/// <summary> /// Removes all access rules from the supplied directory. /// </summary> /// <param name="path">The path to the directory to remove all access rules from.</param> /// <param name="security">The DirectorySecurity object of the directory that will be changed.</param> /// <param name="commitChanges">Indicates whether changes should be commited to this directory. Useful when combining multiple commands.</param> /// <returns>True if all rules were removed. False if an error occurred.</returns> static public bool RemoveAllAccessRules(string path, ref DirectorySecurity security, bool commitChanges) { // Check whether a path and security object were supplied. if (!string.IsNullOrEmpty(path) && security != null) { // A path and security object were supplied. // Check whether the path exists. if (SystemDirectory.Exists(path)) { // The directory exists. try { // Get all the authorization rules for the directory. AuthorizationRuleCollection ruleCollection = security.GetAccessRules(true, true, typeof(SecurityIdentifier)); // Remove all the authorization rules for the entry. foreach (FileSystemAccessRule rule in ruleCollection) { security.RemoveAccessRuleSpecific(rule); } // Commit the changes if necessary. if (commitChanges) { try { SystemDirectory.SetAccessControl(path, security); } catch (UnauthorizedAccessException) { // The current process does not have access to the directory specified by path. // Or the current process does not have sufficient privilege to set the ACL entry. return(false); } catch (PlatformNotSupportedException) { // The current operating system is not Windows 2000 or later. return(false); } } return(true); } catch { // There was an error removing the rules. return(false); } } else { // The directory does not exist. return(false); } } else { // An directory or security object were not supplied. return(false); } }
private static void RemoveAclsFromAccount(string dirPath, string accountToRemove) { DirectorySecurity security = Directory.GetAccessControl(dirPath); DirectoryInfo myDirectoryInfo = new DirectoryInfo(dirPath); AuthorizationRuleCollection rules = security.GetAccessRules(true, true, typeof(NTAccount)); foreach (FileSystemAccessRule rule in rules) { if (rule.IdentityReference.Value.ToLower().Contains(accountToRemove.ToLower())) { security.RemoveAccessRuleSpecific(rule); } } myDirectoryInfo.SetAccessControl(security); }
public void Ex3_RemoveDirPermit() { string path = @"..\..\..\TmpFile"; string dir = Path.Combine(path, @"Dir1"); DirectoryInfo directoryInfo = new DirectoryInfo(dir); //directoryInfo.Create(); DirectorySecurity directorySecurity = directoryInfo.GetAccessControl(); directorySecurity.RemoveAccessRuleSpecific( new FileSystemAccessRule("everyone", FileSystemRights.ReadAndExecute, AccessControlType.Allow)); directoryInfo.SetAccessControl(directorySecurity); }
public void RemoveGroupFromFolderSecuritySetting(string folderPath, string groupName) { DirectoryInfo dInfo = new DirectoryInfo(folderPath); if (dInfo.Exists) { DirectorySecurity dSecurity = dInfo.GetAccessControl(); var allAccessRuls = dSecurity.GetAccessRules(true, true, typeof(SecurityIdentifier)).Cast <FileSystemAccessRule>(); SecurityIdentifier sid = (SecurityIdentifier) new NTAccount(groupName).Translate(typeof(SecurityIdentifier)); foreach (FileSystemAccessRule ace in allAccessRuls) { if (String.Equals(sid.ToString(), ace.IdentityReference.Value, StringComparison.OrdinalIgnoreCase)) { dSecurity.RemoveAccessRuleSpecific(ace); } } dInfo.SetAccessControl(dSecurity); } }