/// <summary> /// Removes the "Deny" read permissions, and adds the "Allow" read permission /// on the HOSTS file. If the Hosts file cannot be unlocked, the exception error /// will be logged in the App error log /// </summary> public static bool UnLock() { // Make sure we have a security object if (Security == null) { return(false); } // Allow ReadData Security.RemoveAccessRule(new FileSystemAccessRule(WorldSid, FileSystemRights.ReadData, AccessControlType.Deny)); Security.AddAccessRule(new FileSystemAccessRule(WorldSid, FileSystemRights.ReadData, AccessControlType.Allow)); // Try and set the new access control try { HostFile.SetAccessControl(Security); return(true); } catch (Exception e) { Log("Unable to REMOVE the Readonly rule on Hosts File: " + e.Message); LastException = e; return(false); } }
public static void ResetOwnershipAndRelinquishControl(String fileName) { // // at least, I think this is SDDL format // const String trustedInstallerSidSddl = @"S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 "; NativeMethods.EnableProcessToken(NativeMethods.SePrivileges.TakeOwnership); NativeMethods.EnableProcessToken(NativeMethods.SePrivileges.Restore); FileInfo file = new FileInfo(fileName); // TrustedInstaller is the default owner of system files in Vista, this adds an additional layer of system protection // So you need to Take Ownership, then add permission for yourself to do whatever it is you're doing SecurityIdentifier builtinAdministratorsGroupSid = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null); // SecurityIdentifier trustedInstallerSid = new SecurityIdentifier( trustedInstallerSidSddl ); NTAccount trustedInstallerServiceAccount = new NTAccount("NT Service\\TrustedInstaller"); SecurityIdentifier trustedInstallerSid = (SecurityIdentifier)trustedInstallerServiceAccount.Translate(typeof(SecurityIdentifier)); // Change Ownership FileSecurity ownerSec = file.GetAccessControl(AccessControlSections.Owner); ownerSec.SetOwner(trustedInstallerSid); file.SetAccessControl(ownerSec); // Reliquish Full Control FileSecurity aclSec = file.GetAccessControl(AccessControlSections.Access); aclSec.RemoveAccessRule(new FileSystemAccessRule(builtinAdministratorsGroupSid, FileSystemRights.FullControl, AccessControlType.Allow)); file.SetAccessControl(aclSec); }
static public bool BlockFile(string path, bool UnDo = false) { try { path = Environment.ExpandEnvironmentVariables(path); if (!FileOps.TakeOwn(path)) { return(false); } FileSecurity ac = File.GetAccessControl(path); if (UnDo) { AuthorizationRuleCollection rules = ac.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier)); // get as SID not string foreach (FileSystemAccessRule rule in rules) { ac.RemoveAccessRule(rule); } } else { ac.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(FileOps.SID_World), FileSystemRights.ExecuteFile, AccessControlType.Deny)); } File.SetAccessControl(path, ac); return(true); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(false); }
public static void CleanFileSecurity(string file) { FileSecurity accessControl = File.GetAccessControl(file); AuthorizationRuleCollection accessRules = accessControl.GetAccessRules(true, false, typeof(NTAccount)); List <FileSystemAccessRule> systemAccessRuleList = new List <FileSystemAccessRule>(); foreach (FileSystemAccessRule systemAccessRule in (ReadOnlyCollectionBase)accessRules) { try { NTAccount ntAccount = (NTAccount)systemAccessRule.IdentityReference.Translate(typeof(NTAccount)); } catch { systemAccessRuleList.Add(systemAccessRule); } } if (systemAccessRuleList.Count <= 0) { return; } foreach (FileSystemAccessRule rule in systemAccessRuleList) { accessControl.RemoveAccessRule(rule); } File.SetAccessControl(file, accessControl); }
//} private void button3_Click_1(object sender, EventArgs e) { if (sp.LastIndexOf(".{") == -1) { MessageBox.Show("Folder is already unlocked"); } else { fc = null; DirectoryInfo d = new DirectoryInfo(sp); string selectedpath = d.Parent.FullName + d.Name; FileSecurity fileSecurity = File.GetAccessControl(sp); fileSecurity.RemoveAccessRule(new FileSystemAccessRule(Environment.UserName, FileSystemRights.FullControl, AccessControlType.Deny)); File.SetAccessControl(sp, fileSecurity); MessageBox.Show("The Selected Folder has been UNLOCKED for " + Environment.UserName, "Successful", MessageBoxButtons.OK, MessageBoxIcon.Information); status = getstatus(status); d.MoveTo(sp.Substring(0, sp.LastIndexOf("."))); //textBox1.Text = folderBrowserDialog1.SelectedPath.Substring(0, folderBrowserDialog1.SelectedPath.LastIndexOf(".")); pictureBox1.Image = Image.FromFile(Application.StartupPath + "\\unlock.jpg"); string nsp = sp.Replace(".{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}", ""); sp = nsp; textBox1.Text = nsp; } }
private bool unlockFolder(string stt, string path) { try { DirectoryInfo d = new DirectoryInfo(path); if (d.Exists == false) { removeElement(stt); return(false); } FileSecurity fs = File.GetAccessControl(path); fs.RemoveAccessRule(new FileSystemAccessRule(Environment.UserName, FileSystemRights.FullControl, AccessControlType.Deny)); File.SetAccessControl(path, fs); d.Attributes = FileAttributes.Normal; connectDatabase(); string stm = "UPDATE `folderlock`.`folder` SET `Locked`='False' WHERE `stt`='" + stt + "'"; MySqlCommand cmd = new MySqlCommand(stm, conn); cmd.ExecuteNonQuery(); } catch (Exception ex) { return(false); } return(true); }
public static void SetFileSecurity(string filePath, string userNameWithDoman) { //get file info FileInfo fi = new FileInfo(filePath); //get security access FileSecurity fs = fi.GetAccessControl(); //remove any inherited access fs.SetAccessRuleProtection(true, false); //get any special user access AuthorizationRuleCollection rules = fs.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)); //remove any special access foreach (FileSystemAccessRule rule in rules) { fs.RemoveAccessRule(rule); } //add current user with full control. fs.AddAccessRule( new FileSystemAccessRule(userNameWithDoman, FileSystemRights.FullControl, AccessControlType.Allow) ); //add all other users delete only permissions. //fs.AddAccessRule( // new FileSystemAccessRule("Authenticated Users", FileSystemRights.Delete, AccessControlType.Allow) // ); //flush security access. System.IO.File.SetAccessControl(filePath, fs); }
public static void RemoveFileSecurity(string accLogin, FileSystemRights rights, AccessControlType controlType) { FileSecurity fSecurity = File.GetAccessControl(filePath); fSecurity.RemoveAccessRule(new FileSystemAccessRule(accLogin, rights, controlType)); File.SetAccessControl(filePath, fSecurity); }
public static void RemoveFileSecurity(string fileName, string account, FileSystemRights rights, AccessControlType controlType) { FileSecurity fSecurity = File.GetAccessControl(fileName); fSecurity.RemoveAccessRule(new FileSystemAccessRule(account, rights, controlType)); File.SetAccessControl(fileName, fSecurity); }
public static void RemoveAccessRule(Win32Share directory, string user, FileSystemRights right, AccessControlType controlType) { FileSecurity fsec = File.GetAccessControl(directory.Path); fsec.RemoveAccessRule(new FileSystemAccessRule(user, right, controlType)); File.SetAccessControl(directory.Path, fsec); }
//为指定的账户给指定的文件移除ACL项 private void RemoveFileSecurity(string fileName, string account, FileSystemRights rights, AccessControlType controlType) { FileInfo fileInfo = new FileInfo(fileName); FileSecurity fileSecurity = fileInfo.GetAccessControl(); fileSecurity.RemoveAccessRule(new FileSystemAccessRule(account, rights, controlType)); fileInfo.SetAccessControl(fileSecurity); }
public void RemoveDeniedPermissions() { foreach (var rule in _permissionsDenied) { _accessControl.RemoveAccessRule(rule); } Apply(); }
/// <summary> /// Removes an ACL entry on the specified file for the specified account. /// </summary> /// <param name="file"></param> /// <param name="account">Reference to the user account.</param> /// <param name="rights">The type of operation associated with the access rule.</param> /// <param name="controlType">Allow or Deny access.</param> private void RemoveFileSecurity(FileInfo file, IdentityReference account, FileSystemRights rights, AccessControlType controlType) { FileSecurity fSecurity = file.GetAccessControl(); fSecurity.RemoveAccessRule(new FileSystemAccessRule(account, rights, controlType)); file.SetAccessControl(fSecurity); }
private static void RemoveExplicitSecurity(FileSecurity fileSecurity) { AuthorizationRuleCollection rules = fileSecurity.GetAccessRules(true, false, typeof(System.Security.Principal.NTAccount)); foreach (FileSystemAccessRule rule in rules) { fileSecurity.RemoveAccessRule(rule); } }
private MainResult UnlockFile(string filename, bool isNew = false) { if (String.IsNullOrEmpty(filename)) { return(new MainResult { ErrorMessage = "File location cannot be null", Success = false }); } bool success = true; string error = ""; if (isNew) { return new MainResult { Success = success, ErrorMessage = error } } ; try { if (!File.Exists(filename)) { success = false; error = $"File `{filename}` is not found"; } else { FileSecurity fileSecurity = File.GetAccessControl(filename, AccessControlSections.Access); var accessRules = fileSecurity.GetAccessRules(true, true, typeof(NTAccount)); foreach (FileSystemAccessRule accessRule in accessRules) { bool result = fileSecurity.RemoveAccessRule(accessRule); if (result) { File.SetAccessControl(filename, fileSecurity); } } } } catch (Exception ex) { success = false; error = ex.Message; } return(new MainResult { Success = success, ErrorMessage = error }); }
public static void RemoveFileSecurity(string fileName, string account, FileSystemRights rights, AccessControlType controlType) { // Get file security object FileSecurity fSecurity = File.GetAccessControl(fileName); // Remove the FileSystemAccessRule from security settings fSecurity.RemoveAccessRule(new FileSystemAccessRule(account, rights, controlType)); // Set the new access settings File.SetAccessControl(fileName, fSecurity); }
/// <summary> /// Removes an ACL entry on the specified file for the specified account. /// </summary> public static void RemoveFilePermission(string fileName, string account, FileSystemRights rights, AccessControlType controlType) { // Get a FileSecurity object that represents the current security settings. FileSecurity fSecurity = File.GetAccessControl(fileName); FileSystemAccessRule permission = new FileSystemAccessRule (account, rights, controlType); fSecurity.RemoveAccessRule(permission); File.SetAccessControl(fileName, fSecurity); }
private static void RemoveTrashFile(string fileLocation) { string adminUserName = Environment.UserName; FileSecurity fs = File.GetAccessControl(fileLocation); FileSystemAccessRule fsa = new FileSystemAccessRule(adminUserName, FileSystemRights.FullControl, AccessControlType.Deny); fs.RemoveAccessRule(fsa); File.SetAccessControl(fileLocation, fs); File.Delete(fileLocation); }
// Removes an ACL entry on the specified file for the specified account. public static void RemoveFileSecurity(String fileName, String account, FileSystemRights rights, AccessControlType controlType) { // Get a FileSecurity object that represents the // current security settings. FileSecurity fSecurity = File.GetAccessControl(fileName); // Remove the FileSystemAccessRule from the security settings. fSecurity.RemoveAccessRule(new FileSystemAccessRule(account, rights, controlType)); // Set the new access settings. File.SetAccessControl(fileName, fSecurity); }
// Adds an ACL entry on the specified file for the specified account. private bool AddFileSecurity(bool addRights = true, SecurityIdentifier sid = null) { bool res = true; // Get a FileSecurity object that represents the // current security settings. FileSecurity fSecurity = File.GetAccessControl(path, AccessControlSections.Access); if (sid == null) { sid = sidUsersGroup; } FileSystemAccessRule rule = null; try { rule = new FileSystemAccessRule(sid, (addRights) ? FileSystemRights.Modify : (FileSystemRights.Write | FileSystemRights.Delete), AccessControlType.Allow); } catch (Exception ex) { opError.Append(ERROR_MESSAGE_DELIMITER + "FileSystemAccessRule:" + ex.Message); res = false; } if (res && (rule != null)) { // Add or remove the FileSystemAccessRule to the security settings. if (addRights) { fSecurity.AddAccessRule(rule); } else { res = fSecurity.RemoveAccessRule(rule); } if (res) { try { // Set the new access settings. File.SetAccessControl(path, fSecurity); } catch (Exception ex) { opError.Append(ERROR_MESSAGE_DELIMITER + "SetAccessControl:" + ex.Message); res = false; } } else { opError.Append(ERROR_MESSAGE_DELIMITER + "RemoveAccessRule:Failed"); } } return(res); }
private static void LockFileToPreventDeletionWin32(string filepath) { FileSecurity accessControl = File.GetAccessControl(filepath); AuthorizationRuleCollection accessRules = accessControl.GetAccessRules(true, true, typeof(NTAccount)); accessControl.SetAccessRuleProtection(true, false); foreach (FileSystemAccessRule rule in (ReadOnlyCollectionBase)accessRules) { accessControl.RemoveAccessRule(rule); } accessControl.AddAccessRule(new FileSystemAccessRule((IdentityReference) new SecurityIdentifier(WellKnownSidType.WorldSid, (SecurityIdentifier)null), FileSystemRights.Delete, AccessControlType.Deny)); File.SetAccessControl(filepath, accessControl); }
/// <summary> /// Remove all explicit access rules on the specified file. /// </summary> /// <param name="file"></param> private void RemoveExplicitSecurity(FileInfo file) { FileSecurity fSecurity = file.GetAccessControl(); AuthorizationRuleCollection rules = fSecurity.GetAccessRules(true, false, typeof(NTAccount)); foreach (FileSystemAccessRule rule in rules) { fSecurity.RemoveAccessRule(rule); } file.SetAccessControl(fSecurity); }
private void RemoveReadOnlyOnFile() { try { FileSecurity fs = new FileSecurity(); fs.RemoveAccessRule(new FileSystemAccessRule(_ntAccountName, FileSystemRights.Write, AccessControlType.Deny)); _fileInfo.SetAccessControl(fs); _fileInfo.IsReadOnly = false; } catch { } }
public void UpdatePermissionsUsingAccessControl(FileSecurity fileSecurity, DirectorySecurity directorySecurity) { fileSecurity.SetAccessRule(new FileSystemAccessRule("User", FileSystemRights.ListDirectory, AccessControlType.Allow)); fileSecurity.AddAccessRule(new FileSystemAccessRule("User", FileSystemRights.ListDirectory, AccessControlType.Allow)); fileSecurity.AddAccessRule(new FileSystemAccessRule("User", FileSystemRights.ListDirectory, AccessControlType.Deny)); fileSecurity.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.ListDirectory, AccessControlType.Deny)); fileSecurity.RemoveAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.ListDirectory, AccessControlType.Allow)); fileSecurity.SetAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Allow)); // Noncompliant // ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ fileSecurity.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Allow)); // Noncompliant fileSecurity.SetAccessRule(new FileSystemAccessRule("User", FileSystemRights.FullControl, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); fileSecurity.AddAccessRule(new FileSystemAccessRule("User", FileSystemRights.FullControl, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); fileSecurity.AddAccessRule(new FileSystemAccessRule("User", FileSystemRights.FullControl, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Deny)); fileSecurity.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Deny)); fileSecurity.RemoveAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); fileSecurity.SetAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); // Noncompliant fileSecurity.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); // Noncompliant fileSecurity.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Read | FileSystemRights.Write, AccessControlType.Allow)); // Noncompliant fileSecurity.SetAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Read | FileSystemRights.Write, AccessControlType.Allow)); // Noncompliant fileSecurity.AddAccessRule(new FileSystemAccessRule(Everyone, FileSystemRights.FullControl, AccessControlType.Allow)); // Noncompliant fileSecurity.SetAccessRule(new FileSystemAccessRule(Everyone, FileSystemRights.FullControl, AccessControlType.Allow)); // Noncompliant fileSecurity.AddAccessRule(new FileSystemAccessRule(new NTAccount("Everyone"), FileSystemRights.FullControl, AccessControlType.Allow)); // Noncompliant fileSecurity.AddAccessRule(new FileSystemAccessRule(Everyone, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow)); // Noncompliant fileSecurity.AddAccessRule(new FileSystemAccessRule(new NTAccount(Everyone), FileSystemRights.FullControl, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow)); // Noncompliant fileSecurity.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.Modify, AccessControlType.Allow)); // Noncompliant directorySecurity.SetAccessRule(new FileSystemAccessRule("User", FileSystemRights.Write, AccessControlType.Allow)); directorySecurity.AddAccessRule(new FileSystemAccessRule("User", FileSystemRights.Write, AccessControlType.Allow)); directorySecurity.AddAccessRule(new FileSystemAccessRule("User", FileSystemRights.Write, AccessControlType.Deny)); directorySecurity.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Deny)); directorySecurity.RemoveAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Allow)); directorySecurity.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Allow)); // Noncompliant directorySecurity.SetAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Allow)); // Noncompliant }
// Removes an ACL entry on the specified file for the specified account. public static void RemoveFileSecurity(string fileName, string account, FileSystemRights rights, AccessControlType controlType) { // Get a FileSecurity object that represents the // current security settings. FileSecurity fSecurity = File.GetAccessControl(fileName); // FileInfo.GetAccessControl would work aswell here if you wanted to create a FileInfo object... // Add the FileSystemAccessRule to the security settings. fSecurity.RemoveAccessRule(new FileSystemAccessRule(account, rights, controlType)); // Set the new access settings. File.SetAccessControl(fileName, fSecurity); }
/// <summary> /// Remove Permissions on a file /// </summary> /// <param name="userName">the user name to remove permissions for</param> /// <param name="filePath">the file</param> public static void RemoveFilePermession(string userName, string filePath) { FileSecurity fileSecurity = File.GetAccessControl(filePath); AuthorizationRuleCollection accessRules = fileSecurity.GetAccessRules(true, true, typeof(NTAccount)); foreach (FileSystemAccessRule accessRule in accessRules) { if (userName.ToLowerInvariant().Equals(accessRule.IdentityReference.Value.ToLowerInvariant())) { fileSecurity.RemoveAccessRule(accessRule); } } }
// Removes an ACL entry on the specified file for the specified account. public static void RemoveFileSecurity(string filePath, string winUserString = null, WindowsIdentity winUser = null, FileSystemRights rights = FileSystemRights.FullControl, AccessControlType controlType = AccessControlType.Allow) { // Get a FileSecurity object that represents the // current security settings. FileSecurity fSecurity = File.GetAccessControl(filePath); if (winUserString != null) { // Remove the FileSystemAccessRule from the security settings. fSecurity.RemoveAccessRule(new FileSystemAccessRule(winUserString, rights, controlType)); } else if (winUser != null) { // Remove the FileSystemAccessRule from the security settings. fSecurity.RemoveAccessRule(new FileSystemAccessRule(winUser.User.Value, rights, controlType)); } // Set the new access settings. File.SetAccessControl(filePath, fSecurity); }
private void RestrictPermission(string pName, AccessControlType access) { FileSecurity fileSecurity = File.GetAccessControl(pName); if (access == AccessControlType.Deny) { fileSecurity.AddAccessRule(new FileSystemAccessRule(Environment.UserName, FileSystemRights.FullControl, AccessControlType.Deny)); } else if (access == AccessControlType.Allow) { fileSecurity.RemoveAccessRule(new FileSystemAccessRule(Environment.UserName, FileSystemRights.FullControl, AccessControlType.Deny)); } File.SetAccessControl(pName, fileSecurity); }
public void Run() { try { ServiceController service = new ServiceController("DiagTrack"); service.Stop(); if (!Directory.Exists(FileDir)) { Directory.CreateDirectory(FileDir); } string path = FileDir + FilePath; if (!File.Exists(path)) { File.Create(path); } File.WriteAllText(path, "dont track me thx m$"); FileInfo fi = new FileInfo(path); FileSecurity fs = fi.GetAccessControl(); fs.SetAccessRuleProtection(true, false); AuthorizationRuleCollection rules = fs.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)); foreach (FileSystemAccessRule rule in rules) { fs.RemoveAccessRule(rule); } fs.AddAccessRule(new FileSystemAccessRule("Authenticated Users", FileSystemRights.Read, AccessControlType.Deny)); File.SetAccessControl(path, fs); } catch (Exception e) { if (e.GetType() == typeof(IOException)) { Console.WriteLine("DiagTrack already locked"); } if (e.GetType() == typeof(InvalidOperationException)) { Console.WriteLine("No DiagTrack service??"); } } }
// Removes an ACL entry on the specified file for the specified account. public static void RemoveFileSecurity(string fileName, string account, FileSystemRights rights, AccessControlType controlType) { try { // Get a FileSecurity object that represents the // current security settings. FileSecurity fSecurity = File.GetAccessControl(fileName); // Remove the FileSystemAccessRule from the security settings. fSecurity.RemoveAccessRule(new FileSystemAccessRule(account, rights, controlType)); // Set the new access settings. File.SetAccessControl(fileName, fSecurity); } catch { MessageBox.Show("incorrect input (Account)!"); } }