Hi Everyone
I am trying to set and retrieve NTFS permssions for
fileshares on remote machine using ActiveDs Interop. It works for domain
groups and users but when try to retrieve permssions for local groups and
users it gives me dangling SIDs. While setting permssions how can I indicate
whether the user or group is local or a domain group ?.
Following is the code snippet I am using for retrieving permissions
string folderPath = @"\\machinename\e$\test";
IADsAccessControlList daclnew ;
ADsSecurityUtilityClass secuUtil = new ADsSecurityUtilityClass();
//Getting security decriptor
object ob = secuUtil.GetSecurityDescriptor(
folderPath,
(int)ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE,
(int)ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID
);
ActiveDs.IADsSecurityDescriptor securitydescriptor =
(IADsSecurityDescriptor)ob;
ActiveDs.IADsAccessControlList obDacl = ( ActiveDs.IADsAccessControlList )
securitydescriptor.DiscretionaryAcl;
daclnew = (IADsAccessControlList)obDacl;
foreach(IADsAccessControlEntry entry in daclnew)
{
if( entry.AceType == (int)ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOWED )
{
Console.WriteLine( entry.Trustee );
}
}
Following is the code snippet I am using to set permssion:
ADsSecurityUtilityClass secuUtil = new ADsSecurityUtilityClass();
//Getting security decriptor
object ob = secuUtil.GetSecurityDescriptor(
folderPath,
(int)ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE,
(int)ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID
);
if ( null != ob )
{
ActiveDs.IADsSecurityDescriptor securitydescriptor =
(IADsSecurityDescriptor)ob;
if( allowTrusteeList != null )
{
for( int trustee = 0; trustee < allowTrusteeList.Length; trustee++ )
{
ActiveDs.IADsAccessControlList obDacl = (
ActiveDs.IADsAccessControlList )
securitydescriptor.DiscretionaryAcl;
Allow = new AccessControlEntryClass();
//For recursive security settings
Allow.AceFlags = 3;
//ACE is allow type
Allow.AceType = (int)ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOWED;
//storing trustee
Allow.Trustee = SetSecurityTrustee( allowTrusteeList[trustee] );
//Allow.Trustee = allowTrusteeList[trustee];
AppendLog( 1, "Creating allow accessmask for trustee: " +
allowTrusteeList[trustee] );
//creating access mask
if( !CreateAccessMask( Allow, true, trustee ) )
{
return false;
}
obDacl.AddAce(Allow);
}