/// <summary> /// Adds a user to the local Administrators group. /// </summary> /// <param name="userIdentity"> /// The identity of the user to be added to the Administrators group. /// </param> /// <param name="expirationTime"> /// The date and time at which the user's administrator rights should expire. /// </param> /// <param name="remoteAddress"> /// The address of the remote host from which a request for administrator rights came, if applicable. /// </param> public static void AddUser(WindowsIdentity userIdentity, DateTime?expirationTime, string remoteAddress) { // TODO: Only do this if the user is not a member of the group? AdminGroupManipulator adminGroupManipulator = new AdminGroupManipulator(); bool userIsAuthorized = adminGroupManipulator.UserIsAuthorized(Settings.LocalAllowedEntities, Settings.LocalDeniedEntities); if (!string.IsNullOrEmpty(remoteAddress)) { // Request is from a remote computer. Check the remote authorization list. userIsAuthorized &= adminGroupManipulator.UserIsAuthorized(Settings.RemoteAllowedEntities, Settings.RemoteDeniedEntities); } if ( (LocalAdminGroup != null) && (userIdentity.User != null) && (userIdentity.Groups != null) && (userIsAuthorized) ) { // Save the user's information to the list of users. EncryptedSettings encryptedSettings = new EncryptedSettings(EncryptedSettings.SettingsFilePath); encryptedSettings.AddUser(userIdentity, expirationTime, remoteAddress); AddUserToAdministrators(userIdentity.User); } }
/// <summary> /// Gets an object representing the local Administrators group. /// </summary> /*private static GroupPrincipal LocalAdminGroup * { * get * { * if (LocalMachineContext == null) * { * ApplicationLog.WriteEvent(Properties.Resources.LocalMachineContextIsNull, EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Error); * } * else * { * if (LocalAdminsGroupSid == null) * { * ApplicationLog.WriteEvent(Properties.Resources.LocalAdminsGroupSIDIsNull, EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Error); * } * else * { * if (localAdminGroup == null) * { * try * { * localAdminGroup = GroupPrincipal.FindByIdentity(LocalMachineContext, IdentityType.Sid, LocalAdminsGroupSid.Value); * } * catch (Exception exception) * { * ApplicationLog.WriteEvent(string.Format("{0}: {1}", Properties.Resources.Exception, exception.Message), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Error); * throw; * } * } * } * } * return localAdminGroup; * } * }*/ /// <summary> /// Adds a user to the local Administrators group. /// </summary> /// <param name="userIdentity"> /// The identity of the user to be added to the Administrators group. /// </param> /// <param name="expirationTime"> /// The date and time at which the user's administrator rights should expire. /// </param> /// <param name="remoteAddress"> /// The address of the remote host from which a request for administrator rights came, if applicable. /// </param> public static void AddUser(WindowsIdentity userIdentity, DateTime?expirationTime, string remoteAddress) { // TODO: Only do this if the user is not a member of the group? #if DEBUG ApplicationLog.WriteEvent(string.Format("Calling UserIsAuthorized(3) from AddUser() beginning of function."), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information); #endif //AdminGroupManipulator adminGroupManipulator = new AdminGroupManipulator(); bool userIsAuthorized = AdminGroupManipulator.UserIsAuthorized(userIdentity, Settings.LocalAllowedEntities, Settings.LocalDeniedEntities); if (!string.IsNullOrEmpty(remoteAddress)) { // Request is from a remote computer. Check the remote authorization list. #if DEBUG ApplicationLog.WriteEvent(string.Format("Calling UserIsAuthorized(3) from AddUser() where remote address is not null or empty."), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information); #endif userIsAuthorized &= AdminGroupManipulator.UserIsAuthorized(userIdentity, Settings.RemoteAllowedEntities, Settings.RemoteDeniedEntities); } if ( (LocalAdminGroupName != null) && (userIdentity.User != null) && (userIdentity.Groups != null) && (userIsAuthorized) ) { // Save the user's information to the list of users. EncryptedSettings encryptedSettings = new EncryptedSettings(EncryptedSettings.SettingsFilePath); encryptedSettings.AddUser(userIdentity, expirationTime, remoteAddress); AddUserToAdministrators(userIdentity.User); } }