I am trying to move a folder from one directory to another using this
System.IO.Directory.Move(tempPath, newFolder);
I am Administrator on my computer, so I should have full access. I cannot figure out why I get this exception once every two trying.
Access to the path 'D:\<myDirectory>' is denied.
Just because you're admin doesn't mean you can access everything. Among the things you can't necessarily access:
Files/directories owned by SYSTEM which don't explicitly allow admins (e.g. C:\System Volume Information)
Files locked by other processes with "share" settings which preclude your access
Related
I have an issue with a program that I’m running on one of my work machines.
Treesize pro is a program that will scan an area (C:\, \\nasdrive\home, etc.) and give you a tree-view as well as other information on the area.
now I run this program on an account that has admin privileges and when I lunch it give the user account control pop up.
However if I search an area my admin account does not have access to (there are a few) it will work fine and show me all the info for the files, folder, size, modified and creation dates. I cannot open the files but I can see their names and go into subfolders. If I try this in explorer, I will get access denied.
I tried to do this with a script that I wrote it C# however if I try and do a Directory.getDirectories(); and Directory.GetFiles(); but even if I run my program as admin (right click run as admin) it will just give access denied command in the Catch block.
I really would like to know how Treesize is managing to list folders, sub-folders, and files that my account does not have access to.
Thanks
TreeSize reads the data through the NTFS backup API (see https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories ).
From the notes from treesize:
https://manuals.jam-software.de/treesize/EN/notesonntfs.html
Access Control Lists
The way users can access files and folders can be restricted. One can grant or deny other users or groups certain rights [...]. That way one can even deny administrators to access files and folders. If an administrator tries to access a folder in the Windows Explorer to which the owner denied any other users reading access, an "Access Denied" error message will be displayed. However, TreeSize is able to scan such folders, if you are logged in as administrator or as a user that has the right to perform backups (This option can be changed at "Control Panel > Administrative Tools > Local Security Policy" and with the user editor of Windows).
An in-depth look into the access rights can be found in https://learn.microsoft.com/en-us/windows/win32/fileio/file-security-and-access-rights
The SE_BACKUP_NAME and SE_RESTORE_NAME access privileges were specifically created to provide this ability to backup applications. If these privileges have been granted and enabled in the access token of the backup application process, it can then call CreateFile to open your file or directory for backup, specifying the standard READ_CONTROL access right as the value of the dwDesiredAccess parameter. However, to identify the calling process as a backup process, the call to CreateFile must include the FILE_FLAG_BACKUP_SEMANTICS flag in the dwFlagsAndAttributes parameter. This will allow the backup application process to open your file and override the standard security checking.
HANDLE hFile = CreateFile( fileName, // lpFileName
READ_CONTROL, // dwDesiredAccess
0, // dwShareMode
NULL, // lpSecurityAttributes
OPEN_EXISTING, // dwCreationDisposition
FILE_FLAG_BACKUP_SEMANTICS, // dwFlagsAndAttributes
NULL ); // hTemplateFile
You can find more information on
https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-backupread
https://learn.microsoft.com/en-us/windows/win32/backup/creating-a-backup-application
I am building an universal updater for my company, and when I try to access a mapped network drive, the program throws a file not found exception when run as admin. When the file is run as a normal user the files are visible, but throws an Unauthorized Exception due to the fact that the files are copied to the Program Files (company policy).
Edit
The code that throws the FileNotFound Exception is FileVersionInfo fvi = FileVersionInfo.GetVersionInfo(rdrInner.GetString(2)); and the Unauthorized Exception is thrown by File.Copy(pi.RemotePath, pi.Path, true);
Mapped drives are part of the user profile, so you need to map the drive whilst logged in as the admin user. This is why using a mapped drive is a bad idea--can't you use a fully qualified UNC path instead? See http://msdn.microsoft.com/en-gb/library/gg465305.aspx for an explanation of UNC paths.
I have a folder structure on a (Server 2003 SP2) file server and I need to delete it using C#. I can't do that because I get System.UnauthorizedAccessException: Access to the path '\\xyz\blah\...' is denied. (where the path points to a sub-folder) because the permissions on the sub-folder are incorrect. So, I've been trying to take ownership of the files and this fails with System.UnauthorizedAccessException: and now I'm stuck.
Detail
I have an admin tool used by users with minimal privs. They need to delete folders and files to which they don't have access, so I wrote a UI which calls a web service. The web service runs under an AppPool with a domain account which is (now) a member of Administrators on the file server, so it should have access to delete the files and folders. But some of the folders have incorrect permissions. For example, when I log onto the file server with an account in Administrators and open the security tab for the folder, I see:
And for these folders my code doesn't work.
I've given the appPool account 'Take ownership of files or other objects' on the web server using Local Security Policy. Other posts (e.g. this one) have pointed out that you need to explicitly enable SeTakeOwnershipPrivilege in code and recommended Process Privileges which I'm using in my web service:
using (new PrivilegeEnabler(process, Privilege.TakeOwnership))
{
System.Diagnostics.Debug.WriteLine(String.Format(
"Privilege:TakeOwnership status: {0}.",
process.GetPrivilegeState(Privilege.TakeOwnership)));
SetFolderOwnerToCurrentUser(folderName, groupName);
}
When I run this, I see:
Privilege:TakeOwnership status: Enabled.
(Before adding the priv via LSP, I was seeing Privilege:TakeOwnership status: Removed.)
In SetFolderOwnerToCurrentUser if I just use
var directorySecurity = new System.Security.AccessControl.DirectorySecurity();
directorySecurity.SetOwner(WindowsIdentity.GetCurrent().User);
System.IO.Directory.SetAccessControl(folderPath, directorySecurity);
I also get System.UnauthorizedAccessException: Access to the path '\\fs\blah' is denied. Again, it's the sub-folder it's complaining about.
I've been running in circles with allowing my application to write to a folder on a shared network drive.
So far I have this:
FileUploadControl.SaveAs(Server.MapPath("myFolder/" + filename));
this successfully saves the file to
\\machineName\inetpub\wwwroot\myApp\myFolder
However, I am also trying to save the same file to a folder outside of the root folder on the path
\\machineName\myFolder
using:
FileUploadControl.SaveAs("C:\\myFolder\\" + filename);
This returns an error of "Access Denied." So how do I go about allowing my application to write a file to \\machineName\myFolder? I have tried giving write permissions to IIS_IUSRS and NETWORK SERVICE to no avail. Should I create a user with privileges to write to the network drive and then use impersonation to use that user when writing to the drive?
Using IIS 7 with .NET 4 application.
Go to your application's app pool, right click on it and choose Advanced properties. Check the Identity value under Process model settings group. Give this Identity permissions to write files in your folder.
If the value is ApplcationPoolIdentity than user name is IIS APPPOOL\app_pool_name.
I'm attempting to read a PDF from a UNC path, i.e. \10.32.16.24\repositories\repository0001\VOL00001\ktappb01_024655001_0.PDF
My virtual directory ASP.NET site is being run under IUSR_machine_name.
Has anonymous access enabled as well.
I gave IUSR_machine_name full rights to the UNC share and as I step through my ASP.NET page's code behind onto the File.OpenRead(filepath) method, it throws an exception: "Access to path \10.32.16.24\repositories\repository0001\VOL00001\ktappb01_024655001_0.PDF is denied".
I tried granting the ASPNET user full rights to the share as well with the same result.
At this point I'm completely lost for a resolution.
I'm running IIS6.
On both machines security eventlog, check what user has been denied access. It is most likely a different user.
I was able to find the user by logging it. I'd made a stupid error in my code that wasn't giving me the result I was assuming I was going to get.