Hi all,
This may be an odd request but here is what I am trying to do, I want to remove read permission for the user level account, then add that permission back when my application closes, I have it all working except I get thrown an exception when trying to add the permissions back, it seems I cut my own legs off so to speak when I remove the read attribute. Now the thing is, my console app is being run with administrator rights, and the administrator still has full rights to the file.
My code to remove the read attribute:
then if I right click the file, I see the top acl is the logged in user (ie. Devicename\Bob) has a deny for read access, below that is Devicename\Administrators and it has full control allowed.
When I then try and add the read access back:
I get an "access to path is denied" error. It would appear its trying to run the command as Bob with elevated rights rather than Administrator which understandably won't work, is there some way around this?
This may be an odd request but here is what I am trying to do, I want to remove read permission for the user level account, then add that permission back when my application closes, I have it all working except I get thrown an exception when trying to add the permissions back, it seems I cut my own legs off so to speak when I remove the read attribute. Now the thing is, my console app is being run with administrator rights, and the administrator still has full rights to the file.
My code to remove the read attribute:
C#:
WindowsIdentity currentUser = WindowsIdentity.GetCurrent();
FileSecurity aclplus = new FileSecurity();
aclplus.AddAccessRule(new FileSystemAccessRule(currentUser.User, FileSystemRights.Read, AccessControlType.Deny));
File.SetAccessControl(passwordfile, aclplus);
then if I right click the file, I see the top acl is the logged in user (ie. Devicename\Bob) has a deny for read access, below that is Devicename\Administrators and it has full control allowed.
When I then try and add the read access back:
C#:
FileSecurity aclrm = new FileSecurity();
aclrm.RemoveAccessRule(new FileSystemAccessRule(currentUser.User, FileSystemRights.Read, AccessControlType.Deny));
File.SetAccessControl(passwordfile, aclrm);
I get an "access to path is denied" error. It would appear its trying to run the command as Bob with elevated rights rather than Administrator which understandably won't work, is there some way around this?