Re: How to programmingly check off "Allow inheritable permissions

Thanks for your guidance, Dominick'
I am not familiar with .Net 2.0 yet, but maybe now comes the chance to
migrate to it~

Timothy

"Dominick Baier" wrote:

I never used this library - but if you are targeting .NET 2.0 you can find
all the functionality in System.Security.AccessControl

dominick


Hi, I am using Microsoft.Win32.Security package(C#) to set the NT
security of specified folder/file.

My purpose is to protect the content of files under a specified folder
from being read by "Users" group members, whereas Users can still list
the name of these files, and tranverse through subfolders.

I have tried the code as follows:
----------------------------------------------------------------------
--------------------
SecurityDescriptor secDesc =
SecurityDescriptor.GetFileSecurity(strFullPath,
SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
Dacl dacl = secDesc.Dacl;
Sid sidUsers = new Sid ("Users");
dacl.RemoveAces(sidUsers);
FileAccessType FAType = FileAccessType.READ_CONTROL |
FileAccessType.FILE_READ_ATTRIBUTES | FileAccessType.FILE_READ_EA;
dacl.AddAce (new AceAccessAllowed (sidUsers,
(AccessType)FAType,AceFlags.CONTAINER_INHERIT_ACE |
AceFlags.OBJECT_INHERIT_ACE));
DirectoryAccessType DAType = DirectoryAccessType.FILE_LIST_DIRECTORY |
DirectoryAccessType.FILE_TRAVERSE;
dacl.AddAce (new AceAccessAllowed (sidUsers, (AccessType)DAType,
AceFlags.CONTAINER_INHERIT_ACE | AceFlags.INHERITED_ACE));
secDesc.SetDacl(dacl);
secDesc.SetFileSecurity(strFullPath,
SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
----------------------------------------------------------------------
--------------------
The code just worked as expected -- I mean just as what I manually set
when
testing the security setting. However, by running the code, objects
under the
folder just keep their security setting -- inherit from much upper
parent
objects...
I think the only difference is that when manually setting the
security, I firstly check off the "Allow inheritable permissions from
the parent to propagate to this object and all child objects" in the
Advanced Security Setting dialog. By doing so, all objects under the
folder will change to inherit their security from this folder,
expectably. So, is it possible to implement this CheckOff in C#
programming?

Best regards,
Timothy Hu


.

Relevant Pages

  • RE: Change Macro Security Settings to Low during Custom Setup
    ... A) install office 2003 as normal, ... modify the macro security setting in each account. ... Open the folder for the user you logged in as to lower security settings ...
    (microsoft.public.office.setup)
  • RE: Change Macro Security Settings to Low during Custom Setup
    ... > an MST file which modifies the policy templates to set the macro security ... > B) log on to the machine as a user account. ... > C) modify the macro security setting in each account. ... > I) Open the folder for the user you logged in as to lower security settings ...
    (microsoft.public.office.setup)
  • RE: Redirected Folders wont allow offline folders (article 288991
    ... I reset the OS back to the original install default security setting, ... It does not require setting a GPO for Folder Redirection of “My Documents” ... Log off TestUser and make TestUser a member of the Domain Admins security ...
    (microsoft.public.windows.server.general)
  • Re: Folder Security
    ... > located in the folder. ... > properties the security tab was gone. ... > able to delete or modify any of the files. ...
    (microsoft.public.win2000.security)
  • Re: << Small Bus Server news of the week>>
    ... > will pick up the mail that is in the Incoming Mail folder. ... > A Chinese security group has released sample ... > Cyber law expert Pavan Duggal feels India's ... > A California blood bank has retrieved a stolen ...
    (microsoft.public.backoffice.smallbiz)