CODEWITHSUNDEEP
c#securityfile-permissions
JeremyK
JeremyK

Reputation: 1103

Unable to remove folder permissions (access rules) using DirectorySecurity facilities

I know there are a lot of posts out there about removing permissions on a folder.

However each one I try seems to leave the user groups intact and no exception is thrown - the rules are removed from ACL and the modified AccessControl is set successfully but no actual changes are made.

I need to straight out CLEAR the folder's permission list. I want the folder to be empty after.

Example:

This:

properties

Should become:

Cleared Properties

This is what I am currently trying without success:

DirectorySecurity objSecObj = directory.GetAccessControl();
                AuthorizationRuleCollection acl = objSecObj.GetAccessRules(true, true,
                                            typeof(System.Security.Principal.NTAccount));
objSecObj.SetAccessRuleProtection(false,false);
// EDIT: The above line was the problem, first param should be true.


foreach (FileSystemAccessRule ace in acl)
{
      objSecObj.RemoveAccessRuleSpecific(ace);
}
directory.SetAccessControl(objSecObj);

The intent is to remove all users, then manually add specific user groups after the fact. That part is not an issue, removing the current users is where I am having trouble.

Upvotes: 2

Views: 3140

Answers (1)

Bolu
Bolu

Reputation: 8786

DirectorySecurity objSecObj = directory.GetAccessControl();
AuthorizationRuleCollection acl = objSecObj.GetAccessRules(true, true,
                                            typeof(System.Security.Principal.NTAccount));
objSecObj.SetAccessRuleProtection(true, false); //to remove inherited permissions
foreach (FileSystemAccessRule ace in acl) //to remove any other permission
{    
    objSecObj.PurgeAccessRules(ace.IdentityReference);  //same as use objSecObj.RemoveAccessRuleSpecific(ace);
}

directory.SetAccessControl(objSecObj);

Upvotes: 2

Related Questions