0

I want to add SeSecurityPrivilege to directory.

I found that library. http://processprivileges.codeplex.com

I tested the code below in windows 8.1

static void Main(string[] args)
{
    String dirPath = @"C:\Users\İsmail\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-456447968-1492996402-1718433538-1001";
    Process process = Process.GetCurrentProcess();

    // Get the privileges and associated attributes.
    PrivilegeAndAttributesCollection privileges = process.GetPrivileges();

    using (new ProcessPrivileges.PrivilegeEnabler(process, Privilege.Security))
    {
        // Privilege is enabled within the using block.

        DirectoryInfo directoryInfo = new DirectoryInfo(dirPath);
        DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();
        directorySecurity.SetOwner(WindowsIdentity.GetCurrent().User);
        Directory.SetAccessControl(dirPath, directorySecurity);

        privileges = process.GetPrivileges();
        PrivilegeState state = process.GetPrivilegeState(Privilege.Security);


        DirectoryInfo dirInfo = new DirectoryInfo(dirPath);
        DirectorySecurity DirSec = dirInfo.GetAccessControl(AccessControlSections.All);

    }
}

The following line of code throws exception.

DirectorySecurity DirSec = dirInfo.GetAccessControl(AccessControlSections.All);

Exception result :

System.Security.AccessControl.PrivilegeNotHeldException was unhandled
  HResult=-2147024891
  Message=The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
  Source=mscorlib
  PrivilegeName=SeSecurityPrivilege
  StackTrace:
       at System.Security.AccessControl.Win32.GetSecurityInfo(ResourceType resourceType, String name, SafeHandle handle, AccessControlSections accessControlSections, RawSecurityDescriptor& resultSd)
       at System.Security.AccessControl.NativeObjectSecurity.CreateInternal(ResourceType resourceType, Boolean isContainer, String name, SafeHandle handle, AccessControlSections includeSections, Boolean createByName, ExceptionFromErrorCode exceptionFromErrorCode, Object exceptionContext)
       at System.Security.AccessControl.NativeObjectSecurity..ctor(Boolean isContainer, ResourceType resourceType, String name, AccessControlSections includeSections, ExceptionFromErrorCode exceptionFromErrorCode, Object exceptionContext)
       at System.Security.AccessControl.DirectorySecurity..ctor(String name, AccessControlSections includeSections)
       at System.IO.DirectoryInfo.GetAccessControl(AccessControlSections includeSections)
       at TestACLS.Program.Main(String[] args) in c:\Users\İsmail\Desktop\TestACLS\TestACLS\TestACLS\Program.cs:line 72
       at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
       at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
       at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Threading.ThreadHelper.ThreadStart()
  InnerException:
İsmail Kocacan
  • 1,204
  • 13
  • 38
  • 1
    Do you mean that you want to enable SeSecurityPrivilege for your process, so that you can read the SACL from the directory? Did you remember to run the process elevated, i.e., using "run as administrator"? – Harry Johnston Feb 25 '15 at 01:31
  • Thanks for your comment. I don't understand SeSecurityPrivilege I tested in windows 7 it works. http://i.giphy.com/3rKFa5iw6TAPZlrNja.gif. But doesn't work at windows 8.1 only – İsmail Kocacan Feb 25 '15 at 02:06
  • I checked SeSecurityPrivilege with whoami /priv command on windows 7. I seen SeSecurityPrivilege state is disabled. I checked SeSecurityPrivilege with whoami /priv command on windows 8.1. I don't seen SeSecurityPrivilege anything – İsmail Kocacan Feb 25 '15 at 02:10
  • also running Windows 7, Windows 8.1 does not work well cause. – İsmail Kocacan Feb 25 '15 at 02:20
  • You should only have SeSecurityPrivilege if you are running elevated. I suspect that you've turned UAC off on your Windows 7 machine. – Harry Johnston Feb 25 '15 at 03:31
  • I run the exe with "run as administrator" works. :) – İsmail Kocacan Feb 25 '15 at 07:56
  • http://stackoverflow.com/questions/7659402/how-to-view-permissions-for-rsa-key-container. The problem maybe assocating ? – İsmail Kocacan Feb 25 '15 at 13:47
  • Not directly. But what are you actually trying to do? You only need SeSecurityPrivilege if you want to inspect the SACL, which contains the audit rules for the file or directory. If you just want the DACL, which contains the permissions, you don't need SeSecurityPrivilege. You just need to replace `AccessControlSections.All` with something more specific. – Harry Johnston Feb 25 '15 at 18:49
  • I work solve that problem. http://stackoverflow.com/questions/28562358/how-can-i-modify-property-get-method-of-x509certificate2s-privatekey I think privatekey issue related to SeSecurityPrivilege. – İsmail Kocacan Feb 25 '15 at 19:16

0 Answers0