c# Grant user access to network folder using ad service account

Question

I want to grant full access / revoke access to network share folders (I could work with it as a mapped drive as well) using active directory admin account.

How can I File.GetAccessControl, .RemoveAccessRule and .AddAccessRule as active directory admin service account who is at the same time an admin of the network share folders?

score 2 · Answer 1 · answered Nov 30 '15 at 19:36

Here is a snippet I used to do this.

    private void EditAccess(List<string> userlist, string folder)
    {

        foreach (string user in userlist)
        {

            var AccessRule = new FileSystemAccessRule(user, FileSystemRights.FullControl,
                InheritanceFlags.None,
                PropagationFlags.NoPropagateInherit,
                AccessControlType.Allow);

            DirectoryInfo rootFolder = new DirectoryInfo(folder);
            DirectorySecurity rootSec = rootFolder.GetAccessControl(AccessControlSections.Access);

            bool Result;

            rootSec.ModifyAccessRule(AccessControlModification.Set, AccessRule, out Result);

            InheritanceFlags iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
            AccessRule = new FileSystemAccessRule(user, FileSystemRights.FullControl, iFlags, PropagationFlags.InheritOnly, AccessControlType.Allow);
            rootSec.ModifyAccessRule(AccessControlModification.Add, AccessRule, out Result);

            rootFolder.SetAccessControl(rootSec);


        }
    }

This applies permission as the logged-in user, I want to do the very same thing using a service account credentials. — Ammar Hamidou, Nov 30 '15 at 19:43
You can't explicitly set the user that is doing AD specific actions, but you could do this using one of the impersonation methods outlined here http://stackoverflow.com/questions/1168571/run-code-as-a-different-user-c — Falanor, Nov 30 '15 at 22:08

c# Grant user access to network folder using ad service account

1 Answers1