click at the top of detail view in a file explore window (Win+E, if you like shortcuts) and choose "More..." then add owner. Note: you have to right click on an existing column.

2 Answers

If a user is an administrator, then the files they created are considered to be owned by the whole administrators group, not the individual user.

You can see the same behaviour in Explorer's properties dialog. Annoyingly, I don't think there is any workaround, other than not making users admins.

Edit: This Technet article explains this behaviour in more detail. The rationale is that Windows treats all administrators as a single entity; any administrator on the system can do anything that the other administrators can.

  • If one administrator is permissioned on a file, so are all other administrators
  • If one administrator is denied access, then likewise the rest of the admins
  • And if one administrator owns a file -- the owner of the file is given privileged access to that file -- then all other administrators must also own that file.
like image 163
Tim Robinson Avatar answered Oct 17 '22 20:10

Tim Robinson

Update: I am wrong, there is an owner descriptor for file objects! (where was my head). Have a look at this MSDN article.

Possibly because the file object does not define a creator or owner, but instead is owned by the system itself (builtin\administrators). The "group or user names" list only specifies a list of groups and users that have access to the file, but not a creator specifically.

Best you can do is iterate through the list of "group or user names" and take a best guess which one the creator.

like image 41
invert Avatar answered Oct 17 '22 21:10

invert
Sign in to Comment

Related questions

C# Best way to read a XLS (XLSX) file and populate a datagrid
How to know if a graphics card provides hardware rendering for wpf
CLR: Multi Param Aggregate, Argument not in Final Output?
.Net SvcUtil: attributes must be optional
Remove XML comments using Visual Studio 2010 Web Config Transformation
Calculate a set of concatenated sets of n sets
Convert between python array and .NET Array
How to serialize a list with multiple data types in C# from xml?
Why do I get this System.NullReferenceException?
Possible to have same contract, same binding, same address, but different ports?
Checking a HTML string for unopened tags
How to encrypt data in sql server and decrypt it in .net apps
Is it possible to read-lock a file?
release Assembly.LoadFrom file handle
Node graph editor [closed]
SASL library for .net
How to Add existing entity as a new Entity with Entity Framework
Converting a byte array to an array of primitive types with unknown type in C#
Determine managed vs unmanaged resources
How to prevent ListBox.SelectedIndexChanged event?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!