locked
Get Access rights of "Everyone" group on a share RRS feed

  • Question

  • I want check what rights the "Everyone" group has to a share on another server. I tried using

    System.Security.AccessControl.

     

    DirectorySecurity sec = System.IO.Directory.GetAccessControl(@"\\" + server + @"\" + share, System.Security.AccessControl.AccessControlSections.All);

    System.Security.AccessControl.

     

    AuthorizationRuleCollection rules = sec.GetAccessRules(true, true, typeof(SecurityIdentifier));

     

     

    foreach (System.Security.AccessControl.AuthorizationRule rule in rules)

    {

    System.Security.AccessControl.

     

    FileSystemAccessRule fileRule = (System.Security.AccessControl.FileSystemAccessRule)rule;

     

     

    Console.WriteLine(((NTAccount)fileRule.IdentityReference.Translate(typeof(NTAccount))).ToString() + ": " + fileRule.FileSystemRights.ToString());

    }

     

     


    however, this doesn't return anything for "Everyone", even when "Everyone" has Full Control -- probably because DirectorySecurity is the wrong object to be using or I'm on the wrong track altogether. Is there a class that will tell me what access "Everyone" has to a share on another server?

    Monday, February 7, 2011 6:00 PM

Answers

All replies

  • Hi Preston Park,

    Thank you for posting.

    Please check the following code snippets.

    public static FileSystemRights GetDirectoryPermissions(string user, string domainName, string folderPath)
        {      
          if(!Directory.Exists(folderPath))
          {
            return (0);
          }
          
          string identityReference = ((domainName + @"\" + user) as string).ToLower();
          DirectorySecurity dirSecurity = Directory.GetAccessControl(folderPat 
    h, AccessControlSections.Access);
          foreach(FileSystemAccessRule fsRule in dirSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
          { 
            if(fsRule.IdentityReference.Value.ToLower() == identityReference)
            {
              return (fsRule.FileSystemRights);
            }        
          }
          return (0);
        }
    
    
    
    

    In addition, I find the following link which might help you.

    http://groups.google.com/group/microsoft.public.vb.com/browse_thread/thread/3cc8f783e3a1f7b1/6b4eff6de3642bbe?&hl=en#6b4eff6de3642bbe

    Best Regards,

    Larcolais


    Larcolais Gong[MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, February 8, 2011 7:43 AM
  • The problem is that code doesn't give any information about what rights the "Everyone" group has (S-1-1-0). I'm not trying to set permissions for Everyone, which, ironically, is easier to do.
    Tuesday, February 8, 2011 7:15 PM
  • Hi Preston Park,

     

    Please check the following sample code. This method will set dir permissions. Hope this helps.

    public static bool SetDirPermission(string dirPath, string account, FileSystemRights rights)
        {
          FileSystemAccessRule accessRule = new FileSystemAccessRule(account, rights,
                        InheritanceFlags.None,
                        PropagationFlags.NoPropagateInherit,
                        AccessControlType.Allow);
    
          DirectoryInfo dirInfo = new DirectoryInfo(dirPath);
          DirectorySecurity dirSecurity = dirInfo.GetAccessControl(AccessControlSections.Access);
    
          bool result = false;
          dirSecurity.ModifyAccessRule(AccessControlModification.Add, accessRule, out result);
          if (result)
          {
            accessRule = new FileSystemAccessRule(account, rights,
                        InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                        PropagationFlags.InheritOnly,
                        AccessControlType.Allow);
    
            dirSecurity.ModifyAccessRule(AccessControlModification.Add, accessRule, out result);
            if (result)
            {
              dirInfo.SetAccessControl(dirSecurity);
            }
          }
    
          return result;
        }
    

    Best Regards,

    Larcolais


    Larcolais Gong[MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    • Proposed as answer by Balaji Baskar Wednesday, February 9, 2011 2:37 PM
    Wednesday, February 9, 2011 8:02 AM
  • Thanks. If I ever need to set directory permissions, I'll remeber that.
    Wednesday, February 9, 2011 12:27 PM
  • It is not possible with managed code. The bulk of the solution can be found here: http://www.pinvoke.net/default.aspx/advapi32.getace

    • Marked as answer by Preston Park Wednesday, February 9, 2011 2:49 PM
    Wednesday, February 9, 2011 2:49 PM