Reset folder permissions to inherited permissions only

Hello experts, I've been trying to write a program that, as part of it, will reset permissions on all subfolders of a given folder back to what's inherited from the root folder only (all explicitly defined permissions removed and inheritance turned on).  So for example, given the following structure:

 +- Share
       +- FolderA
             +- FolderAA
             +- FolderAB
             |    +- FolderABA
             +- FolderAC
                  +- FolderACA
                  +- FolderACB
                  +- FolderACC

If you give the program the location of FolderA, it'll go into FolderAA, FolderAB, FolderAC and all their subfolders (ABA, ACA, ACB, ACC) and reset the permissions to only what they've inherited from FolderA (leaving FolderA's permissions alone).  I've already got the code to get the folder in question (as a string), as well as all the subfolders (in a recursive function, also as a string).  I just can't seem to wrap my head around the access APIs in the amount of spare time I have.  I'm hoping someone can help me out here with a code sample for doing this, and hopefully with some sort of brief description of what it does.

Not sure if the problem description makes sense or is in enough detail, if you need more info, let me know.  Thanks!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Bob LearnedCommented:
What version of .NET do you have?

HatchITAuthor Commented:
Sorry for the delay, work kept me too busy yesterday to get online and check this.

Not sure which you mean, but I assume you want Visual Studio .NET 2003?  Otherwise, I have .NET framework 1.1 and 2.0 installed on the PC as well.
Bob LearnedCommented:
2005 (2.0) has the classes, but 2003 (1.1) doesn't.

Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

HatchITAuthor Commented:
What about the BuildExplicitAccessWithName and SetNamedSecurityInfo functions?  Is there a way to do it with those (and one in other related APIs)?
HatchITAuthor Commented:
Does anyone know anything about those functions and can help me out?
Bob LearnedCommented:
Here is a class that calls CACLS to set path security (including sub-folders):

<Flags()> _
Public Enum UserRights
  ' SetPermissions
End Enum 'UserRights

Public Class SetSecurityPermissions

  Public Shared Function SetSecurityPermissions(ByVal path As String, _
   ByVal user As String, ByVal rights As UserRights, ByVal includeSubFolders As Boolean) As String

    '/E - Edit ACL instead of replacing it
    '/T - Include subdirectories
    '/P - Replace specified user's access rights:  
    ' N=None, R=Read, W=Write, C=Change, F=Full

    Dim p As Process = New Process

    p.StartInfo.FileName = "CACLS"

    Dim arguments As String = path

    If includeSubFolders Then
      arguments &= " /T"
    End If

    arguments &= " /E /P " & user & ":" & rights.ToString().Substring(0, 1)

    p.StartInfo.Arguments = arguments

    p.StartInfo.RedirectStandardInput = True
    p.StartInfo.RedirectStandardOutput = True
    p.StartInfo.RedirectStandardError = True
    p.StartInfo.UseShellExecute = False
    p.StartInfo.WindowStyle = ProcessWindowStyle.Hidden
    p.StartInfo.CreateNoWindow = True


    Dim errorMessage As String = p.StandardError.ReadToEnd()

    If errorMessage.Length > 0 Then
      Throw New Exception(errorMessage)
    End If

    Return p.StandardOutput.ReadToEnd()

    If Not p Is Nothing Then
      p = Nothing
    End If

  End Function   'SetSecurityPermissions

End Class

HatchITAuthor Commented:
Yeah, but I'm not looking to add a user to the permissions; I'm looking to a) remove all explicitly defined permissions from the folder, and b) make sure inheritance is turned on for the folder.  If I'm reading it correctly, what you've given is a way to explicitly add a user to the permission list.  I don't see any way to set inheritance from your sample?  Or am I missing something?
Bob LearnedCommented:
Yeah, inheritance is a little different.  I don't believe that you can use CACLS to set inheritance.  I'll have to look closer.

Bob LearnedCommented:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HatchITAuthor Commented:
Sorry for the delay, I was off on holidays for 5 weeks and forgot to keep an eye on this.  :-/

It looks like the link above is what I was looking for.  Now I just need to read through it all.  :-P  Thanks for your help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Visual Basic.NET

From novice to tech pro — start learning today.