/// <summary>
/// Removes all access rules from the supplied directory.
/// </summary>
/// <param name="path">The path to the directory to remove all access rules from.</param>
/// <param name="security">The DirectorySecurity object of the directory that will be changed.</param>
/// <param name="commitChanges">Indicates whether changes should be commited to this directory. Useful when combining multiple commands.</param>
/// <returns>True if all rules were removed. False if an error occurred.</returns>
static public bool RemoveAllAccessRules(string path, ref DirectorySecurity security, bool commitChanges)
{
// Check whether a path and security object were supplied.
if (!string.IsNullOrEmpty(path) && security != null)
{
// A path and security object were supplied.
// Check whether the path exists.
if (SystemDirectory.Exists(path))
{
// The directory exists.
try
{
// Get all the authorization rules for the directory.
AuthorizationRuleCollection ruleCollection = security.GetAccessRules(true, true, typeof(SecurityIdentifier));
// Remove all the authorization rules for the entry.
foreach (FileSystemAccessRule rule in ruleCollection)
{
security.RemoveAccessRuleSpecific(rule);
}
// Commit the changes if necessary.
if (commitChanges)
{
try
{
SystemDirectory.SetAccessControl(path, security);
}
catch (UnauthorizedAccessException)
{
// The current process does not have access to the directory specified by path.
// Or the current process does not have sufficient privilege to set the ACL entry.
return(false);
}
catch (PlatformNotSupportedException)
{
// The current operating system is not Windows 2000 or later.
return(false);
}
}
return(true);
}
catch
{
// There was an error removing the rules.
return(false);
}
}
else
{
// The directory does not exist.
return(false);
}
}
else
{
// An directory or security object were not supplied.
return(false);
}
}
private static void RemoveAclsFromAccount(string dirPath, string accountToRemove)
{
DirectorySecurity security = Directory.GetAccessControl(dirPath);
DirectoryInfo myDirectoryInfo = new DirectoryInfo(dirPath);
AuthorizationRuleCollection rules = security.GetAccessRules(true, true, typeof(NTAccount));
foreach (FileSystemAccessRule rule in rules)
{
if (rule.IdentityReference.Value.ToLower().Contains(accountToRemove.ToLower()))
{
security.RemoveAccessRuleSpecific(rule);
}
}
myDirectoryInfo.SetAccessControl(security);
}
public void Ex3_RemoveDirPermit()
{
string path = @"..\..\..\TmpFile";
string dir = Path.Combine(path, @"Dir1");
DirectoryInfo directoryInfo = new DirectoryInfo(dir);
//directoryInfo.Create();
DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();
directorySecurity.RemoveAccessRuleSpecific(
new FileSystemAccessRule("everyone",
FileSystemRights.ReadAndExecute,
AccessControlType.Allow));
directoryInfo.SetAccessControl(directorySecurity);
}
public void RemoveGroupFromFolderSecuritySetting(string folderPath, string groupName)
{
DirectoryInfo dInfo = new DirectoryInfo(folderPath);
if (dInfo.Exists)
{
DirectorySecurity dSecurity = dInfo.GetAccessControl();
var allAccessRuls = dSecurity.GetAccessRules(true, true, typeof(SecurityIdentifier)).Cast <FileSystemAccessRule>();
SecurityIdentifier sid = (SecurityIdentifier) new NTAccount(groupName).Translate(typeof(SecurityIdentifier));
foreach (FileSystemAccessRule ace in allAccessRuls)
{
if (String.Equals(sid.ToString(), ace.IdentityReference.Value, StringComparison.OrdinalIgnoreCase))
{
dSecurity.RemoveAccessRuleSpecific(ace);
}
}
dInfo.SetAccessControl(dSecurity);
}
}
