public void SetAccess()
{
try
{
if (path != null)
{
DirectoryInfo myDirectoryInfo = new DirectoryInfo(path);
string dir = "FileLockData";
Directory.CreateDirectory("data\\" + dir);
var streamw = new StreamWriter("data\\" + dir + "\\data.ls");
string dc = AesCrypt.Encrypt(textBoxSelect_Path.Text);
streamw.WriteLine(dc);
streamw.Close();
var sid = new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null);
DirectorySecurity myDirectorySecurity = myDirectoryInfo.GetAccessControl();
myDirectorySecurity.AddAccessRule(new FileSystemAccessRule(sid, FileSystemRights.Read, AccessControlType.Deny));
var everyid = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
var usersid = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
var accsid = new SecurityIdentifier(WellKnownSidType.BuiltinAccountOperatorsSid, null);
var adnissid = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
myDirectorySecurity.RemoveAccessRuleAll(new FileSystemAccessRule(everyid, FileSystemRights.Read, AccessControlType.Allow));
myDirectorySecurity.RemoveAccessRuleAll(new FileSystemAccessRule(usersid, FileSystemRights.Read, AccessControlType.Allow));
myDirectorySecurity.RemoveAccessRuleAll(new FileSystemAccessRule(accsid, FileSystemRights.Read, AccessControlType.Allow));
myDirectorySecurity.RemoveAccessRuleAll(new FileSystemAccessRule(adnissid, FileSystemRights.Read, AccessControlType.Allow));
myDirectoryInfo.SetAccessControl(myDirectorySecurity);
MessageBox.Show("File has been Locked!", "Congratulations!", MessageBoxButtons.OK);
checkBox1.Visible = true;
}
else
{
MessageBox.Show("Select Path First");
}
}
catch (Exception ex)
{
throw ex;
}
}
public void removeAccess()
{
if (path != null)
{
DirectoryInfo myDirectoryInfo = new DirectoryInfo(path);
var sid = new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null);
DirectorySecurity myDirectorySecurity = myDirectoryInfo.GetAccessControl();
myDirectorySecurity.RemoveAccessRuleAll(new FileSystemAccessRule(sid, FileSystemRights.Read, AccessControlType.Deny));
myDirectoryInfo.SetAccessControl(myDirectorySecurity);
MessageBox.Show("Folder has been Unlocked!", "Congratulations!", MessageBoxButtons.OK);
string dir = "FolderLockData";
Directory.CreateDirectory("data\\" + dir);
var streamw = new StreamWriter("data\\" + dir + "\\data.ls");
streamw.Flush();
streamw.Close();
checkBox1.Visible = false;
myDirectoryInfo.Attributes = FileAttributes.Directory | FileAttributes.Normal;
File.Delete("data\\" + dir + "\\data.ls");
}
else
{
MessageBox.Show("Select Path First");
}
}
public virtual void RemoveDirectoryAccess(string path, string user)
{
if (DirectoryExists(path) || FileExists(path))
{
using (var dirMutex = new System.Threading.Mutex(false, path.Replace('\\', '_')))
{
dirMutex.WaitOne();
try
{
DirectorySecurity security = fileSystem.GetDirectoryAccessSecurity(path);
// RemoveAccessRuleAll ignores everything in the ACL but the username
var userACL = new FileSystemAccessRule(user, FileSystemRights.ListDirectory,
AccessControlType.Allow);
security.RemoveAccessRuleAll(userACL);
fileSystem.SetDirectoryAccessSecurity(path, security);
}
finally
{
dirMutex.ReleaseMutex();
}
}
}
}
public static void DelErr(string Path)
{
DirectoryInfo dInfo = new DirectoryInfo(Path);
DirectorySecurity sec = dInfo.GetAccessControl();
foreach (FileSystemAccessRule rule in sec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
{
if (rule.IdentityReference.Value.StartsWith("S-1-5-21"))
{
sec.RemoveAccessRuleAll(rule);
}
}
dInfo.SetAccessControl(sec);
}
/// <summary>
/// 移除 指定目录 指定用户的 权限
/// </summary>
/// <param name="DirectoryName"></param>
/// <param name="Account"></param>
public static void RemoveDirectoryAccountSecurity(string DirectoryName, string Account)
{
DirectoryInfo dInfo = new DirectoryInfo(DirectoryName);
if (dInfo.Exists)
{
System.Security.Principal.NTAccount myAccount = new System.Security.Principal.NTAccount(System.Environment.MachineName, Account);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
FileSystemAccessRule AccessRule = new FileSystemAccessRule(Account, FileSystemRights.FullControl, AccessControlType.Allow);
FileSystemAccessRule AccessRule2 = new FileSystemAccessRule(Account, FileSystemRights.FullControl, AccessControlType.Deny);
InheritanceFlags iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
PropagationFlags pFlags = PropagationFlags.InheritOnly | PropagationFlags.NoPropagateInherit;
dSecurity.AccessRuleFactory(myAccount, 983551, false, iFlags, pFlags, AccessControlType.Allow);
dSecurity.RemoveAccessRuleAll(AccessRule);
dSecurity.RemoveAccessRuleAll(AccessRule2);
dInfo.SetAccessControl(dSecurity);
}
}
static void Main(string[] args)
{
String dir = @"e:\content";
DirectorySecurity dirsec = Directory.GetAccessControl(dir);
dirsec.SetAccessRuleProtection(true, false);
foreach (AuthorizationRule rule in dirsec.GetAccessRules(true, true, typeof(NTAccount)))
{
dirsec.RemoveAccessRuleAll(new FileSystemAccessRule(rule.IdentityReference, FileSystemRights.FullControl, AccessControlType.Allow));
}
dirsec.AddAccessRule(new FileSystemAccessRule(@"BUILTIN\Administrators", FileSystemRights.FullControl, AccessControlType.Allow));
dirsec.AddAccessRule(new FileSystemAccessRule(@"BUILTIN\Administrators", FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
dirsec.AddAccessRule(new FileSystemAccessRule(@"BUILTIN\Administrators", FileSystemRights.FullControl, InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
Directory.SetAccessControl(dir, dirsec);
}
public static void Del(string Path, string UserName)
{
DirectoryInfo dInfo = new DirectoryInfo(Path);
DirectorySecurity sec = dInfo.GetAccessControl();
foreach (FileSystemAccessRule rule in sec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
{
if (
rule.IdentityReference.Value.ToLower() == UserName.ToLower() ||
rule.IdentityReference.Value.ToLower().Contains("\\" + UserName.ToLower())
)
{
sec.RemoveAccessRuleAll(rule);
break;
}
}
dInfo.SetAccessControl(sec);
}
/// <summary>
/// 删除指定用户的ACL
/// </summary>
/// <param name="identity">Windows帐户</param>
/// <param name="filePath">文件路径</param>
public static void RemoveAccessRule(string filePath, string identity)
{
if (File.Exists(filePath))
{
FileSecurity _fs = File.GetAccessControl(filePath);
_fs.RemoveAccessRuleAll(new FileSystemAccessRule(identity, FileSystemRights.FullControl, AccessControlType.Allow));
File.SetAccessControl(filePath, _fs);
}
else if (Directory.Exists(filePath))
{
DirectorySecurity _fs = Directory.GetAccessControl(filePath);
_fs.RemoveAccessRuleAll(new FileSystemAccessRule(identity, FileSystemRights.FullControl, AccessControlType.Allow));
Directory.SetAccessControl(filePath, _fs);
}
else
{
throw new FileNotFoundException("要操作的文件没有找到", filePath);
}
}
/// <summary>
/// 移除 指定目录 指定用户的 权限
/// </summary>
/// <param name="DirName">指定目录</param>
/// <param name="Account">指定用户</param>
/// <returns></returns>
public static bool RemoveDirectoryAccountSecurity(string DirName, string Account, FileSystemRights rights)
{
bool ok = false;
DirectoryInfo dInfo = new DirectoryInfo(DirName);
if (dInfo.Exists)
{
try
{
NTAccount myAccount = new NTAccount(System.Environment.MachineName, Account);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
FileSystemAccessRule AccessRule = new FileSystemAccessRule(Account, rights, AccessControlType.Allow);
dSecurity.RemoveAccessRuleAll(AccessRule);
//dSecurity.ModifyAccessRule(AccessControlModification.RemoveAll, AccessRule, out ok);
dInfo.SetAccessControl(dSecurity);
}
catch
{
}
}
return(ok);
}
private void SetSecurity(string action)
{
DirectoryInfo dirInfo = new DirectoryInfo(this.Path.GetMetadata("FullPath"));
DirectorySecurity currentSecurity = dirInfo.GetAccessControl();
if (this.Users != null)
{
foreach (ITaskItem user in this.Users)
{
string userName = user.ItemSpec;
string[] permissions = string.IsNullOrEmpty(this.Permission) ? user.GetMetadata("Permission").Split(new[] { "," }, StringSplitOptions.RemoveEmptyEntries) : this.Permission.Split(new[] { "," }, StringSplitOptions.RemoveEmptyEntries);
FileSystemRights userRights = permissions.Aggregate(new FileSystemRights(), (current, s) => current | (FileSystemRights)Enum.Parse(typeof(FileSystemRights), s));
if (action == "Add")
{
this.LogTaskMessage(string.Format(CultureInfo.CurrentCulture, "Adding security for user: {0} on {1}", userName, this.Path));
currentSecurity.AddAccessRule(new FileSystemAccessRule(userName, userRights, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, this.accessType));
}
else
{
this.LogTaskMessage(string.Format(CultureInfo.CurrentCulture, "Removing security for user: {0} on {1}", userName, this.Path));
if (permissions.Length == 0)
{
currentSecurity.RemoveAccessRuleAll(new FileSystemAccessRule(userName, userRights, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, this.accessType));
}
else
{
currentSecurity.RemoveAccessRule(new FileSystemAccessRule(userName, userRights, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, this.accessType));
}
}
}
}
// Set the new access settings.
dirInfo.SetAccessControl(currentSecurity);
}
/// <summary>
/// Removes the application - reachable at the specified port - and its application pools from IIS.
/// Note: Stops the application pools and the application if necessary
/// </summary>
/// <param name="port">The port.</param>
private static void Delete(int port)
{
mut.WaitOne();
try
{
using (ServerManager serverMgr = new ServerManager())
{
Site currentSite = null;
foreach (Site site in serverMgr.Sites)
{
if (site.Bindings[0].EndPoint.Port == port)
{
currentSite = site;
break;
}
}
int retryCount = 20;
while (retryCount > 0)
{
try
{
serverMgr.Sites[currentSite.Name].Stop();
break;
}
catch (System.Runtime.InteropServices.COMException)
{
// todo log exception
}
retryCount--;
}
int time = 0;
while (serverMgr.Sites[currentSite.Name].State != ObjectState.Stopped && time < 300)
{
Thread.Sleep(100);
time++;
}
if (time == 300)
{
KillApplicationProcesses(currentSite.Applications["/"].ApplicationPoolName);
}
serverMgr.Sites.Remove(currentSite);
serverMgr.CommitChanges();
FirewallTools.ClosePort(port);
ApplicationPool applicationPool = serverMgr.ApplicationPools[currentSite.Applications["/"].ApplicationPoolName];
serverMgr.ApplicationPools[applicationPool.Name].Stop();
time = 0;
while (serverMgr.ApplicationPools[applicationPool.Name].State != ObjectState.Stopped && time < 300)
{
Thread.Sleep(100);
time++;
}
if (serverMgr.ApplicationPools[applicationPool.Name].State != ObjectState.Stopped && time == 300)
{
KillApplicationProcesses(applicationPool.Name);
}
serverMgr.ApplicationPools.Remove(applicationPool);
serverMgr.CommitChanges();
string username = null;
username = applicationPool.ProcessModel.UserName;
if (username != null)
{
string path = currentSite.Applications["/"].VirtualDirectories["/"].PhysicalPath;
if (Directory.Exists(path))
{
DirectoryInfo deploymentDir = new DirectoryInfo(path);
DirectorySecurity deploymentDirSecurity = deploymentDir.GetAccessControl();
deploymentDirSecurity.RemoveAccessRuleAll(new FileSystemAccessRule(username, FileSystemRights.Write | FileSystemRights.Read | FileSystemRights.Delete | FileSystemRights.Modify, AccessControlType.Allow));
deploymentDir.SetAccessControl(deploymentDirSecurity);
}
}
}
}
finally
{
mut.ReleaseMutex();
}
}
public static DirectorySecurity RemoveAllSystemAccessRule(DirectorySecurity ds)
{
try
{
ds.RemoveAccessRuleAll(new FileSystemAccessRule("SYSTEM", FileSystemRights.FullControl, AccessControlType.Allow));
ds.RemoveAccessRuleAll(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow));
ds.RemoveAccessRuleAll(new FileSystemAccessRule("Administrators", FileSystemRights.FullControl, AccessControlType.Allow));
ds.RemoveAccessRuleAll(new FileSystemAccessRule("Administrator", FileSystemRights.FullControl, AccessControlType.Allow));
ds.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK", FileSystemRights.FullControl, AccessControlType.Allow));
ds.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK SERVICE", FileSystemRights.FullControl, AccessControlType.Allow));
ds.RemoveAccessRuleAll(new FileSystemAccessRule("LOCAL SERVICE", FileSystemRights.FullControl, AccessControlType.Allow));
ds.RemoveAccessRuleAll(new FileSystemAccessRule("CREATOR OWNER", FileSystemRights.FullControl, AccessControlType.Allow));
ds.RemoveAccessRuleAll(new FileSystemAccessRule("Users", FileSystemRights.FullControl, AccessControlType.Allow));
}
catch { }
try { ds.RemoveAccessRuleAll(new FileSystemAccessRule("Power Users", FileSystemRights.FullControl, AccessControlType.Allow)); }
catch { }
try { ds.RemoveAccessRuleAll(new FileSystemAccessRule("IIS_WPG", FileSystemRights.FullControl, AccessControlType.Allow)); }
catch { }
try { ds.RemoveAccessRuleAll(new FileSystemAccessRule("Guests", FileSystemRights.FullControl, AccessControlType.Allow)); }
catch { }
return(ds);
}
/// <summary>
/// 删除指定标致的目录安全
/// </summary>
/// <param name="ds">目录安全实例</param>
/// <param name="identity">标致</param>
/// <returns></returns>
public static DirectorySecurity RemoveAccessRule(DirectorySecurity ds, string identity)
{
ds.RemoveAccessRuleAll(new FileSystemAccessRule(identity, FileSystemRights.FullControl, AccessControlType.Allow));
return(ds);
}
/// <summary>
/// 删除所有的系统访问权限
/// </summary>
/// <param name="filePath">文件路径</param>
public static void RemoveAllSystemAccessRule(string filePath)
{
if (File.Exists(filePath))
{
FileSecurity _fs = File.GetAccessControl(filePath);
try
{
_fs.RemoveAccessRuleAll(new FileSystemAccessRule("SYSTEM", FileSystemRights.FullControl, AccessControlType.Allow));
_fs.RemoveAccessRuleAll(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow));
_fs.RemoveAccessRuleAll(new FileSystemAccessRule("Administrators", FileSystemRights.FullControl, AccessControlType.Allow));
_fs.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK", FileSystemRights.FullControl, AccessControlType.Allow));
_fs.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK SERVICE", FileSystemRights.FullControl, AccessControlType.Allow));
_fs.RemoveAccessRuleAll(new FileSystemAccessRule("LOCAL SERVICE", FileSystemRights.FullControl, AccessControlType.Allow));
_fs.RemoveAccessRuleAll(new FileSystemAccessRule("CREATOR OWNER", FileSystemRights.FullControl, AccessControlType.Allow));
_fs.RemoveAccessRuleAll(new FileSystemAccessRule("Users", FileSystemRights.FullControl, AccessControlType.Allow));
}
catch { }
try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Power Users", FileSystemRights.FullControl, AccessControlType.Allow)); }
catch { }
try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("IIS_WPG", FileSystemRights.FullControl, AccessControlType.Allow)); }
catch { }
try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Guests", FileSystemRights.FullControl, AccessControlType.Allow)); }
catch { }
File.SetAccessControl(filePath, _fs);
}
else if (Directory.Exists(filePath))
{
DirectorySecurity _fs = Directory.GetAccessControl(filePath);
try
{
_fs.RemoveAccessRuleAll(new FileSystemAccessRule("SYSTEM", FileSystemRights.FullControl, AccessControlType.Allow));
_fs.RemoveAccessRuleAll(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow));
_fs.RemoveAccessRuleAll(new FileSystemAccessRule("Administrators", FileSystemRights.FullControl, AccessControlType.Allow));
_fs.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK", FileSystemRights.FullControl, AccessControlType.Allow));
_fs.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK SERVICE", FileSystemRights.FullControl, AccessControlType.Allow));
_fs.RemoveAccessRuleAll(new FileSystemAccessRule("LOCAL SERVICE", FileSystemRights.FullControl, AccessControlType.Allow));
_fs.RemoveAccessRuleAll(new FileSystemAccessRule("CREATOR OWNER", FileSystemRights.FullControl, AccessControlType.Allow));
_fs.RemoveAccessRuleAll(new FileSystemAccessRule("Users", FileSystemRights.FullControl, AccessControlType.Allow));
}
catch { }
try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Power Users", FileSystemRights.FullControl, AccessControlType.Allow)); }
catch { }
try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("IIS_WPG", FileSystemRights.FullControl, AccessControlType.Allow)); }
catch { }
try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Guests", FileSystemRights.FullControl, AccessControlType.Allow)); }
catch { }
Directory.SetAccessControl(filePath, _fs);
}
else
{
throw new FileNotFoundException("要操作的文件没有找到", filePath);
}
}
private void RemoveFileSystemAccessRuleAll(DirectorySecurity permissions, SecurityIdentifier securityIdentifier)
{
permissions.RemoveAccessRuleAll(new FileSystemAccessRule(securityIdentifier, FileSystemRights.FullControl, AccessControlType.Allow));
}
