Link to home
Start Free TrialLog in
Avatar of WTarlton
WTarlton

asked on

VB.NET 2010 Adding permissions to a folder

Hi all,

I am in need of assistance. I am currently trying to write a tool to help move my work network from Novell file system to NTFS. I am using System.Security.AccessControl to add NTFS permissions to folders. I am following this example per Microsoft:

http://msdn.microsoft.com/en-us/library/d49cww7f.aspx?cs-save-lang=1&cs-lang=vb#code-snippet-2

The problem I'm running into is after my program has created the folder and applied the security rights they are showing up as "special permissions".

How do I just make them the normal rights which show up in the main permissions window if this makes sense?


Thanks
Avatar of WTarlton
WTarlton

ASKER

Not sure whats going on with this but for some reason when I pick "ReadAndExecute" rights it adds it normally but under "list folder contents".

Im guessing that there are a few more attributes assigned to "ReadAndExecute" and then what I am trying to assign so it has to convert it into "special"
ASKER CERTIFIED SOLUTION
Avatar of WTarlton
WTarlton

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Here is the code just incase:


    Friend Enum DirectoryPermission
        Full
        Modify
        AllExceptModifyAndFull
        ReadAndExecute
        ListContents
        Read
        Write
        None
    End Enum

 Private Sub SetDirectoryPermissions(ByVal Directory As String, ByVal Permissions As DirectoryPermission, Optional ByVal Domain As String = Nothing, Optional ByVal User As String = Nothing)
        ' Get the ACL for the directory just created
        Dim oACL As Security.AccessControl.DirectorySecurity = IO.Directory.GetAccessControl(IO.Path.GetDirectoryName(Directory), Security.AccessControl.AccessControlSections.Access)

        Dim oUserSid As Security.Principal.SecurityIdentifier
        If Not IsNothing(Domain) AndAlso Not IsNothing(User) Then
            oUserSid = New Security.Principal.NTAccount(Domain, User).Translate(GetType(Security.Principal.SecurityIdentifier))
        ElseIf Not IsNothing(User) Then
            oUserSid = New Security.Principal.NTAccount(User).Translate(GetType(Security.Principal.SecurityIdentifier))
        Else
            ' Create a security Identifier for the BUILTIN\Users group to be passed to the new access rule
            oUserSid = New Security.Principal.SecurityIdentifier(Security.Principal.WellKnownSidType.BuiltinUsersSid, Nothing)
        End If

        Dim lRights As Long
        Dim lInheritance As Long
        Select Case Permissions
            Case DirectoryPermission.Full
                lRights = Security.AccessControl.FileSystemRights.FullControl
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.Modify
                lRights = Security.AccessControl.FileSystemRights.Modify Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.ReadAndExecute
                lRights = Security.AccessControl.FileSystemRights.ReadAndExecute Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.AllExceptModifyAndFull
                lRights = Security.AccessControl.FileSystemRights.Write Or Security.AccessControl.FileSystemRights.ReadAndExecute Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.ListContents
                lRights = Security.AccessControl.FileSystemRights.ReadAndExecute Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit
            Case DirectoryPermission.Read
                lRights = Security.AccessControl.FileSystemRights.Read Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.Write
                lRights = Security.AccessControl.FileSystemRights.Write Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case Else
                ' No rights
                lRights = 0
                lInheritance = 0
        End Select

        ' Create the rule that needs to be added to the ACL
        Dim oRule As New Security.AccessControl.FileSystemAccessRule(oUserSid,
                                                                     lRights,
                                                                     lInheritance,
                                                                     Security.AccessControl.PropagationFlags.None,
                                                                     Security.AccessControl.AccessControlType.Allow)

        ' Add the new rule to our ACL
        oACL.AddAccessRule(oRule)

        ' Update the directory to include the new rules created
        System.IO.Directory.SetAccessControl(Directory, oACL)