public List <SecurityIdentifier> GetPrincipalsForComputer(SearchResult computer, bool filterLocalAccounts)
{
SecurityIdentifier localMachineSid = null;
string computerDnsName = computer.GetPropertyString("dnsHostName") ?? computer.GetPropertyString("samAccountName").TrimEnd('$');
List <SecurityIdentifier> results = new List <SecurityIdentifier>();
try
{
if (filterLocalAccounts)
{
localMachineSid = localSam.GetLocalMachineAuthoritySid(computerDnsName);
}
}
catch (Exception ex)
{
this.logger.LogWarning(EventIDs.UIGenericWarning, ex, "Unable to connect to get SID from remote computer {computer}", computerDnsName);
}
IList <SecurityIdentifier> members = this.localSam.GetLocalGroupMembers(computerDnsName, this.localSam.GetBuiltInAdministratorsGroupNameOrDefault(computerDnsName));
foreach (var member in members)
{
if (filterLocalAccounts)
{
if (localMachineSid != null)
{
if (member.IsEqualDomainSid(localMachineSid))
{
continue;
}
}
}
results.Add(member);
}
return(results);
}
public void AddReadPermission(X509Certificate2 certificate)
{
//this.AddReadPermission(certificate, windowsServiceProvider.GetServiceAccount());
this.AddReadPermission(certificate, windowsServiceProvider.ServiceSid);
this.AddReadPermission(certificate, new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, localSam.GetLocalMachineAuthoritySid(Environment.MachineName)));
}
