public static void RemovePrincipal(SecurityIdentifier userSid, RemovalReason reason)
{
// TODO: Only do this if the principal is a member of the group?
if ((LocalAdminGroup != null) && (userSid != null))
{
SecurityIdentifier[] localAdminSids = GetLocalGroupMembers(null, LocalAdminGroup.SamAccountName);
foreach (SecurityIdentifier sid in localAdminSids)
{
if (sid == userSid)
/* if (string.Compare(sid.Value, principalSID, true) == 0) */
{
string accountName = GetAccountNameFromSID(userSid.Value);
int result = RemoveLocalGroupMembers(null, LocalAdminGroup.SamAccountName, userSid);
if (result == 0)
{
PrincipalList.RemoveSID(userSid);
Settings.SIDs = PrincipalList.GetSIDs().Select(p => p.Value).ToArray <string>();
string reasonString = Properties.Resources.RemovalReasonUnknown;
switch (reason)
{
case RemovalReason.ServiceStopped:
reasonString = Properties.Resources.RemovalReasonServiceStopped;
break;
case RemovalReason.Timeout:
reasonString = Properties.Resources.RemovalReasonTimeout;
break;
case RemovalReason.UserLogoff:
reasonString = Properties.Resources.RemovalReasonUserLogoff;
break;
case RemovalReason.UserRequest:
reasonString = Properties.Resources.RemovalReasonUserRequest;
break;
}
// TODO: i18n.
string message = string.Format("Principal {0} ({1}) removed from the Administrators group. Reason: {2}.", userSid, accountName, reasonString);
ApplicationLog.WriteInformationEvent(message, EventID.UserRemovedFromAdminsSuccess);
}
else
{
// TODO: i18n.
ApplicationLog.WriteWarningEvent(string.Format("Removing principal {0} ({1}) from the Administrators group returned error code {1}.", userSid, accountName, result), EventID.UserRemovedFromAdminsFailure);
}
}
}
}
}
public static void ValidateAllAddedPrincipals()
{
SecurityIdentifier[] localAdminSids = null;
/* string[] addedSids = PrincipalList.GetSIDs(); */
SecurityIdentifier[] addedSids = PrincipalList.GetSIDs();
if ((addedSids.Length > 0) && (LocalAdminGroup != null))
{
localAdminSids = GetLocalGroupMembers(null, LocalAdminGroup.SamAccountName);
}
for (int i = 0; i < addedSids.Length; i++)
{
bool sidFoundInAdminsGroup = false;
if ((addedSids[i] != null) && (localAdminSids != null))
{
foreach (SecurityIdentifier sid in localAdminSids)
{
if (sid == addedSids[i])
{
sidFoundInAdminsGroup = true;
break;
}
}
if (sidFoundInAdminsGroup)
{ // Principal's SID was found in the local administrators group.
if (PrincipalList.GetExpirationTime(addedSids[i]).HasValue)
{ // The principal's rights expire at some point.
if (PrincipalList.GetExpirationTime(addedSids[i]).Value > DateTime.Now)
{ // The principal's administrator rights expire in the future.
// Nothing to do here, since the principal is already in the administrators group.
}
else
{ // The principal's administrator rights have expired.
#if DEBUG
string accountName = GetAccountNameFromSID(addedSids[i]);
ApplicationLog.WriteInformationEvent(string.Format("Principal {0} ({1}) has been removed from the Administrators group by an outside process. Removing the principal from Make Me Admin's list.", addedSids[i], string.IsNullOrEmpty(accountName) ? "unknown account" : accountName), EventID.DebugMessage);
#endif
LocalAdministratorGroup.RemovePrincipal(addedSids[i], RemovalReason.Timeout);
}
}
// TODO: This should be put back in, but it needs to account for the fact that
// some principals may be added without expiration times.
/*
* else
* { // The principal's rights never expire. This should never happen.
* // Remove the principal from the administrator group.
#if DEBUG
* string accountName = GetAccountNameFromSID(addedSids[i]);
* ApplicationLog.WriteInformationEvent(string.Format("Principal {0} ({1}) has been removed from the Administrators group by an outside process. Removing the principal from Make Me Admin's list.", addedSids[i], string.IsNullOrEmpty(accountName) ? "unknown account" : accountName), EventID.DebugMessage);
#endif
* LocalAdministratorGroup.RemovePrincipal(addedSids[i], RemovalReason.Timeout);
*
* if (
* (Settings.AutomaticAddAllowed != null) &&
* (Settings.AutomaticAddAllowed.Length > 0) &&
* (Shared.UserIsAuthorized(userIdentity, Settings.AutomaticAddAllowed, Settings.AutomaticAddDenied))
* )
* {
#if DEBUG
* ApplicationLog.WriteInformationEvent("User is allowed to be automatically added!", EventID.DebugMessage);
#endif
* LocalAdministratorGroup.AddPrincipal(userIdentity, null, null);
* }
* }
*/
}
else
{ // Principal's SID was not found in the local administrators group.
if (PrincipalList.GetExpirationTime(addedSids[i]).HasValue)
{ // The principal's rights expire at some point.
if (PrincipalList.GetExpirationTime(addedSids[i]).Value > DateTime.Now)
{ // The principal's administrator rights expire in the future.
string accountName = GetAccountNameFromSID(addedSids[i]);
if (Settings.OverrideRemovalByOutsideProcess)
{
// TODO: i18n.
ApplicationLog.WriteInformationEvent(string.Format("Principal {0} ({1}) has been removed from the Administrators group by an outside process. Adding the principal back to the Administrators group.", addedSids[i], string.IsNullOrEmpty(accountName) ? "unknown account" : accountName), EventID.PrincipalRemovedByExternalProcess);
AddPrincipalToAdministrators(addedSids[i], null);
}
else
{
// TODO: i18n.
ApplicationLog.WriteInformationEvent(string.Format("Principal {0} ({1}) has been removed from the Administrators group by an outside process. Removing the principal from Make Me Admin's list.", addedSids[i], string.IsNullOrEmpty(accountName) ? "unknown account" : accountName), EventID.PrincipalRemovedByExternalProcess);
PrincipalList.RemoveSID(addedSids[i]);
Settings.SIDs = PrincipalList.GetSIDs().Select(p => p.Value).ToArray <string>();
}
}
else
{ // The principal's administrator rights have expired.
// No need to remove from the administrators group, as we already know the SID
// is not present in the group.
#if DEBUG
ApplicationLog.WriteInformationEvent(string.Format("Removing SID \"{0}\" from the principal list.", addedSids[i]), EventID.DebugMessage);
#endif
PrincipalList.RemoveSID(addedSids[i]);
Settings.SIDs = PrincipalList.GetSIDs().Select(p => p.Value).ToArray <string>();
}
}
/*
* Rights shouldn't need to be removed here, as we already know the SID is not
* a member of the local administrator group.
* else
* { // The principal's rights never expire. This should never happen.
* // Remove the principal from the administrator. group.
* LocalAdministratorGroup.RemovePrincipal(addedSids[i], RemovalReason.Timeout);
* }
*/
}
}
}
}