none
Create folder with custom ACL in c# RRS feed

  • Question

  • Hi,

     

    I'm trying to create folders programmatically with custom ACL. I want to remove Domain Users permission by disabling parent folder permission inheritance and then deleting the Domain Users access rule. After I modified the ACL I want to give the new security info to the directory.create methode Here is my code snippet:

    DirectoryInfo myFolder = new DirectoryInfo(myRootFolder + "\\" + myFolderCode);
    DirectoryInfo myRoot = new DirectoryInfo(myRootFolder);
    DirectorySecurity directorySecurity = myRoot.GetAccessControl();
    FileSystemRights Rights = FileSystemRights.Modify;
    AccessControlType accessControlType = AccessControlType.Allow;
    ContextType contextType = new ContextType();
    PrincipalContext groupPrincipalContext = new PrincipalContext(contextType, domainController);
    GroupPrincipal domainUsers = GroupPrincipal.FindByIdentity(groupPrincipalContext, System.DirectoryServices.AccountManagement.IdentityType.Name, "Domain Users");
    FileSystemAccessRule domainUsersAccessRule = new FileSystemAccessRule(domainUsers.SamAccountName, Rights, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, accessControlType);
    directorySecurity.SetAccessRuleProtection(true, true);
    directorySecurity.RemoveAccessRuleAll(domainUsersAccessRule);
    
    OR
    
    directorySecurity.PurgeAccessRules(domainUsers.Sid);
    
    myFolder.Create(directorySecurity);
    


    I can set the "SetAccessRuleProtection" in the directorySecurity but it seems the RemoveAccessRuleAll or other two removeaccessrule methodes or PurgeAccessRules methode does not removes anything.

     

    I get the AuthorizationRuleCollection and compared the rules to domainUsersAccessRule and it matched. Could somebody help me what I missed?

     

    Thanks!


    I'm not a developer! I'm an infrastructure engineer! Please be patient on the development forums! :)
    Sunday, December 18, 2011 1:41 PM

Answers

  •  

     Hi,
         First you remove the Account than after try to remove the inheritance from the parent folders.

     

    use the below code

    directorySecurity.RemoveAccessRuleAll(domainUsersAccessRule);

    myroot.SetAccessControl(directorySecurity)


    directorySecurity.SetAccessRuleProtection(true, true);

    myroot.SetAccessControl(directorySecurity)


    If my answer solve your problem,Please click "Mark As Answer" on that post and "Mark as Helpful". Manikandan
    • Marked as answer by Paul Zhou Monday, December 26, 2011 6:57 AM
    Tuesday, December 20, 2011 9:48 AM

All replies

  • Hi,

    Welcome to the MSDN forum.

    May I know whether the user runs the application has privilege to modify ACL of the folder?

    And Any error messages or exceptions when you run the application? Could you please check whether you have created a valid FileSystemAccessRule object(domainUsersAccessRule in your case)? 

    You can read MSDN document:

    http://msdn.microsoft.com/en-us/library/system.security.accesscontrol.commonobjectsecurity.removeaccessruleall.aspx

    http://msdn.microsoft.com/en-us/library/zbfbabws.aspx


    Paul Zhou [MSFT]
    MSDN Community Support | Feedback to us

    • Edited by Paul Zhou Tuesday, December 20, 2011 9:34 AM
    Tuesday, December 20, 2011 9:34 AM
  •  

     Hi,
         First you remove the Account than after try to remove the inheritance from the parent folders.

     

    use the below code

    directorySecurity.RemoveAccessRuleAll(domainUsersAccessRule);

    myroot.SetAccessControl(directorySecurity)


    directorySecurity.SetAccessRuleProtection(true, true);

    myroot.SetAccessControl(directorySecurity)


    If my answer solve your problem,Please click "Mark As Answer" on that post and "Mark as Helpful". Manikandan
    • Marked as answer by Paul Zhou Monday, December 26, 2011 6:57 AM
    Tuesday, December 20, 2011 9:48 AM
  • Hi,

     

    Has your issue been resolved? Would you mind letting us know the result of the suggestions?

     

    Now I will mark an answer, you can mark others that you think to be so useful to your issue.

    If you still have any questions about this issue, please feel free to let me know. 


    Have a nice day!


    Paul Zhou [MSFT]
    MSDN Community Support | Feedback to us
    Monday, December 26, 2011 6:57 AM