Below is a simple c# console application that shows how you can set the NTFS ACLs for a directory.
You are probably aware of the DirectoryInfo object which you can use to get details on a folder, but there is also the ability to get and set the NTFS file ACLs (Access Control List Entries)
No special reference need to be made in order to use the code.
using System.IO;
using System.Security.AccessControl;
namespace DirectoryPermissions
{
internal class Program
{
private static void Main(string[] args)
{
string ADDomain = "Domain";
string ADUser = "Chris";
string Path = @"c:\temp\chris";
if (Directory.Exists(Path) == false)
Directory.CreateDirectory(Path);
// Remove any inheritable permissions from the path
RemoveInheritablePermissons(Path);
// Add the access control entries for the path
AddDirectorySecurity(Path, ADDomain + "\\" + ADUser, FileSystemRights.Modify,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None, AccessControlType.Allow);
AddDirectorySecurity(Path, ADDomain + "\\Domain Users", FileSystemRights.Delete, InheritanceFlags.None,
PropagationFlags.None, AccessControlType.Deny);
AddDirectorySecurity(Path, ADDomain + "\\Domain Admins", FileSystemRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None, AccessControlType.Allow);
}
// Adds an ACL entry on the specified directory for the specified account.
public static void AddDirectorySecurity(string FileName, string Account, FileSystemRights Rights,
InheritanceFlags Inheritance, PropagationFlags Propogation,
AccessControlType ControlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(FileName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.AddAccessRule(new FileSystemAccessRule(Account,
Rights,
Inheritance,
Propogation,
ControlType));
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
// Removes an ACL entry on the specified directory for the specified account.
public static void RemoveDirectorySecurity(string FileName, string Account, FileSystemRights Rights,
AccessControlType ControlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(FileName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.RemoveAccessRule(new FileSystemAccessRule(Account,
Rights,
ControlType));
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
// Removes an ACL entry on the specified directory for the specified account.
public static void RemoveInheritablePermissons(string FileName)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(FileName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
const bool IsProtected = true;
const bool PreserveInheritance = false;
dSecurity.SetAccessRuleProtection(IsProtected, PreserveInheritance);
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
}
}
No comments:
Post a Comment