Solved

Removed Users Inherited Group from Folder

Posted on 2013-01-15
10
427 Views
Last Modified: 2013-01-20
Hi all,

I have a folder that I create on my local machine and I want it to inherit from the parent, in general. The one group I do not want it to inherit is the built in USERS group.

How can I remove that USERS group from that directory using C#?

The RemoveAccessRule and PurgeAccessRule does not seem to be working.

I know if I manually go in the Security permissions of the folder I can delete the Users group but how can I do that programmatically?

Any assisstance on this would be greatly appreciated.
0
Comment
Question by:davism
  • 5
  • 4
10 Comments
 
LVL 1

Author Comment

by:davism
ID: 38780873
By the way, I am initially creating the folder with:

objDirectorySecurity.SetAccessRuleProtection(true, true);

I want the inherited permissions BUT I want to remove the BUILTIN\USERS. As mentioned I am able to do it manually but how can I do it programmatically?

Any information would be greatly appreciated.
0
 
LVL 9

Accepted Solution

by:
shorvath earned 200 total points
ID: 38782194
0
 
LVL 23

Expert Comment

by:Roopesh Reddy
ID: 38782744
0
 
LVL 1

Author Comment

by:davism
ID: 38783317
roopershreddy,

Yeah, I tried that one. But it didn't work. If you look at the text it states this also:

"The above code will also not work for rules that are inherited.  This is an issue irrelevant of whether it is a local or remote machine.  Inherited rules are not modified by the access rule methods. Instead you have to explicitly remove the inheritance from the file/folder and then you can use the security object to remove the group."

shorvath,

I am looking more into that on what you posted. I wanted to remove the users group from like the "Level 1" in which case "Level 2" and "Level 3" will have everything propogated down from "Level 1".  I thought I already tried that with the SetProtection that I mentioned BUT I will look at it again and see. Maybe I did something wrong. I'm not sure.  I will let you know though ASAP.

If anybody have other findings please let me know.

Thanks
0
 
LVL 23

Expert Comment

by:Roopesh Reddy
ID: 38783694
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 1

Author Comment

by:davism
ID: 38784454
roopeshreddy,

Yeah I saw that one too.  One of the issues with that is the 64-bit - it doesn't work on 64-bit. But I'm not entirely sure of the type of system running this.

One of the things, I thought about and it seems akin or a common theme from what I have seen is to:

1) Save off the inherited permissions from the parent folder in a collection or like a collection.
2) Create the folder with the objDirectorySecurity.SetAccessRuleProtection(true, false);
3) Add the apprioriate rules for the user onto that folder.
4) Iterate through the collection and apply the permissions for the rules with the necessary inheritance and propogation for the account back onto the folder WITH EXCEPTION of the BUILTIN\Users.

The end result should be that have the necessary rights for the folder.

It seems the common theme here is to save off and then reapply the inherited permissions.

That all seem like an approach to take or is there something that you all think I should be aware of?

Thanks
0
 
LVL 23

Assisted Solution

by:Roopesh Reddy
Roopesh Reddy earned 300 total points
ID: 38788189
Hi,

Your solution  looks good for me! Did you tried that solution?

With that, we have good control to the groups added to the folder!

Hope it helps u...
0
 
LVL 1

Author Comment

by:davism
ID: 38789563
I so much apologize. Boy, when it rains it pours!!!

I had coded to take the steps as I mentioned. The I went to debug and suddenly I got the message:

Unable to load DLL 'webengine.dll'. The specified module could not be found.

This just happened out of the blue and my VS 2010 does not work with any web service creation now. Works on others like web sites and GUI's but not web services. I understand that with 2010 a web service is a WCF but you can still create own as a ASP.NET web service if you use .net 3.5.

My VS2008 works fine with the creation of a web service and .net 3.5 but my VS 2010 does not.

I'm not sure what's going on and I've been spending the day trying to fix it so I can test the thought I have.

I will let you know ASAP on the results. By the way, if you have any idea on the error that I'm getting please shed some light because I have tried so much to no avail.

Thanks
0
 
LVL 23

Expert Comment

by:Roopesh Reddy
ID: 38793708
Hi,

Try Repairing your VS 2010!

Hope it helps u...
0
 
LVL 1

Author Closing Comment

by:davism
ID: 38799878
It looks like what I mentioned on the steps is doing exactly what I wanted! Thank you both for the information. It made me think a little more and ultimately on the steps I mentioned I need to do and confirmed by you. Thanks!

With respect to the issue; it is not solved but I had to end up changing the VS 2010 to use the .NET 4 framework for the project. Why it suddenly had to change when it was previously using .NET 2.0 is still a mystery. And I will likely open another question related to VS 2010 and the OS for that.

Again, thanks for the information and confirmation on this issue with the ACL's.

Thanks!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now