Remove All Directory Permissions

Question

In C# (2.0) How do I remove all permissions to a directory, so I can limit the access. I will be adding access back to a limited set of users.

Bryan · Answer 1 · 2012-09-22T09:53:04.847

23

Disclaimer: I realise this has already been answered and accepted, and I really wanted to post this as a comment to the accepted answer, however the inability of being able to format comments has forced me to post this as an answer (which, technically, it is)....

I was looking to do the same, and found your question. Stu's answer helped me come up with this solution. (Note that I'm only interested in removing explicit security).

private static DirectorySecurity RemoveExplicitSecurity(DirectorySecurity directorySecurity)
{
    AuthorizationRuleCollection rules = directorySecurity.GetAccessRules(true, false, typeof(System.Security.Principal.NTAccount));
    foreach (FileSystemAccessRule rule in rules)
        directorySecurity.RemoveAccessRule(rule);
    return directorySecurity;
}

And this is obviously used as follows:

DirectoryInfo directoryInfo = new DirectoryInfo(path);
DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();
directorySecurity = RemoveExplicitSecurity(directorySecurity);
Directory.SetAccessControl(path, directorySecurity);

edited Sep 22 '12 at 09:53

answered Nov 10 '10 at 16:08

Bryan

3,224
9
41
58

A perfectly valid additional answer! – C. Ross Nov 10 '10 at 16:24
Good solution but I think you should call it RemoveEXPLICIT not implicit, because you're removing the explicit rules here. – md1337 Mar 07 '12 at 18:18
1

This should be marked the correct answer. No disclaimer required. – 101010 Sep 21 '12 at 18:48
Just wanted to add for future reference that this is a good standard solution but isn't enough to handle some permissions. The list of permissions returned by `GetAccessRules` are not always valid when passed back into `RemoveAccessRule`. This happens with the value for the level of access doesn't exist in the `FileSystemRights` enum, more info here - https://stackoverflow.com/questions/9694834/encountering-a-filesystemrights-value-that-isnt-defined-in-enumeration/9694894#9694894 – Josh G Oct 18 '21 at 15:26

score 8 · Accepted Answer · answered Sep 18 '09 at 15:53

8

Look at the classes in the System.Security.AccessControl namespace, and especially the DirectorySecurity.RemoveAccessRule method.

Also, if you remove all the permissions then you won't be able to add any back afterwards :-)

answered Sep 18 '09 at 15:53

Stu Mackellar

11,510
1
38
59

I found this tool useful for checking my code worked ok. It shows you directory permissions set within the folder hierarchy. i.e. only where permissions are set, not inherited - http://www.youtube.com/watch?v=aZLIioUl-5k – pfeds Sep 09 '13 at 04:02

score 3 · Answer 3 · answered Sep 18 '09 at 15:52

3

Here is a great set of articles from CodeProject about Windows ACL programming:

The Windows Access Control Model

Part 3 of the series shows .NET specific methods.

answered Sep 18 '09 at 15:52

TWA

12,756
13
56
92

codymanix · Answer 4 · 2009-09-18T16:10:29.527

2

System.IO.Directory.GetAccessControl() and then edit the returned FileSecurity object.

edited Sep 18 '09 at 16:10

answered Sep 18 '09 at 15:53

codymanix

28,510
21
92
151

nearly the same ^^ I changed it now. – codymanix Sep 18 '09 at 16:11

Remove All Directory Permissions

4 Answers4

Linked