Re: Setting directory NTFS directory permissions (W2k3 Server)

Forget it guys. I've sorted it. I needed:



// Get a DirectorySecurity object that represents the

// current security settings of the profile directory.

DirectorySecurity dSecurity = dInfoProf.GetAccessControl();

dSecurity.SetAccessRuleProtection(true, false);



// Add the FileSystemAccessRule to the security settings.

byte[] sidData = (byte[])user.Properties["objectSid"].Value;

SecurityIdentifier sid = new SecurityIdentifier(sidData, 0);



dSecurity.AddAccessRule(new FileSystemAccessRule(sid,

FileSystemRights.FullControl,

InheritanceFlags.None,

PropagationFlags.NoPropagateInherit,

AccessControlType.Allow));

dSecurity.AddAccessRule(new FileSystemAccessRule(@"CAMPUS\Domain Admins",

FileSystemRights.FullControl,

AccessControlType.Allow));

dSecurity.AddAccessRule(new FileSystemAccessRule(@"CAMPUS\ITAdvisors",

FileSystemRights.FullControl,

AccessControlType.Allow));



dSecurity.SetOwner(sid);



// Set the new access settings.

dInfoProf.SetAccessControl(dSecurity);



The critical line (as everyone except me probably knows) is:



dSecurity.SetAccessRuleProtection(true, false);



(Blo***dy Microsoft documentation, etc etc)









Peter





"Peter Bradley" <pbradley@xxxxxxxxxx> wrote in message
news:uaoMlzvlHHA.4852@xxxxxxxxxxxxxxxxxxxxxxx
Hi all,

Using C#, does anyone know how I can manipulate the file permissions on a
folder I've just created such that the folder does not inherit permissions
from its parent.
My code currently has a number of lines that look something like:

dSecurity.AddAccessRule(new FileSystemAccessRule(sid,

FileSystemRights.FullControl,
InheritanceFlags.None,

PropagationFlags.NoPropagateInherit,
AccessControlType.Allow));


There is one line for each sid for which I want to set permissions.

The variable sid is, as you would imagine, a security identifier. This
works fine, except that these permissions are added to the inherited
permissions, whereas I want to replace the existing (inherited)
permissions. The programme is scheduled to replace an existing script
which calls xcacls like this:

xcacls \\centralcy03\users\student\edu\dv06004249\profile /P "Domain
Admins":F dv06004249:F ITAdvisors:F /T /Y,1,true

This appears to replace all existing permissions, which is what we want.

Many thanks,




Peter




.

Relevant Pages

  • Re: Security
    ... "Manage Security Settings for Area Contracts Admin ... These permissions are not inherited from the parent area. ... Inherit ...
    (microsoft.public.sharepoint.portalserver)
  • Re: Permissions section is missing
    ... you can set manage security settings in the Portal only ... Each area can have unique permissions, ... within that particular area will automatically inherit the area's security. ...
    (microsoft.public.sharepoint.portalserver)
  • Re: Permissions on filesystem via Group policy
    ... can use the Resultant Set of Policy mmc snapin to see exactly what Group ... you want to disable "inherited permissions" in the advanced page if you only ... > Right-click File System and press Add File. ... Use the security settings of that GPO to specify ...
    (microsoft.public.windows.group_policy)
  • RE: Preserving permissions in a cross-forest move
    ... migrate the permissions of the shared folders in a cross-domain scenario. ... If you select the Copy security settings option, ... If you select Copy security settings option, ...
    (microsoft.public.windows.server.migration)
  • Re: Default User Serurity Permission
    ... you will need to adjust a few permissions ... > installation default security settings: ... >>Restore XP to installation Security Defaults ... the first thing to try is to grant the ...
    (microsoft.public.windowsxp.security_admin)