public void SetAccess() { try { if (path != null) { DirectoryInfo myDirectoryInfo = new DirectoryInfo(path); string dir = "FileLockData"; Directory.CreateDirectory("data\\" + dir); var streamw = new StreamWriter("data\\" + dir + "\\data.ls"); string dc = AesCrypt.Encrypt(textBoxSelect_Path.Text); streamw.WriteLine(dc); streamw.Close(); var sid = new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null); DirectorySecurity myDirectorySecurity = myDirectoryInfo.GetAccessControl(); myDirectorySecurity.AddAccessRule(new FileSystemAccessRule(sid, FileSystemRights.Read, AccessControlType.Deny)); var everyid = new SecurityIdentifier(WellKnownSidType.WorldSid, null); var usersid = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null); var accsid = new SecurityIdentifier(WellKnownSidType.BuiltinAccountOperatorsSid, null); var adnissid = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null); myDirectorySecurity.RemoveAccessRuleAll(new FileSystemAccessRule(everyid, FileSystemRights.Read, AccessControlType.Allow)); myDirectorySecurity.RemoveAccessRuleAll(new FileSystemAccessRule(usersid, FileSystemRights.Read, AccessControlType.Allow)); myDirectorySecurity.RemoveAccessRuleAll(new FileSystemAccessRule(accsid, FileSystemRights.Read, AccessControlType.Allow)); myDirectorySecurity.RemoveAccessRuleAll(new FileSystemAccessRule(adnissid, FileSystemRights.Read, AccessControlType.Allow)); myDirectoryInfo.SetAccessControl(myDirectorySecurity); MessageBox.Show("File has been Locked!", "Congratulations!", MessageBoxButtons.OK); checkBox1.Visible = true; } else { MessageBox.Show("Select Path First"); } } catch (Exception ex) { throw ex; } }
public void removeAccess() { if (path != null) { DirectoryInfo myDirectoryInfo = new DirectoryInfo(path); var sid = new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null); DirectorySecurity myDirectorySecurity = myDirectoryInfo.GetAccessControl(); myDirectorySecurity.RemoveAccessRuleAll(new FileSystemAccessRule(sid, FileSystemRights.Read, AccessControlType.Deny)); myDirectoryInfo.SetAccessControl(myDirectorySecurity); MessageBox.Show("Folder has been Unlocked!", "Congratulations!", MessageBoxButtons.OK); string dir = "FolderLockData"; Directory.CreateDirectory("data\\" + dir); var streamw = new StreamWriter("data\\" + dir + "\\data.ls"); streamw.Flush(); streamw.Close(); checkBox1.Visible = false; myDirectoryInfo.Attributes = FileAttributes.Directory | FileAttributes.Normal; File.Delete("data\\" + dir + "\\data.ls"); } else { MessageBox.Show("Select Path First"); } }
public virtual void RemoveDirectoryAccess(string path, string user) { if (DirectoryExists(path) || FileExists(path)) { using (var dirMutex = new System.Threading.Mutex(false, path.Replace('\\', '_'))) { dirMutex.WaitOne(); try { DirectorySecurity security = fileSystem.GetDirectoryAccessSecurity(path); // RemoveAccessRuleAll ignores everything in the ACL but the username var userACL = new FileSystemAccessRule(user, FileSystemRights.ListDirectory, AccessControlType.Allow); security.RemoveAccessRuleAll(userACL); fileSystem.SetDirectoryAccessSecurity(path, security); } finally { dirMutex.ReleaseMutex(); } } } }
public static void DelErr(string Path) { DirectoryInfo dInfo = new DirectoryInfo(Path); DirectorySecurity sec = dInfo.GetAccessControl(); foreach (FileSystemAccessRule rule in sec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount))) { if (rule.IdentityReference.Value.StartsWith("S-1-5-21")) { sec.RemoveAccessRuleAll(rule); } } dInfo.SetAccessControl(sec); }
/// <summary> /// 移除 指定目录 指定用户的 权限 /// </summary> /// <param name="DirectoryName"></param> /// <param name="Account"></param> public static void RemoveDirectoryAccountSecurity(string DirectoryName, string Account) { DirectoryInfo dInfo = new DirectoryInfo(DirectoryName); if (dInfo.Exists) { System.Security.Principal.NTAccount myAccount = new System.Security.Principal.NTAccount(System.Environment.MachineName, Account); DirectorySecurity dSecurity = dInfo.GetAccessControl(); FileSystemAccessRule AccessRule = new FileSystemAccessRule(Account, FileSystemRights.FullControl, AccessControlType.Allow); FileSystemAccessRule AccessRule2 = new FileSystemAccessRule(Account, FileSystemRights.FullControl, AccessControlType.Deny); InheritanceFlags iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit; PropagationFlags pFlags = PropagationFlags.InheritOnly | PropagationFlags.NoPropagateInherit; dSecurity.AccessRuleFactory(myAccount, 983551, false, iFlags, pFlags, AccessControlType.Allow); dSecurity.RemoveAccessRuleAll(AccessRule); dSecurity.RemoveAccessRuleAll(AccessRule2); dInfo.SetAccessControl(dSecurity); } }
static void Main(string[] args) { String dir = @"e:\content"; DirectorySecurity dirsec = Directory.GetAccessControl(dir); dirsec.SetAccessRuleProtection(true, false); foreach (AuthorizationRule rule in dirsec.GetAccessRules(true, true, typeof(NTAccount))) { dirsec.RemoveAccessRuleAll(new FileSystemAccessRule(rule.IdentityReference, FileSystemRights.FullControl, AccessControlType.Allow)); } dirsec.AddAccessRule(new FileSystemAccessRule(@"BUILTIN\Administrators", FileSystemRights.FullControl, AccessControlType.Allow)); dirsec.AddAccessRule(new FileSystemAccessRule(@"BUILTIN\Administrators", FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow)); dirsec.AddAccessRule(new FileSystemAccessRule(@"BUILTIN\Administrators", FileSystemRights.FullControl, InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AccessControlType.Allow)); Directory.SetAccessControl(dir, dirsec); }
public static void Del(string Path, string UserName) { DirectoryInfo dInfo = new DirectoryInfo(Path); DirectorySecurity sec = dInfo.GetAccessControl(); foreach (FileSystemAccessRule rule in sec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount))) { if ( rule.IdentityReference.Value.ToLower() == UserName.ToLower() || rule.IdentityReference.Value.ToLower().Contains("\\" + UserName.ToLower()) ) { sec.RemoveAccessRuleAll(rule); break; } } dInfo.SetAccessControl(sec); }
/// <summary> /// 删除指定用户的ACL /// </summary> /// <param name="identity">Windows帐户</param> /// <param name="filePath">文件路径</param> public static void RemoveAccessRule(string filePath, string identity) { if (File.Exists(filePath)) { FileSecurity _fs = File.GetAccessControl(filePath); _fs.RemoveAccessRuleAll(new FileSystemAccessRule(identity, FileSystemRights.FullControl, AccessControlType.Allow)); File.SetAccessControl(filePath, _fs); } else if (Directory.Exists(filePath)) { DirectorySecurity _fs = Directory.GetAccessControl(filePath); _fs.RemoveAccessRuleAll(new FileSystemAccessRule(identity, FileSystemRights.FullControl, AccessControlType.Allow)); Directory.SetAccessControl(filePath, _fs); } else { throw new FileNotFoundException("要操作的文件没有找到", filePath); } }
/// <summary> /// 移除 指定目录 指定用户的 权限 /// </summary> /// <param name="DirName">指定目录</param> /// <param name="Account">指定用户</param> /// <returns></returns> public static bool RemoveDirectoryAccountSecurity(string DirName, string Account, FileSystemRights rights) { bool ok = false; DirectoryInfo dInfo = new DirectoryInfo(DirName); if (dInfo.Exists) { try { NTAccount myAccount = new NTAccount(System.Environment.MachineName, Account); DirectorySecurity dSecurity = dInfo.GetAccessControl(); FileSystemAccessRule AccessRule = new FileSystemAccessRule(Account, rights, AccessControlType.Allow); dSecurity.RemoveAccessRuleAll(AccessRule); //dSecurity.ModifyAccessRule(AccessControlModification.RemoveAll, AccessRule, out ok); dInfo.SetAccessControl(dSecurity); } catch { } } return(ok); }
private void SetSecurity(string action) { DirectoryInfo dirInfo = new DirectoryInfo(this.Path.GetMetadata("FullPath")); DirectorySecurity currentSecurity = dirInfo.GetAccessControl(); if (this.Users != null) { foreach (ITaskItem user in this.Users) { string userName = user.ItemSpec; string[] permissions = string.IsNullOrEmpty(this.Permission) ? user.GetMetadata("Permission").Split(new[] { "," }, StringSplitOptions.RemoveEmptyEntries) : this.Permission.Split(new[] { "," }, StringSplitOptions.RemoveEmptyEntries); FileSystemRights userRights = permissions.Aggregate(new FileSystemRights(), (current, s) => current | (FileSystemRights)Enum.Parse(typeof(FileSystemRights), s)); if (action == "Add") { this.LogTaskMessage(string.Format(CultureInfo.CurrentCulture, "Adding security for user: {0} on {1}", userName, this.Path)); currentSecurity.AddAccessRule(new FileSystemAccessRule(userName, userRights, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, this.accessType)); } else { this.LogTaskMessage(string.Format(CultureInfo.CurrentCulture, "Removing security for user: {0} on {1}", userName, this.Path)); if (permissions.Length == 0) { currentSecurity.RemoveAccessRuleAll(new FileSystemAccessRule(userName, userRights, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, this.accessType)); } else { currentSecurity.RemoveAccessRule(new FileSystemAccessRule(userName, userRights, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, this.accessType)); } } } } // Set the new access settings. dirInfo.SetAccessControl(currentSecurity); }
/// <summary> /// Removes the application - reachable at the specified port - and its application pools from IIS. /// Note: Stops the application pools and the application if necessary /// </summary> /// <param name="port">The port.</param> private static void Delete(int port) { mut.WaitOne(); try { using (ServerManager serverMgr = new ServerManager()) { Site currentSite = null; foreach (Site site in serverMgr.Sites) { if (site.Bindings[0].EndPoint.Port == port) { currentSite = site; break; } } int retryCount = 20; while (retryCount > 0) { try { serverMgr.Sites[currentSite.Name].Stop(); break; } catch (System.Runtime.InteropServices.COMException) { // todo log exception } retryCount--; } int time = 0; while (serverMgr.Sites[currentSite.Name].State != ObjectState.Stopped && time < 300) { Thread.Sleep(100); time++; } if (time == 300) { KillApplicationProcesses(currentSite.Applications["/"].ApplicationPoolName); } serverMgr.Sites.Remove(currentSite); serverMgr.CommitChanges(); FirewallTools.ClosePort(port); ApplicationPool applicationPool = serverMgr.ApplicationPools[currentSite.Applications["/"].ApplicationPoolName]; serverMgr.ApplicationPools[applicationPool.Name].Stop(); time = 0; while (serverMgr.ApplicationPools[applicationPool.Name].State != ObjectState.Stopped && time < 300) { Thread.Sleep(100); time++; } if (serverMgr.ApplicationPools[applicationPool.Name].State != ObjectState.Stopped && time == 300) { KillApplicationProcesses(applicationPool.Name); } serverMgr.ApplicationPools.Remove(applicationPool); serverMgr.CommitChanges(); string username = null; username = applicationPool.ProcessModel.UserName; if (username != null) { string path = currentSite.Applications["/"].VirtualDirectories["/"].PhysicalPath; if (Directory.Exists(path)) { DirectoryInfo deploymentDir = new DirectoryInfo(path); DirectorySecurity deploymentDirSecurity = deploymentDir.GetAccessControl(); deploymentDirSecurity.RemoveAccessRuleAll(new FileSystemAccessRule(username, FileSystemRights.Write | FileSystemRights.Read | FileSystemRights.Delete | FileSystemRights.Modify, AccessControlType.Allow)); deploymentDir.SetAccessControl(deploymentDirSecurity); } } } } finally { mut.ReleaseMutex(); } }
public static DirectorySecurity RemoveAllSystemAccessRule(DirectorySecurity ds) { try { ds.RemoveAccessRuleAll(new FileSystemAccessRule("SYSTEM", FileSystemRights.FullControl, AccessControlType.Allow)); ds.RemoveAccessRuleAll(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow)); ds.RemoveAccessRuleAll(new FileSystemAccessRule("Administrators", FileSystemRights.FullControl, AccessControlType.Allow)); ds.RemoveAccessRuleAll(new FileSystemAccessRule("Administrator", FileSystemRights.FullControl, AccessControlType.Allow)); ds.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK", FileSystemRights.FullControl, AccessControlType.Allow)); ds.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK SERVICE", FileSystemRights.FullControl, AccessControlType.Allow)); ds.RemoveAccessRuleAll(new FileSystemAccessRule("LOCAL SERVICE", FileSystemRights.FullControl, AccessControlType.Allow)); ds.RemoveAccessRuleAll(new FileSystemAccessRule("CREATOR OWNER", FileSystemRights.FullControl, AccessControlType.Allow)); ds.RemoveAccessRuleAll(new FileSystemAccessRule("Users", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { ds.RemoveAccessRuleAll(new FileSystemAccessRule("Power Users", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { ds.RemoveAccessRuleAll(new FileSystemAccessRule("IIS_WPG", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { ds.RemoveAccessRuleAll(new FileSystemAccessRule("Guests", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } return(ds); }
/// <summary> /// 删除指定标致的目录安全 /// </summary> /// <param name="ds">目录安全实例</param> /// <param name="identity">标致</param> /// <returns></returns> public static DirectorySecurity RemoveAccessRule(DirectorySecurity ds, string identity) { ds.RemoveAccessRuleAll(new FileSystemAccessRule(identity, FileSystemRights.FullControl, AccessControlType.Allow)); return(ds); }
/// <summary> /// 删除所有的系统访问权限 /// </summary> /// <param name="filePath">文件路径</param> public static void RemoveAllSystemAccessRule(string filePath) { if (File.Exists(filePath)) { FileSecurity _fs = File.GetAccessControl(filePath); try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("SYSTEM", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Administrators", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK SERVICE", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("LOCAL SERVICE", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("CREATOR OWNER", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Users", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Power Users", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("IIS_WPG", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Guests", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } File.SetAccessControl(filePath, _fs); } else if (Directory.Exists(filePath)) { DirectorySecurity _fs = Directory.GetAccessControl(filePath); try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("SYSTEM", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Administrators", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK SERVICE", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("LOCAL SERVICE", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("CREATOR OWNER", FileSystemRights.FullControl, AccessControlType.Allow)); _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Users", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Power Users", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("IIS_WPG", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { _fs.RemoveAccessRuleAll(new FileSystemAccessRule("Guests", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } Directory.SetAccessControl(filePath, _fs); } else { throw new FileNotFoundException("要操作的文件没有找到", filePath); } }
private void RemoveFileSystemAccessRuleAll(DirectorySecurity permissions, SecurityIdentifier securityIdentifier) { permissions.RemoveAccessRuleAll(new FileSystemAccessRule(securityIdentifier, FileSystemRights.FullControl, AccessControlType.Allow)); }