Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

creating a folder with specific security permissions

12 views
Skip to first unread message

Soumen

unread,
Jan 6, 2010, 5:07:01 AM1/6/10
to

hi,

I want to create a folder with Administrator and SYSTEM group having full
control for both. and I even want it to be not inheritable.

The folder like C:\WINDOWS\SYSTEM32 same property I want to impose in the
newly created directory.

checked with MSDN api's. ConvertStringSecurityDescriptorToSecurityDescriptor
fails in windows 2003 sp2.

Any point on this would be helpful.

Thanks,

Soumen

Dubravko Sever

unread,
Jan 12, 2010, 8:26:32 AM1/12/10
to

"Soumen" <Sou...@discussions.microsoft.com> wrote in message
news:71C92B23-F722-40E4...@microsoft.com...


>
> hi,
>
> I want to create a folder with Administrator and SYSTEM group having full
> control for both. and I even want it to be not inheritable.
>
> The folder like C:\WINDOWS\SYSTEM32 same property I want to impose in the
> newly created directory.
>
> checked with MSDN api's.
> ConvertStringSecurityDescriptorToSecurityDescriptor
> fails in windows 2003 sp2.
>

Hi, first create folder, then change its securiti descriptors like in
example (this is my examle for security descriptors for files)

static void SettingSecurityDescriptors(string file)
{

System.IO.FileInfo fileinfo = new System.IO.FileInfo(file);
FileSecurity fileSec = fileinfo.GetAccessControl();
System.Security.Principal.IdentityReference identReference =
fileSec.GetOwner(typeof(System.Security.Principal.NTAccount));


string owner=identReference.Value.ToString();
string LocalSystem=@"NT AUTHORITY\SYSTEM";

fileSec.SetAccessRuleProtection(true, false); // setting not
inheritable

AuthorizationRuleCollection rules = fileSec.GetAccessRules(false
, true, typeof(System.Security.Principal.NTAccount));
try
{
foreach (AuthorizationRule rule in rules)
{

// System.Diagnostics.Trace.WriteLine(rule.ToString());

if (rule is AccessRule)

System.Diagnostics.Trace.WriteLine (
rule.IdentityReference.ToString());

System.Diagnostics.Trace.WriteLine(
fileSec.RemoveAccessRule((FileSystemAccessRule)rule).ToString() ); //remove
current rules

}

}
catch { System.Diagnostics.Trace.WriteLine("Problem"); }


try
{


fileSec.AddAccessRule(new
FileSystemAccessRule(owner,FileSystemRights.FullControl,AccessControlType.Allow));
//set rules for owner
fileSec.AddAccessRule(new FileSystemAccessRule(LocalSystem
,FileSystemRights.Read ,AccessControlType.Allow)); //set rules for
LocalSystem
fileinfo.SetAccessControl(fileSec);

}
catch (System.IO.IOException eror) {
System.Diagnostics.Trace.WriteLine(eror); }
}

0 new messages