我想使用活动目录管理员帐户授予对网络共享文件夹的完全访问/撤销访问权限(我可以将其作为映射驱动器使用)。
我如何将File.GetAccessControl,.RemoveAccessRule和.AddAccessRule作为活动目录管理服务帐户同时管理网络共享文件夹?
答案 0 :(得分:2)
以下是我用来执行此操作的代码段。
private void EditAccess(List<string> userlist, string folder)
{
foreach (string user in userlist)
{
var AccessRule = new FileSystemAccessRule(user, FileSystemRights.FullControl,
InheritanceFlags.None,
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
DirectoryInfo rootFolder = new DirectoryInfo(folder);
DirectorySecurity rootSec = rootFolder.GetAccessControl(AccessControlSections.Access);
bool Result;
rootSec.ModifyAccessRule(AccessControlModification.Set, AccessRule, out Result);
InheritanceFlags iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
AccessRule = new FileSystemAccessRule(user, FileSystemRights.FullControl, iFlags, PropagationFlags.InheritOnly, AccessControlType.Allow);
rootSec.ModifyAccessRule(AccessControlModification.Add, AccessRule, out Result);
rootFolder.SetAccessControl(rootSec);
}
}