// Removes an ACL entry on the specified file for the specified account. public static void RemoveFileAuditRule(string FileName, string Account, FileSystemRights Rights, AuditFlags AuditRule) { // Get a FileSecurity object that represents the // current security settings. FileSecurity fSecurity = File.GetAccessControl(FileName); // Add the FileSystemAuditRule to the security settings. fSecurity.RemoveAuditRule(new FileSystemAuditRule(Account, Rights, AuditRule)); // Set the new access settings. File.SetAccessControl(FileName, fSecurity); }
public void RemoveAuditRule_Succeeds() { var auditRule = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.Read | FileSystemRights.Write, AuditFlags.Failure); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRule); AuthorizationRuleCollection rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, rules.Count); Assert.True(fileSecurity.RemoveAuditRule(new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.Write, AuditFlags.Failure))); rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, rules.Count); var existingRule = (FileSystemAuditRule)rules[0]; Assert.Equal(FileSystemRights.Read, existingRule.FileSystemRights); Assert.Equal(AuditFlags.Failure, existingRule.AuditFlags); Assert.Equal(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), existingRule.IdentityReference); }
public void RemoveAuditRule_Succeeds() { var auditRule = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.Read | FileSystemRights.Write, AuditFlags.Failure); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRule); AuthorizationRuleCollection rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, rules.Count); Assert.True(fileSecurity.RemoveAuditRule(new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.Write, AuditFlags.Failure))); rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, rules.Count); var existingRule = (FileSystemAuditRule)rules[0]; Assert.Equal(FileSystemRights.Read, existingRule.FileSystemRights); Assert.Equal(AuditFlags.Failure, existingRule.AuditFlags); Assert.Equal(new NTAccount(@"NT AUTHORITY\SYSTEM"), existingRule.IdentityReference); }