Returns the owner of an object.
wntOwnerGet(server-name, reg-key, resource-name, object-type, flags)
(s) server-name: name of a network file server or empty string ("") to indicate the current machine.
(i) reg-key: handle of an open registry key or 0 [zero]. See below.
(s) resource-name: identifies the object to be accessed. See below.
(i) object-type: identifies the object type of the 'resource/share-name' object. See below.
(i) flags: [optional] controls behavior of the function. See below.
(s) Either an account name or a SID string
Server-Name
All attempts to work with ownership settings on remote computers will require that those remote computers have the "Server" service running.
Reg-key
If the object-type is 400 then the value of this parameter may contain the value of a registry key handle or zero. The resource-name parameter may also contain a string representing the name of a subkey path located under the key identified by the handle value passed in for the value of this parameter. If this parameter's value is zero then a registry key handle may be passed in [as a string value] as the value of the resource-name parameter. Registry key handles may be obtained using the RegOpenKey() function, the RegConnect() function or one of the pre-defined registry key handle values may be used.
If the object-type is not 400 then this parameter's value should be zero.
Resource-name
This parameter specifies the name of the resource for which ownership information is to be obtained. Refer to the object-type table for a description of the format in which various names have to be specified in order for them to be properly handled by this function.
Object-Type
|
Object-type |
Resource/share-name description |
|
200 |
Printer object. The syntax for the resource name must be "\\server-name\printer-object-name". If the printer is on a remote NT/2K system then the server name must be passed as the first parameter [e.g. "\\server-name"] in addition to the resource name [that also contains the server name].
|
|
300 |
Directory or file in a NTFS partition. This can be either a UNC folder/file specification [e.g. "\\server-name\share-name\some-folder\some-file"], or it can be a reference to a folder/file on a drive letter. If the referenced folder/file is on a drive letter that is mapped to a remote server, or it is a UNC specification for a folder/file on a remote server, then the "server-name" parameter's value must specify the name of the remote server [with a pair of leading backslash "\\" characters].
|
|
400 |
Registry key. This should be the handle of an open registry key (opened with the RegOpenKey() function), or a predefined registry handle. (Registration Functions are listed in the WIL help file under "Registration Database Operations".) |
Flags
The flags value is an integer bit mask value. The values of different flag bits may be bit-wise OR'd together if multiple flag bits are to be "set" [e.g. enabled] at the same time. The following flag bits are valid:
|
Flag bit number |
Flag bit value when set/enabled |
Flag bit meaning |
|
0 |
1 |
When this flag bit is enabled, domain names will be prefixed onto the returned account names [e.g. "domain\user" or "domain\group"]. If this flag bit is disabled then only the account names themselves will be returned.
|
|
1 |
2 |
When this flag bit is enabled in conjunction with flag bit #0, it allows all domain names to be returned, including built-in domain names such as "BUILTIN" and "NT AUTHORITY". Under normal circumstances, these built-in domain names do not need to be returned, and enabling flag bit #0 and disabling flag bit #1 will result in only returning real domain names and computer names, but not built-in domain names.
|
|
2 |
4 |
When this flag bit is enabled, SID strings will be returned in place of account [and domain] names. The returned SID values may represent actual accounts that currently exist, as well as deleted accounts that had been assigned permission/audit records on the specified object. Normally, object ownership assigned to deleted accounts cannot be retrieved because there are no account names to be mapped to the SID values stored in the security descriptor of the specified object. Selecting to return SID strings instead of account names allows the ownership information to be retrieved for any particular object. The SID strings will be in a tab delimited list.
|
|
3 |
8 |
When this flag bit is enabled, only the SID strings for object ownership assigned to deleted accounts will be returned. This allows the orphaned object ownership to be singled out for removal. If there is no orphaned object ownership for the specified object then the use of this flag may result in an empty string being returned.
|
|
4 |
16 |
When this flag bit is enabled, the object's group ownership information will be examined/returned in place of the object's individual ownership information. All securable objects under WinNT / Win2K [and newer] have both an [individual] owner and group owner. Enabling this flag simply results in retrieving the group ownership information, and this flag bit may be used in combination with any of the other flag bits.
Please note that there are very few administration tools under WinNT/Win2K that even display this information, let alone tools that allow you to change this information. Modify the group ownership information at your own risk! |
Here are some common flags values:
If you want to return just account names, flags = 0.
If you want to return account names with their domains, flags = 1.
If you want to return account names and all domain names, including built-in domain names, flags = 3.
If you want to return SID strings for the owner of an object, flags = 4.
If you want to return SID strings only for orphaned ownership of an object, flags = 8.
If you add the value 16 to any of the above flags values you will obtain information relating to the group ownership of the specified object instead of the individual ownership of the specified object.
Note:
If you get the group ownership information for an object such as a folder, file or registry key on a WinNT or Win2K system that is not part of domain, then wntOwnerGet() may return a value of "None". If you specify a flags value of 20 [e.g. return group ownership information in SID string format] you will get a SID string of the format "S-1-5-21-x-y-z-513", where "x-y-z" in the SID string represents the workstation specific SID sub-authority values. However, the RID value of "513" is the RID for the domain users. This appears to be an improper usage of the RID "513" and it is hard coded somewhere inside the WinNT/Win2K operating system. For more information about SID strings and how to interpret them, please refer to the "About SID [Security Identifier] values…" help text located elsewhere in this help file.
; Load Appropriate Extender AddExtender('wwwnt34i.dll',0,'wwwnt64i.dll')
;For a file: ErrorMode(@OFF) owner = wntOwnerGet("", 0, "f:\test\myfile.txt", 300, 0) ErrorMode(@ON) Message("Owner is", owner)
;For a registry key: AddExtender("WWWNT34I.DLL") ErrorMode(@OFF) owner = wntOwnerGet("", @REGMACHINE, "Software\Test", 400, 0) ErrorMode(@ON) Message("Owner is", owner) Exit