none
FileSystemAccessRule: everyone group

    Question

  • I am developping an installer class and I want to set specific permissions for all users. I know that this is possible with a code like this:

    Dim dirSec As New DirectorySecurity

    dirSec = Directory.GetAccessControl(dirPath)

    dirSec.AddAccessRule(New FileSystemAccessRule("Everyone", FileSystemRights.FullControl, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

    Directory.SetAccessControl(dirPath, dirSec)

     

    Unhopefully I need this code to be valid for computers with different InstalledUICulture. For instance I know that in German it is sufficient to replace "Everyone" with "Jeder". Is it possible to call a method that permits to generalize the code for every language of the operating system?

     

    Thanks in advance

    Tuesday, May 29, 2007 3:46 PM

Answers

  • An easier way than the other suggestions is to simply pass the SecurityIdentifier directly to the access rule itself. ie Use the constructor overload of FileSystemAccessRule that takes an IdentityReference instead of a string.


    Base Class Library Team (BCL) | My Blog: http://davesbox.com
    Wednesday, March 17, 2010 5:22 AM
    Moderator

All replies

  •  Hello !

    Use SID strings instead of  symbolic names like "Everyone", "BUILTIN\Users" etc.

    For "Everyone"     SID = "S-1-1-0".  You can look it (and other well known SIDs)   up in WinNT.h.

      AddAccessRule("S-1-1-0", ...,..);

    Also - here is a link to a helpful article --  http://support/microsoft.com/kb/243330.

    gl

    Friday, June 15, 2007 12:00 AM
  • This will give you the "Everyone" string that you require for each version of the OS e.g. English, German etc.              

    System.Security.Principal.SecurityIdentifier sid = new System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.WorldSid, null);
    System.Security.Principal.NTAccount acct = sid.Translate(typeof(System.Security.Principal.NTAccount)) as System.Security.Principal.NTAccount ;
    string strEveryoneAccount = acct.ToString();

    try
    {
    System.Security.AccessControl.FileSecurity sec = System.IO.File.GetAccessControl(FILENAME);
    sec.AddAccessRule(new System.Security.AccessControl.FileSystemAccessRule(
    strEveryoneAccount,
    System.Security.AccessControl.FileSystemRights.FullControl,
    System.Security.AccessControl.AccessControlType.Allow));
    File.SetAccessControl(FILENAME, sec);
    }
    catch(UnauthorizedAccessException)
    {
    // handle permissions problem
    }
    • Proposed as answer by crashSmoke Thursday, March 19, 2009 1:52 PM
    Friday, January 18, 2008 1:50 PM
  • thank you satankidneypie you saved my life

    Thursday, November 06, 2008 1:12 PM
  • I am having trouble to get the below translated to VB.NET ... can someone help? TIA!


    System.Security.Principal.SecurityIdentifier sid = new System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.WorldSid, null);
    System.Security.Principal.NTAccount acct = sid.Translate(typeof(System.Security.Principal.NTAccount)) as System.Security.Principal.NTAccount ;
    string strEveryoneAccount = acct.ToString();

    • Proposed as answer by Fleshwound Tuesday, January 22, 2013 3:39 PM
    Monday, March 09, 2009 6:53 PM
  • Nevermind ... got it:

            Dim sid As New System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.WorldSid, Nothing)
            Dim acct As System.Security.Principal.NTAccount = TryCast(sid.Translate(GetType(System.Security.Principal.NTAccount)), System.Security.Principal.NTAccount)
            Dim strEveryoneAccount As String = acct.ToString()
    Tuesday, March 10, 2009 7:47 AM
  • Awesomely helpful - thanks dude!!
    354 Errors.... must have missed a semi-colon somewhere
    Thursday, March 19, 2009 1:52 PM
  • An easier way than the other suggestions is to simply pass the SecurityIdentifier directly to the access rule itself. ie Use the constructor overload of FileSystemAccessRule that takes an IdentityReference instead of a string.


    Base Class Library Team (BCL) | My Blog: http://davesbox.com
    Wednesday, March 17, 2010 5:22 AM
    Moderator