How to programmatically modify the users full control

Posted: 07-04-2008, 12:36 PM

Dear

Forgive me, if I have posted in wrong forum. Please point me to th
correct forum for my enquiry below

As we are updating our program and installer to support Vista, we nee
to programmatically modify the windows folder's Users rights. Fo
example

- We created a folder under "C:\ProgramData\Test\" and store some file
which our program need to update when it runs
- Works fine in Administrator mode
- In Standard user mode it does not work as the folder does not hav
the full rights

If we go to administrator account, select the above folder, right clic
to select Properties, Security tab, select Users and apply 'Ful
control' then works fine in standard user

Can we set the Users full controls programmatically? Is there any othe
approach

Thanks in advance

Regards
M

--
Happs

How to programmatically modify the users full control


Responses to "How to programmatically modify the users full control"

Happs
Guest
Posts: n/a
 
Re: How to programmatically modify the users full control
Posted: 07-05-2008, 05:46 AM

Dear,

I am trying to give full rights to a folder in Vista so my program can
modify the files in the folder in Admin/Standard user mode.

The folder I am creating is under "C:\ProgramData" folder. The code
below execute without any error but the "Users" account don't get the
full rights.

Thanks in advance for looking at my post and your expert advice.

================================================== ============
using System.IO;
using System.Security.Principal;
using System.Security.AccessControl;


static void Main(string[] args)
{
string folderPath =
Path.Combine(Environment.GetFolderPath(Environment .SpecialFolder.CommonApplicationData),
"Test_folder");

if (!Directory.Exists(folderPath))
Directory.CreateDirectory(folderPath);

UpdateAccountRightrs(folderPath);

Console.ReadLine();
}



/// <summary>
/// Iterate each account and update rights
/// </summary>
/// <param name="folderPath"></param>
private static void UpdateAccountRightrs(string folderPath)
{
Console.WriteLine("-> UpdateAccountRightrs() folderPath: "
+ folderPath);

FileSecurity security = File.GetAccessControl(folderPath);
AuthorizationRuleCollection acl =
security.GetAccessRules(true, true,
typeof(System.Security.Principal.NTAccount));

foreach (FileSystemAccessRule ace in acl)
{
string accountName = ace.IdentityReference.Value;
Console.WriteLine("-> UpdateAccountRightrs() Account:
" + accountName);
Console.WriteLine("-> UpdateAccountRightrs() Rights: "
+ ace.FileSystemRights);
Console.WriteLine("-> UpdateAccountRightrs() Account:
" + accountName);

if (ace.FileSystemRights !=
FileSystemRights.FullControl)
ProvideFullRights(folderPath, accountName);
}

Console.WriteLine("<- UpdateAccountRightrs()");
}




/// <summary>
/// Provide the full rights to the account
/// </summary>
/// <param name="filePath"></param>
/// <param name="accountName"></param>
private static void ProvideFullRights(string folderPath,
string accountName)
{
Console.WriteLine("-> ProvideFullRights() accountName: " +
accountName);

if ((folderPath.Length == 0) || (accountName.Length == 0))
return;

FileSecurity fs = File.GetAccessControl(folderPath);
fs.AddAccessRule(new FileSystemAccessRule(accountName,
FileSystemRights.FullControl,
AccessControlType.Allow));
File.SetAccessControl(folderPath, fs);

Console.WriteLine("<- ProvideFullRights()");
}
================================================== ====

Regards,
MA


--
Happs
Charlie Tame
Guest
Posts: n/a
 
Re: How to programmatically modify the users full control
Posted: 07-05-2008, 02:05 PM
Happs wrote:
> Dear,
>
> I am trying to give full rights to a folder in Vista so my program can
> modify the files in the folder in Admin/Standard user mode.
>
> The folder I am creating is under "C:\ProgramData" folder. The code
> below execute without any error but the "Users" account don't get the
> full rights.
>
> Thanks in advance for looking at my post and your expert advice.
>
> ================================================== ============
> using System.IO;
> using System.Security.Principal;
> using System.Security.AccessControl;
>
>
> static void Main(string[] args)
> {
> string folderPath =
> Path.Combine(Environment.GetFolderPath(Environment .SpecialFolder.CommonApplicationData),
> "Test_folder");
>
> if (!Directory.Exists(folderPath))
> Directory.CreateDirectory(folderPath);
>
> UpdateAccountRightrs(folderPath);
>
> Console.ReadLine();
> }
>
>
>
> /// <summary>
> /// Iterate each account and update rights
> /// </summary>
> /// <param name="folderPath"></param>
> private static void UpdateAccountRightrs(string folderPath)
> {
> Console.WriteLine("-> UpdateAccountRightrs() folderPath: "
> + folderPath);
>
> FileSecurity security = File.GetAccessControl(folderPath);
> AuthorizationRuleCollection acl =
> security.GetAccessRules(true, true,
> typeof(System.Security.Principal.NTAccount));
>
> foreach (FileSystemAccessRule ace in acl)
> {
> string accountName = ace.IdentityReference.Value;
> Console.WriteLine("-> UpdateAccountRightrs() Account:
> " + accountName);
> Console.WriteLine("-> UpdateAccountRightrs() Rights: "
> + ace.FileSystemRights);
> Console.WriteLine("-> UpdateAccountRightrs() Account:
> " + accountName);
>
> if (ace.FileSystemRights !=
> FileSystemRights.FullControl)
> ProvideFullRights(folderPath, accountName);
> }
>
> Console.WriteLine("<- UpdateAccountRightrs()");
> }
>
>
>
>
> /// <summary>
> /// Provide the full rights to the account
> /// </summary>
> /// <param name="filePath"></param>
> /// <param name="accountName"></param>
> private static void ProvideFullRights(string folderPath,
> string accountName)
> {
> Console.WriteLine("-> ProvideFullRights() accountName: " +
> accountName);
>
> if ((folderPath.Length == 0) || (accountName.Length == 0))
> return;
>
> FileSecurity fs = File.GetAccessControl(folderPath);
> fs.AddAccessRule(new FileSystemAccessRule(accountName,
> FileSystemRights.FullControl,
> AccessControlType.Allow));
> File.SetAccessControl(folderPath, fs);
>
> Console.WriteLine("<- ProvideFullRights()");
> }
> ================================================== ====
>
> Regards,
> MA
>
>

Have you tried the Visual Studio group in case someone has already
figured this out? You could post the same question again to both groups
(thus seeing all answers in both places) or if you post separately you
might let the folks in both groups know if you got an answer.

I can't help personally but have a feeling that the system is designed
to not allow you to do what you wish to do.

Kerry Brown
Guest
Posts: n/a
 
Re: How to programmatically modify the users full control
Posted: 07-05-2008, 03:57 PM
"Happs" <guest@unknown-email.com> wrote in message
news:21bc9e7ad0b193382685688b109f45d3@nntp-gateway.com...
>
> Dear,
>
> Forgive me, if I have posted in wrong forum. Please point me to the
> correct forum for my enquiry below.
>
> As we are updating our program and installer to support Vista, we need
> to programmatically modify the windows folder's Users rights. For
> example:
>
> - We created a folder under "C:\ProgramData\Test\" and store some files
> which our program need to update when it runs.
> - Works fine in Administrator mode.
> - In Standard user mode it does not work as the folder does not have
> the full rights.
>
> If we go to administrator account, select the above folder, right click
> to select Properties, Security tab, select Users and apply 'Full
> control' then works fine in standard user.
>
> Can we set the Users full controls programmatically? Is there any other
> approach?
>

You need to set the ACLs during the install. The install needs to run with
Administrator privileges. Don't give Users Full Control. Figure out exactly
what is needed and give them the needed permissions. At most they need
Modify. This is the way secure OS' are supposed to work. Users can change
user settings. Administrators can change system settings.

http://msdn.microsoft.com/en-ca/wind...a/default.aspx

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/



Pete Delgado
Guest
Posts: n/a
 
Re: How to programmatically modify the users full control
Posted: 07-10-2008, 05:29 PM

"Happs" <guest@unknown-email.com> wrote in message
news:21bc9e7ad0b193382685688b109f45d3@nntp-gateway.com...
>
> Dear,
>
> Forgive me, if I have posted in wrong forum. Please point me to the
> correct forum for my enquiry below.
>
> As we are updating our program and installer to support Vista, we need
> to programmatically modify the windows folder's Users rights. For
> example:
>
> - We created a folder under "C:\ProgramData\Test\" and store some files
> which our program need to update when it runs.
> - Works fine in Administrator mode.
> - In Standard user mode it does not work as the folder does not have
> the full rights.
>
> If we go to administrator account, select the above folder, right click
> to select Properties, Security tab, select Users and apply 'Full
> control' then works fine in standard user.
>
> Can we set the Users full controls programmatically? Is there any other
> approach?
>
> Thanks in advance.
There are a variety of ways to accomplish what you want to do. I prefer to
use the ATL security classes as they seem to provide the easiet interface to
use for C++ programmers to adjust ACLs.

You may wish to take a step back though and examine whether you application
truly needs to set ACLs. If the data is user-based rather than program-wide
data that should be shared by all users, you will need to rethink your
strategy and start storing data in the recommended locations.

-Pete


Happs
Guest
Posts: n/a
 
Re: How to programmatically modify the users full control
Posted: 07-10-2008, 10:46 PM

Thank you all for your response

Regards
M

--
Happs
 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
Full Control to Users programmatically vovan Windows Vista Administration 56 05-26-2007 10:46 AM
Full Control to Users programmatically vovan Windows Vista Networking & Sharing 55 05-25-2007 07:54 PM
is there some location (c.f. [CommonAppData]) where even limited users can modify/write files? Bob Eaton Windows Vista File Management 15 03-20-2007 08:25 AM
News...... Users need Full Control in the Share Permissions !!! Yifat Windows XP Photos 0 02-04-2004 08:24 AM
How can I enable users to modify TCP/IP properties Konrad Rusz Windows XP Security & Administration 2 10-07-2003 07:18 AM