Why does DirectoryEntry("WinNT://") not show group everyone?

Question

The below function (is supposed to) lists all groups on the local machine.
Now the question: Why does the "everyone" group not show up ?
If I change directory permissions as user, I see the "everyone" group, so it must be there, somewhere.

    Public Shared Function GetAllGroups() As DataTable
        Return GetAllGroups(System.Environment.MachineName)
    End Function


    ' Tools.Permissions.Local.GetAllGroups() '
    Public Shared Function GetAllGroups(ByVal strDomain As String) As DataTable
        Dim dt As New DataTable
        Dim dr As DataRow = Nothing

        Try
            Dim bException As Boolean = False
            Dim deLocalMachine As System.DirectoryServices.DirectoryEntry = New System.DirectoryServices.DirectoryEntry("WinNT://" + strDomain)
            'Dim deRootObject As System.DirectoryServices.DirectoryEntry = GetDirectoryEntry(strPath, strUserName, strPassword, bException) '
            If bException Then
                Return Nothing
            End If


            For Each child As System.DirectoryServices.DirectoryEntry In deLocalMachine.Children
                Try

                    If StringComparer.OrdinalIgnoreCase.Equals(child.SchemaClassName, "group") Then

                        If Not dt.Columns.Contains("Members") Then
                            dt.Columns.Add("Members", GetType(System.String))
                        End If

                        For Each strPropertyName As String In child.Properties.PropertyNames
                            If Not dt.Columns.Contains(strPropertyName) Then
                                dt.Columns.Add(strPropertyName, GetType(System.String))
                            End If
                        Next strPropertyName

                        dr = dt.NewRow

                        Dim strMembers As String = ""
                        For Each member As Object In DirectCast(child.Invoke("Members"), IEnumerable)
                            Using memberEntry As New System.DirectoryServices.DirectoryEntry(member)

                                Try
                                    strMembers += memberEntry.Properties("Name").Value.ToString() + Environment.NewLine
                                    Console.WriteLine(memberEntry.Path)
                                Catch exFixMeIsNotNullNotWorking As Exception

                                End Try

                            End Using
                        Next

                        dr("Members") = strMembers

                        For Each strPropertyName As String In child.Properties.PropertyNames

                            If StringComparer.OrdinalIgnoreCase.Equals(strPropertyName, "objectSid") Then
                                Dim strSID As String = ""
                                Try
                                    Dim sidThisSid As New System.Security.Principal.SecurityIdentifier(child.Properties(strPropertyName).Value, 0)
                                    strSID = sidThisSid.ToString()
                                    ' http://stackoverflow.com/questions/1040623/convert-a-username-to-a-sid-string-in-c-net '
                                    '  NTAccount ntAccount = (NTAccount)sid.Translate( typeof( NTAccount ) ); '
                                    ' Dim ntAccount As Security.Principal.NTAccount = CType(sidThisSid.Translate(GetType(Security.Principal.NTAccount)), Security.Principal.NTAccount) '
                                Catch ex As Exception

                                End Try

                                dr(strPropertyName) = strSID
                            Else
                                dr(strPropertyName) = child.Properties(strPropertyName).Value.ToString()
                            End If



                        Next strPropertyName
                        dt.Rows.Add(dr)

                    End If

                Catch ex As Exception ' Don't finish just because one fails
                    Console.WriteLine(ex.Message.ToString & vbLf & vbLf & ex.StackTrace.ToString, MsgBoxStyle.Critical, "FEHLER ...")
                End Try
            Next
        Catch ex As Exception
            Console.WriteLine(ex.Message.ToString & vbLf & vbLf & ex.StackTrace.ToString, MsgBoxStyle.Critical, "FEHLER ...")
        End Try

        Return dt
    End Function ' ListEverything

thanks for sharing your current solution – Nasenbaer Jan 30 '13 at 13:39 — Nasenbaer, Jan 30 '13 at 13:39

score 2 · Accepted Answer · answered Feb 18 '11 at 15:55

2

The Everyone group isn't a standard group but rather an implicit group or built-in principal. If you open your local "Users and Groups" you won't see it listed there either. The same is true of other "groups" such as Authenticated Users. If you want to access these you need to use the System.Security.Principal.WellKnownSidType enumeration. This Windows 2008 article is really relevant for older versions of Windows, too.

answered Feb 18 '11 at 15:55

Chris Haas

47,821
10
127
248

@Quandary, the `Administrators` groups is actually a regular group like you would create such as `Marketing`. But since it is required it still shows up in the `WellKnownSidType` which can be confusing. I usually think of the implicit groups as more groups that are dependent upon a situation. For instance, my account isn't a member of `Terminal Server User` until I login remotely. – Chris Haas Feb 18 '11 at 16:35

Why does DirectoryEntry("WinNT://") not show group everyone?

1 Answers1