0

So I'm trying to make a new folder on the local drive, and grant it with specific permissions. The main ruleset would be: - Admin has complete access - A specific user (let's call it "Robinson") has complete access - The rest of normal users on the computer would have no access to it.

So far I did this with my code:

string path = @"C:\testFolder";
DirectorySecurity ds = Directory.GetAccessControl(path);
SecurityIdentifier si_Admin = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid,null);

ds.AddAccessRule(new FileSystemAccessRule(si_Admin, FileSystemRights.FullControl, AccessControlType.Allow));
ds.AddAccessRule(new FileSystemAccessRule("Robinson", FileSystemRights.FullControl, AccessControlType.Allow));

SecurityIdentifier si_OtherUsers = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
ds.AddAccessRule(new FileSystemAccessRule(si_OtherUsers, FileSystemRights.Delete, AccessControlType.Deny));
Directory.SetAccessControl(path, ds);

You might notice that on the 3rd AddAccessRule, i am just testing the waters of removing permissions to the other users. Unfortunately this also denies any Deletion for Admin and Robinson as well...and I ended up with a folder that I cannot delete!

So does anybody know what am I missing? And also how could I solve the unremovable folder situation?

Thanks in advance!

doydoy
  • 31
  • 3
  • Put C# to one side. Have you worked out how to do this _without_ C# (e.g. with permissions in Windows Explorer)? – mjwills Mar 30 '20 at 12:27
  • Agree with the dup flag but just for ease of access the relevant answer boils down to: Explicit deny permissions have a precedence over explicit allow permissions. In fact you don't need deny rule altogether, if access rights are not set in the object ACL for some user, access will be denied by default. – Milney Mar 30 '20 at 12:32
  • Ohhh I see. So, aside of, for example, Robinson's user folder, there is no other way to make another folder exclusively for this user and admin? – doydoy Mar 30 '20 at 12:59

0 Answers0