// Our file security object FileSecurity fs = File.GetAccessControl("c:\\filename.txt", AccessControlSections.All); // Showing access rules data AuthorizationRuleCollection arc = fs.GetAccessRules(true, true, typeof(NTAccount)); foreach (FileSystemAccessRule ar in arc) { MessageBox.Show("Access to: " + ar.IdentityReference.Value); MessageBox.Show("Access to: " + ar.AccessControlType.ToString()); MessageBox.Show("Access to: " + ar.FileSystemRights.ToString()); } // Showing audit rules data arc = fs.GetAuditRules(true, true, typeof(NTAccount)); foreach (FileSystemAuditRule ar in arc) { MessageBox.Show("Audit to: " + ar.IdentityReference.Value); MessageBox.Show("Audit to: " + ar.AuditFlags.ToString()); MessageBox.Show("Audit to: " + ar.FileSystemRights.ToString()); }Working with directories:
// Our file security object DirectorySecurity ds = Directory.GetAccessControl("c:\\temp"); // Showing access rules data AuthorizationRuleCollection arc = ds.GetAccessRules(true, true, typeof(NTAccount)); foreach (FileSystemAccessRule ar in arc) { MessageBox.Show("Access to: " + ar.IdentityReference.Value); MessageBox.Show("Access to: " + ar.AccessControlType.ToString()); MessageBox.Show("Access to: " + ar.FileSystemRights.ToString()); }Performing changes in file ACL's:
// Our file security object FileSecurity fs = File.GetAccessControl("c:\\filename.txt", AccessControlSections.All); // Add a new rule fs.AddAccessRule(new FileSystemAccessRule("Guests", FileSystemRights.Read, AccessControlType.Allow)); // Save changes File.SetAccessControl("c:\\filename.txt", fs);For directories:
// Our file security object DirectorySecurity ds = Directory.GetAccessControl("c:\\temp", AccessControlSections.All); // Add a new rule ds.AddAccessRule(new FileSystemAccessRule("Guests", FileSystemRights.Read, AccessControlType.Allow)); // Save changes Directory.SetAccessControl("c:\\temp", ds);Creating directories with initial permissions:
// Our file security object DirectorySecurity ds = new DirectorySecurity(); // Setting the rule ds.AddAccessRule(new FileSystemAccessRule("Guests", FileSystemRights.FullControl, AccessControlType.Allow)); // Creating the directory with our ACL's Directory.CreateDirectory("c:\\guests", ds);Removing ACL's:
// Our file security object FileSecurity fs = File.GetAccessControl("c:\\filename.txt", AccessControlSections.All); // Add a new rule fs.RemoveAccessRuleAll(new FileSystemAccessRule("Guests", FileSystemRights.Read, AccessControlType.Allow)); //fs.RemoveAccessRule(new FileSystemAccessRule("Guests", FileSystemRights.Read, AccessControlType.Allow)); // Save changes File.SetAccessControl("c:\\filename.txt", fs);Other Access Rules classes:
EventWaitHandleAccessRule
MutexAccessRule
RegistryAccessRule
SemaphoreAccessRule
2 comments:
Hi, I'm looking at your'r great code and I notice that in the folder's you don't have a way to see audit rules. I've been asked to do a program to retrieve that information. Can you help me with that please?
best regards and thanks in advance.
Nuno Rios
Hi Nuno,
For auditing purposes, you can achieve these tasks in the similar way as ACL control. Use GetAuditRules and AddAuditRule as follows:
// Our file security object
FileSecurity fs = File.GetAccessControl("c:\\filename.txt", AccessControlSections.All);
// Showing audit rules data
AuthorizationRuleCollection arc = fs.GetAuditRules(true, true, typeof(NTAccount));
foreach (FileSystemAuditRule ar in arc)
{
MessageBox.Show("Audit to: " + ar.IdentityReference.Value);
MessageBox.Show("Audit to: " + ar.AuditFlags.ToString());
MessageBox.Show("Audit to: " + ar.FileSystemRights.ToString());
}
// Add a new rule
fs.AddAuditRule(new FileSystemAuditRule("Guests", FileSystemRights.Read, AuditFlags.Success));
// Save changes
File.SetAccessControl("c:\\filename.txt", fs);
Post a Comment