public List <SecurityIdentifier> GetPrincipalsForComputer(SearchResult computer, bool filterLocalAccounts) { SecurityIdentifier localMachineSid = null; string computerDnsName = computer.GetPropertyString("dnsHostName") ?? computer.GetPropertyString("samAccountName").TrimEnd('$'); List <SecurityIdentifier> results = new List <SecurityIdentifier>(); try { if (filterLocalAccounts) { localMachineSid = localSam.GetLocalMachineAuthoritySid(computerDnsName); } } catch (Exception ex) { this.logger.LogWarning(EventIDs.UIGenericWarning, ex, "Unable to connect to get SID from remote computer {computer}", computerDnsName); } IList <SecurityIdentifier> members = this.localSam.GetLocalGroupMembers(computerDnsName, this.localSam.GetBuiltInAdministratorsGroupNameOrDefault(computerDnsName)); foreach (var member in members) { if (filterLocalAccounts) { if (localMachineSid != null) { if (member.IsEqualDomainSid(localMachineSid)) { continue; } } } results.Add(member); } return(results); }
public void AddReadPermission(X509Certificate2 certificate) { //this.AddReadPermission(certificate, windowsServiceProvider.GetServiceAccount()); this.AddReadPermission(certificate, windowsServiceProvider.ServiceSid); this.AddReadPermission(certificate, new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, localSam.GetLocalMachineAuthoritySid(Environment.MachineName))); }