I need to create a file in the path c:/Progran File (x86). But it throws a error saying access denied. I have tried the below code, but it didn't help.
private bool GrantAccess(string fullPath)
{
DirectoryInfo dInfo = new DirectoryInfo(fullPath);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
dSecurity.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.NoPropagateInherit, AccessControlType.Allow));
dInfo.SetAccessControl(dSecurity);
return true;
}
Related
I am using below code to grant access to IIS Folder:
string path=#"C:\inetpub\logs\LogFiles\W3SVC6\";
AddDirectorySecurity(path, "everyone", FileSystemRights.ReadData, AccessControlType.Allow);
public static void AddDirectorySecurity(string FileName, string Account, FileSystemRights Rights, AccessControlType ControlType)
{
DirectoryInfo dInfo = new DirectoryInfo(FileName);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
dSecurity.AddAccessRule(new FileSystemAccessRule(Account, Rights,
ControlType));
dInfo.SetAccessControl(dSecurity);
}
So, basically I have an issue where these files are being moved into folders from a couple layers up and the permissions of the child are not being inheritied for some reason. From what I can tell this is the intended function of windows but I need it to work different so I decided to do this:
foreach (string directory in System.IO.Directory.GetDirectories(#"path", "*", SearchOption.TopDirectoryOnly))
{
foreach (string file in System.IO.Directory.GetFiles(directory, "*", SearchOption.TopDirectoryOnly))
{
DirectorySecurity DS = System.IO.Directory.GetAccessControl(directory);
FileSecurity FS = new FileSecurity();
System.IO.FileInfo FI = new FileInfo(file);
foreach (FileSystemAccessRule rule in DS.GetAccessRules(true, true, typeof(NTAccount)))
{
FS.AddAccessRule(rule);
}
FI.SetAccessControl(FS);
}
}
However this is generating an error while doing "fs.addaccessrule" saying:
system.argumentexception no flags can be set
I can't figure out how i'm supposed to move the permissions from the parent folder to the child file.
This is the solution I came up with, just creating a new rule based on the rule I want to use and removing the inheritedflags.
foreach (string directory in System.IO.Directory.GetDirectories(#"path", "*", SearchOption.AllDirectories))
{
foreach (string file in System.IO.Directory.GetFiles(directory, "*", SearchOption.TopDirectoryOnly))
{
DirectorySecurity DS = System.IO.Directory.GetAccessControl(directory, AccessControlSections.Access);
FileSecurity FS = new FileSecurity();
System.IO.FileInfo FI = new FileInfo(file);
foreach (FileSystemAccessRule rule in DS.GetAccessRules(true, false, typeof(NTAccount)))
{
FileSystemAccessRule nRule = new FileSystemAccessRule(rule.IdentityReference, rule.FileSystemRights, InheritanceFlags.None, rule.PropagationFlags, rule.AccessControlType);
FS.AddAccessRule(nRule);
}
FI.SetAccessControl(FS);
}
}
I want to remove previously set directory permissions to a folder & set new permissions as per requirement.
I have referred this link
Remove All Directory Permissions
but once i removed all permission it never allows me to set new rules.
my code
DirectoryInfo myDirectoryInfo = new DirectoryInfo("D:\\Shared\\Testing");
DirectorySecurity myDirectorySecurity = myDirectoryInfo.GetAccessControl();
string User = System.Environment.UserDomainName + "\\" + Convert.ToString(dt_UserDetails.Rows[i]["AD_NAME"]);
AuthorizationRuleCollection rules = myDirectorySecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
myDirectorySecurity.SetAccessRuleProtection(true, false);
if (Convert.ToInt16(dt_UserDetails.Rows[i]["ACCESS_CONTROL_TYPE"]) == 1)
{
new FileSystemAccessRule(User, FileSystemRights.ChangePermissions, AccessControlType.Allow);
}
else if (Convert.ToInt16(dt_UserDetails.Rows[i]["ACCESS_CONTROL_TYPE"]) == 0)
{
new FileSystemAccessRule(User, FileSystemRights.ChangePermissions, AccessControlType.Deny);
}
myDirectoryInfo.SetAccessControl(myDirectorySecurity);
Is there any solution for this?
private bool GrantAccess(string fullPath)
{
DirectoryInfo dInfo = new DirectoryInfo(fullPath);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
dSecurity.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.NoPropagateInherit, AccessControlType.Allow));
dInfo.SetAccessControl(dSecurity);
return true;
}
Am using this method for remove the denied permission but its not working, please if any help to fix this.
using System;
using System.IO;
using System.Security.AccessControl;
namespace FileSystemExample
{
class DirectoryExample
{
public static void Main()
{
try
{
string DirectoryName = "TestDirectory";
Console.WriteLine("Adding access control entry for " + DirectoryName);
// Add the access control entry to the directory.
AddDirectorySecurity(DirectoryName, #"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow);
Console.WriteLine("Removing access control entry from " + DirectoryName);
// Remove the access control entry from the directory.
RemoveDirectorySecurity(DirectoryName, #"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow);
Console.WriteLine("Done.");
}
catch (Exception e)
{
Console.WriteLine(e);
}
Console.ReadLine();
}
// Adds an ACL entry on the specified directory for the specified account.
public static void AddDirectorySecurity(string FileName, string Account, FileSystemRights Rights, AccessControlType ControlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(FileName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.AddAccessRule(new FileSystemAccessRule(Account,
Rights,
ControlType));
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
// Removes an ACL entry on the specified directory for the specified account.
public static void RemoveDirectorySecurity(string FileName, string Account, FileSystemRights Rights, AccessControlType ControlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(FileName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.RemoveAccessRule(new FileSystemAccessRule(Account,
Rights,
ControlType));
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
}
}
more information here:
https://msdn.microsoft.com/en-us/library/system.io.directory.setaccesscontrol(v=vs.110).aspx
make sure your application run in high privilege
This is the code for function that I use for setting folder permission:
Public Sub AddFileSecurity(ByVal filePath As String, ByVal username As String, ByVal power As String)
Dim dirinfo As DirectoryInfo = New DirectoryInfo(filePath)
Dim dirsecurity As DirectorySecurity = dirinfo.GetAccessControl()
Select Case power
Case "FullControl"
dirsecurity.AddAccessRule(New FileSystemAccessRule(username, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))
dirsecurity.AddAccessRule(New FileSystemAccessRule(username, FileSystemRights.FullControl, InheritanceFlags.None, PropagationFlags.InheritOnly, AccessControlType.Allow))
dirsecurity.AddAccessRule(New FileSystemAccessRule(username, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))
Case "ReadOnly"
dirsecurity.AddAccessRule(New FileSystemAccessRule(username, FileSystemRights.Read, AccessControlType.Allow))
Case "Write"
dirsecurity.AddAccessRule(New FileSystemAccessRule(username, FileSystemRights.Write, InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))
dirsecurity.AddAccessRule(New FileSystemAccessRule(username, FileSystemRights.Write, InheritanceFlags.None, PropagationFlags.InheritOnly, AccessControlType.Allow))
dirsecurity.AddAccessRule(New FileSystemAccessRule(username, FileSystemRights.Write, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))
Case "Modify"
dirsecurity.AddAccessRule(New FileSystemAccessRule(username, FileSystemRights.Modify, AccessControlType.Allow))
End Select
dirinfo.SetAccessControl(dirsecurity)
End Sub
Public Sub RemoveFileSecurity(ByVal filePath As String, ByVal username As String, ByVal power As String)
Dim dirinfo As DirectoryInfo = New DirectoryInfo(filePath)
Dim dirsecurity As DirectorySecurity = dirinfo.GetAccessControl()
Select Case power
Case "FullControl"
dirsecurity.AddAccessRule(New FileSystemAccessRule(username, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Deny))
dirsecurity.AddAccessRule(New FileSystemAccessRule(username, FileSystemRights.FullControl, InheritanceFlags.None, PropagationFlags.InheritOnly, AccessControlType.Deny))
dirsecurity.AddAccessRule(New FileSystemAccessRule(username, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AccessControlType.Deny))
Case "ReadOnly"
dirsecurity.AddAccessRule(New FileSystemAccessRule(username, FileSystemRights.Read, AccessControlType.Deny))
Case "Write"
dirsecurity.AddAccessRule(New FileSystemAccessRule(username, FileSystemRights.Write, InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AccessControlType.Deny))
dirsecurity.AddAccessRule(New FileSystemAccessRule(username, FileSystemRights.Write, InheritanceFlags.None, PropagationFlags.InheritOnly, AccessControlType.Deny))
dirsecurity.AddAccessRule(New FileSystemAccessRule(username, FileSystemRights.Write, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Deny))
Case "Modify"
dirsecurity.AddAccessRule(New FileSystemAccessRule(username, FileSystemRights.Modify, AccessControlType.Deny))
End Select
dirinfo.SetAccessControl(dirsecurity)
End Sub
Now when i lock folder with AddFileSecurity("D:\Protect", "UserUser", "FullControl"), after that i can't unlock folder!
How I can unlock this folder?
Thanks!
Your AddFileSecurity is correctly named but your RemoveFileSecurity doesn't actually remove anything, instead it denies access. In AddFileSecurity you should add a call to remove any Deny entries for that user, probably RemoveAccessRuleAll.