9

Before I pull out the rest of my hair I'd like to get some input on this.
I'm trying to take ownership of a folder. I'm running the program as administrator of course and I do have rights to take ownership since I can change the owner in explorer.

I can however change the owner if either administrator or my account owns it, and I can change permissions if I already have ownership.
If I try to give myself ownership of a file, lets say owned by SYSTEM, then I get an unauthorizedexception.

I've tried some different things with the accesscontrol methods but nothing works, this latest method I think is directly by the book.

        private static void makePerm(string file, NTAccount account)
    {
        FileInfo finfo = new FileInfo(file);
        FileSecurity fsecurity = finfo.GetAccessControl();
        //also tried it like this //fsecurity.ResetAccessRule(new FileSystemAccessRule(string.Format(@"{0}\{1}", Environment.UserDomainName.ToString(), Environment.UserDomainName.ToString()), FileSystemRights.FullControl, AccessControlType.Allow));
        fsecurity.SetOwner(account);
        finfo.SetAccessControl(fsecurity);
    }

I'm trying this on Windows 7 btw.
What am I missing here?

apaderno
  • 28,547
  • 16
  • 75
  • 90
Steinthor.palsson
  • 6,286
  • 13
  • 44
  • 51
  • What you seem to be missing is that SYSTEM outranks you and Admin. – H H Mar 20 '11 at 13:59
  • Are you sure you can take ownership in Explorer over a System-owned file? You seem to say that but too explicit. – H H Mar 20 '11 at 14:01
  • yeah I know, but why can I change the owner from system to admin in explorer, but not with code? AFAIK Administrator can always take ownership of anything. – Steinthor.palsson Mar 20 '11 at 14:02
  • Do you test on the _same file_ with Explorer? – H H Mar 20 '11 at 14:06
  • yep, same same file. I made a test folder for this exact purpose. I tried giving ownership to system and removing all permissions. I can change the owner back with explorer, but not with my program. – Steinthor.palsson Mar 20 '11 at 14:08
  • 1
    Ok, +1 for the question then but I don't have a better answer. – H H Mar 20 '11 at 14:26
  • thx for the ++. I don't know how it works when I change the owner with explorer. Maybe it's being passed on to the system account when the current owner is higher ranked then administrator. But I'm just guessing here. – Steinthor.palsson Mar 20 '11 at 14:47

2 Answers2

13

I had the same problem and just posting here for anybody else who may come here searching like me:

You need to explicitly enable SeTakeOwnershipPrivilege in code as Luke mentions above. I found this Process Privileges to be really helpful dealing with this sort of thing.

Here is how it fixed my code:

using System;
using System.Diagnostics;

// ...
using (new ProcessPrivileges.PrivilegeEnabler(Process.GetCurrentProcess(), Privilege.TakeOwnership))
{
    directoryInfo = new DirectoryInfo(path);
    directorySecurity = directoryInfo.GetAccessControl();

    directorySecurity.SetOwner(WindowsIdentity.GetCurrent().User);
    Directory.SetAccessControl(path, directorySecurity);    
}
umlcat
  • 4,091
  • 3
  • 19
  • 29
Maverik
  • 5,619
  • 35
  • 48
  • 1
    I know it is a bit old, but I was facing the same issue. Thanks for sharing the solution, it worked perfectly for me with an adaption. In case someone wants to make someone else the owner: You will then also need the privilege Privilege.Restore. Before you will be able to change the owner. And if you want to take the ownership, you might first need to create a new FileSecurity object, take ownership and then go on from there: `var fileSecurity = new FileSecurity();` `fileSecurity.SetOwner(_owner);` `File.SetAccessControl(file, fileSecurity);` – philip Aug 19 '14 at 15:54
1

Did you elevate your process via UAC first? On Windows 7, without UAC escalation, your process is running with the lower privileged token.

pjulien
  • 1,369
  • 10
  • 14