S
scsharma
Hi,
I would like to programatically modify the security setting of
folder. I am using Windows XP professional OS and C# as programming
language.I am using WMI(Windows Management instrumentation) for that.
I got a head start through a code that i got from Internet. Using WMI
i was able to add new users to the folder and set their permissions correctly
but i am running into strange problem where the inheritance property of all
the existing trustee(S) is getting messed up. Here is what I am doing.
I created a new folder using
DirectoryInfo Path = new DirectoryInfo(ROOT_DIR);
Path.CreateSubdirectory(nameDirectory);
At this point i checked the security settings and everything looks fine for
the newly created folder. I checked the inheritance property values for all
the users for this directory using folderproperties->Security Tab->Advanced
and i can see the list has the property value for "inherited from" set to
rigth value which was c:\ in my case.
Now i queried the security Descriptor for the folder using following code.
ManagementBaseObject ret = null;
ManagementPath path = new ManagementPath( );
path.Server = @"."; // server name or .
path.NamespacePath = @"root\cimv2";
path.RelativePath = @"Win32_LogicalFileSecuritySetting.Path=" + "'" +
nameDirectory + "'";
ManagementObject lfs = new ManagementObject(path);
bool EnablePrivileges = lfs.Scope.Options.EnablePrivileges;
lfs.Scope.Options.EnablePrivileges =true;
//Get the Scurity Descriptors.
ManagementBaseObject outParams = lfs.InvokeMethod("GetSecurityDescriptor",
null, null);
if (((uint)(outParams.Properties["ReturnValue"].Value)) == 0) // if success
{
ManagementBaseObject Descriptor =
((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
From the descriptor i got the DACL and from DACL i got the ACE's
ManagementBaseObject[] DaclObject =
((ManagementBaseObject[])(Descriptor.Properties["Dacl"].Value));
/Add New ACE,Access Control Entry, to the list
ManagementBaseObject[] newDACL = ACLACEHelperClass.AddACE(DaclObject,
username,"", msk);
When i assign newDACL to my newly created folder using following code
Descriptor.Properties["Dacl"].Value = newDACL ;
//Set the Security Descriptor
ManagementBaseObject inParams =
lfs.GetMethodParameters("SetSecurityDescriptor");
inParams["Descriptor"] = Descriptor;
ret = lfs.InvokeMethod("SetSecurityDescriptor", inParams, null);
I find that the "inherited from" value for each trustee is changed to <not
inherited>.
In order to test if adding new ACE to retrieved ACL list is causing
this problem i assigned the "DaclObject", originally retrieved ACL to
following line:
Descriptor.Properties["Dacl"].Value = newDACL ;
and i still got the same result. "Inherited from" for all the existing
trustee had value "Not Inherited".
has anyone ran into same problem? Does assigning ACL messes up the
inhertance properties of existing trustees or is there something wrong that i
am doing?
Thanks a lot in advance and sorry for making this post long but i wanted to
provide as much information as i can.
-
Thanks
SCS
I would like to programatically modify the security setting of
folder. I am using Windows XP professional OS and C# as programming
language.I am using WMI(Windows Management instrumentation) for that.
I got a head start through a code that i got from Internet. Using WMI
i was able to add new users to the folder and set their permissions correctly
but i am running into strange problem where the inheritance property of all
the existing trustee(S) is getting messed up. Here is what I am doing.
I created a new folder using
DirectoryInfo Path = new DirectoryInfo(ROOT_DIR);
Path.CreateSubdirectory(nameDirectory);
At this point i checked the security settings and everything looks fine for
the newly created folder. I checked the inheritance property values for all
the users for this directory using folderproperties->Security Tab->Advanced
and i can see the list has the property value for "inherited from" set to
rigth value which was c:\ in my case.
Now i queried the security Descriptor for the folder using following code.
ManagementBaseObject ret = null;
ManagementPath path = new ManagementPath( );
path.Server = @"."; // server name or .
path.NamespacePath = @"root\cimv2";
path.RelativePath = @"Win32_LogicalFileSecuritySetting.Path=" + "'" +
nameDirectory + "'";
ManagementObject lfs = new ManagementObject(path);
bool EnablePrivileges = lfs.Scope.Options.EnablePrivileges;
lfs.Scope.Options.EnablePrivileges =true;
//Get the Scurity Descriptors.
ManagementBaseObject outParams = lfs.InvokeMethod("GetSecurityDescriptor",
null, null);
if (((uint)(outParams.Properties["ReturnValue"].Value)) == 0) // if success
{
ManagementBaseObject Descriptor =
((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
From the descriptor i got the DACL and from DACL i got the ACE's
ManagementBaseObject[] DaclObject =
((ManagementBaseObject[])(Descriptor.Properties["Dacl"].Value));
/Add New ACE,Access Control Entry, to the list
ManagementBaseObject[] newDACL = ACLACEHelperClass.AddACE(DaclObject,
username,"", msk);
When i assign newDACL to my newly created folder using following code
Descriptor.Properties["Dacl"].Value = newDACL ;
//Set the Security Descriptor
ManagementBaseObject inParams =
lfs.GetMethodParameters("SetSecurityDescriptor");
inParams["Descriptor"] = Descriptor;
ret = lfs.InvokeMethod("SetSecurityDescriptor", inParams, null);
I find that the "inherited from" value for each trustee is changed to <not
inherited>.
In order to test if adding new ACE to retrieved ACL list is causing
this problem i assigned the "DaclObject", originally retrieved ACL to
following line:
Descriptor.Properties["Dacl"].Value = newDACL ;
and i still got the same result. "Inherited from" for all the existing
trustee had value "Not Inherited".
has anyone ran into same problem? Does assigning ACL messes up the
inhertance properties of existing trustees or is there something wrong that i
am doing?
Thanks a lot in advance and sorry for making this post long but i wanted to
provide as much information as i can.
-
Thanks
SCS