public void SetSecurityDescriptor(string path, ObjectSecurity securityDescriptor) { GenericObjectSecurity obj_security = securityDescriptor as GenericObjectSecurity; if (obj_security != null) { using (NtDirectory dir = GetPathDirectory(path)) { ObjectDirectoryInformation dir_info = GetEntry(dir, path); if (dir_info == null) { throw new NtException(NtStatus.STATUS_OBJECT_NAME_NOT_FOUND); } using (NtObject obj = dir_info.Open(GenericAccessRights.WriteDac)) { obj_security.PersistHandle(obj.Handle); } } } }
private static void AddUserToCurrentWindowStationDesktop(string username) { IntPtr winsta = GetProcessWindowStation(); IntPtr desktop = GetThreadDesktop(GetCurrentThreadId()); SecurityIdentifier ident = GetWindowsIdentity(username).User; GenericObjectSecurity <WindowStationRights> winsec = new GenericObjectSecurity <WindowStationRights>(false, ResourceType.WindowObject, new GenericSafeHandle(winsta, null), AccessControlSections.Access); if (winsec.GetAccessRules().Where(r => r.IdentityReference == ident).Count() == 0) { winsec.AddAccessRule(new AccessRule <WindowStationRights>(ident, WindowStationRights.AllAccess, AccessControlType.Allow)); winsec.Commit(); } GenericObjectSecurity <DesktopRights> desksec = new GenericObjectSecurity <DesktopRights>(false, ResourceType.WindowObject, new GenericSafeHandle(desktop, null), AccessControlSections.Access); if (desksec.GetAccessRules().Where(r => r.IdentityReference == ident).Count() == 0) { desksec.AddAccessRule(new AccessRule <DesktopRights>(GetWindowsIdentity(username).User, DesktopRights.AllAccess, AccessControlType.Allow)); desksec.Commit(); } }