winXP - set directory acl rules for current appdomain/process only

Question

WinXP/Win7, .net 3.5, C#, application running under admin account

I have to get a read access to directories accessible only by SYSTEM account (e.g. "System Volume Information") and wouldn't like to change directory security (using method like this: Why can I not set this ACL rule in C#?).

Can I setup "in memory" directory ACL rules for current process/thread/appdomain and how to do this in C#?

Related link: http://stackoverflow.com/questions/4736866/system-volume-information-access-denied — user861768, Nov 16 '11 at 00:10
Another one: http://stackoverflow.com/questions/5510311/how-can-i-manipulate-token-privileges-in-net — user861768, Nov 16 '11 at 02:46

score 0 · Answer 1 · answered Nov 15 '11 at 11:35

0

If the directories are readable only by the SYSTEM account you need to run the code under SYSTEM's identity to access them. There is no way a normal user process can impersonate SYSTEM.

The easiest is probably to set up a small service, running as SYSTEM and let that service perform the read on behalf of the user process. Make sure that you service is safe so that it cannot be used by anyone to read sensitive data.

answered Nov 15 '11 at 11:35

Anders Abel

67,989
17
150
217

Unfortunately, the impersonation as SYSTEM is not acceptable (directory traverse code is strongly intergrated in main app). It seems that "Far" file manager can do exactly that I want (e.g. when trying to view "System Volume Information"). – user861768 Nov 15 '11 at 12:31

winXP - set directory acl rules for current appdomain/process only

1 Answers1