private DirectorySecurity GetServiceDirectorySecurity(string serviceDataRootPath) { DirectorySecurity serviceDataRootSecurity; if (Directory.Exists(serviceDataRootPath)) { this.tracer.RelatedInfo($"{nameof(this.GetServiceDirectorySecurity)}: {serviceDataRootPath} exists, modifying ACLs."); serviceDataRootSecurity = Directory.GetAccessControl(serviceDataRootPath); } else { this.tracer.RelatedInfo($"{nameof(this.GetServiceDirectorySecurity)}: {serviceDataRootPath} does not exist, creating new ACLs."); serviceDataRootSecurity = new DirectorySecurity(); } // Protect the access rules from inheritance and remove any inherited rules serviceDataRootSecurity.SetAccessRuleProtection(isProtected: true, preserveInheritance: false); // Remove any existing ACLs and add new ACLs for users and admins WindowsFileSystem.RemoveAllFileSystemAccessRulesFromDirectorySecurity(serviceDataRootSecurity); WindowsFileSystem.AddUsersAccessRulesToDirectorySecurity(serviceDataRootSecurity, grantUsersModifyPermissions: false); WindowsFileSystem.AddAdminAccessRulesToDirectorySecurity(serviceDataRootSecurity); return(serviceDataRootSecurity); }