Determine whether the SQLSERVR process has write access to a given folder (C#)
Question
I've got an winforms application which uses a SQL Express back-end (which is always on the local machine). I've run into a variety of user issues where a user performs a task that creates a new database in a particular location, but it turns out that the "NT Authority\\Network Service" does not have sufficient permissions over the location they specify.
I'd like to check at runtime if the user running SQLSERVR has access to a particular folder.
I've got WMI code running to determine the user/SID of the SQLSERVR process. My next step is to try to get the WindowsIdentity/WindowsPrincipal of the user so that I can query the file access rules.
But I'm stuck - how can I reliably get a WindowsIdentity when all I have is the user/domain/SID? It doesn't seem like there's a constructor that is well suited to this?
2 answers
solution1
1 2010-12-08 15:35:49
You would have to pinvoke LogonUser to obtain a token. I seriously doubt that's going to work, these service accounts are highly privileged.
Do ask yourself if this is worth the hassle. Maybe a warning is desirable but there is nothing that you could do yourself to fix the problem. It is going to require an administrator to really fix the issue. Focus on getting a good diagnostic out of the exception you get.
solution2
0 2010-12-08 15:35:45
Can I suggest you take a different (simpler) approach? Try just impersonating the service/user account and write a quick temp file and then delete it. If you can write that file (and delete it) you can be sure that the SQL Server can do the same thing.
Here's a post that talks about impersonating the NETWORK SERVICE account: http://geek.hubkey.com/2008/02/impersonating-built-in-service-account.html
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.