private static void setAccesssToCurrentUserOnly(string filePath) { FileInfo file = new FileInfo(filePath); AuthorizationRuleCollection accessRules = file.GetAccessControl().GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier)); System.Security.AccessControl.FileSecurity fileSecurity = file.GetAccessControl(); IList <FileSystemAccessRule> existsList = new List <FileSystemAccessRule>(); foreach (FileSystemAccessRule rule in accessRules) { //all rule. existsList.Add(rule); } //Add full control to curent user. WindowsIdentity wi = WindowsIdentity.GetCurrent(); IdentityReference ir = wi.User.Translate(typeof(NTAccount)); fileSecurity.AddAccessRule(new FileSystemAccessRule(ir, FileSystemRights.FullControl, AccessControlType.Allow)); //administrators IdentityReference BuiltinAdministrators = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null); fileSecurity.AddAccessRule(new FileSystemAccessRule(BuiltinAdministrators, FileSystemRights.FullControl, AccessControlType.Allow)); //Clear all rules. foreach (FileSystemAccessRule rule in existsList) { if (!rule.IdentityReference.Equals(ir) && !rule.Equals(BuiltinAdministrators)) { fileSecurity.RemoveAccessRuleAll(rule); } } file.SetAccessControl(fileSecurity); }
public static FileSecurity RemoveAllSystemAccessRule(FileSecurity fs) { try { fs.RemoveAccessRuleAll(new FileSystemAccessRule("SYSTEM", FileSystemRights.FullControl, AccessControlType.Allow)); fs.RemoveAccessRuleAll(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow)); fs.RemoveAccessRuleAll(new FileSystemAccessRule("Administrators", FileSystemRights.FullControl, AccessControlType.Allow)); fs.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK", FileSystemRights.FullControl, AccessControlType.Allow)); fs.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK SERVICE", FileSystemRights.FullControl, AccessControlType.Allow)); fs.RemoveAccessRuleAll(new FileSystemAccessRule("LOCAL SERVICE", FileSystemRights.FullControl, AccessControlType.Allow)); fs.RemoveAccessRuleAll(new FileSystemAccessRule("CREATOR OWNER", FileSystemRights.FullControl, AccessControlType.Allow)); fs.RemoveAccessRuleAll(new FileSystemAccessRule("Users", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { fs.RemoveAccessRuleAll(new FileSystemAccessRule("Power Users", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { fs.RemoveAccessRuleAll(new FileSystemAccessRule("IIS_WPG", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } try { fs.RemoveAccessRuleAll(new FileSystemAccessRule("Guests", FileSystemRights.FullControl, AccessControlType.Allow)); } catch { } return fs; }
private static string getAndInitDatabase() { string userDBPath = ""; #if !DEBUG try { using (var mutex = new System.Threading.Mutex(false, "huawei.sccmplugin.db")) { if (mutex.WaitOne(TimeSpan.FromSeconds(60), false)) { var localPath = System.Environment.GetEnvironmentVariable("userprofile");//C:\Users\Public\Huawei\SCCM Plugin var allUserPath = System.Environment.GetEnvironmentVariable("PUBLIC"); userDBPath = Path.Combine(localPath, "Huawei", "SCCM Plugin", "DB", "db.sqlite"); string allDBPath = Path.Combine(allUserPath, "Huawei", "SCCM Plugin", "DB", "db.sqlite"); if (!File.Exists(userDBPath)) { //Init folder. FileInfo file = new FileInfo(userDBPath); if (!file.Directory.Exists) { file.Directory.Create(); } //Copy if (File.Exists(allDBPath)) { File.Copy(allDBPath, userDBPath); } AuthorizationRuleCollection accessRules = file.GetAccessControl().GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier)); System.Security.AccessControl.FileSecurity fileSecurity = file.GetAccessControl(); IList <FileSystemAccessRule> existsList = new List <FileSystemAccessRule>(); foreach (FileSystemAccessRule rule in accessRules) { //all rule. existsList.Add(rule); } //Add full control to curent user. WindowsIdentity wi = WindowsIdentity.GetCurrent(); IdentityReference ir = wi.User.Translate(typeof(NTAccount)); fileSecurity.AddAccessRule(new FileSystemAccessRule(ir, FileSystemRights.FullControl, AccessControlType.Allow)); //administrators IdentityReference BuiltinAdministrators = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null); fileSecurity.AddAccessRule(new FileSystemAccessRule(BuiltinAdministrators, FileSystemRights.FullControl, AccessControlType.Allow)); //Clear all rules. foreach (FileSystemAccessRule rule in existsList) { if (!rule.IdentityReference.Equals(ir) && !rule.Equals(BuiltinAdministrators)) { fileSecurity.RemoveAccessRuleAll(rule); } } file.SetAccessControl(fileSecurity); } } } } catch (Exception se) { LogUtil.HWLogger.API.Error(se); throw; } #endif return(userDBPath); }