将 AD 组的此 "folder only" 权限应用到文件夹
Apply this "folder only" permissions for AD Groups to a folder
我在文件夹权限方面遇到了一些困难。
我基本上想将 AD 组添加到具有修改权限的文件夹,但随后对其进行限制。
问题是我不知道如何申请权限
“仅此文件夹”
目标是对主文件夹设置以下限制:
- 拒绝删除子文件夹
- 拒绝删除
- 拒绝更改权限
- 拒绝取得所有权
我找到了 AccessRule Class,但找不到有关如何使用 C# 执行此操作的任何详细信息
有人知道怎么做吗?
我找到了解决办法。
这是代码和信息:
//set params for all access sets
AccessControlType DenyAccess = AccessControlType.Deny;
AccessControlType AllowAccess = AccessControlType.Allow;
InheritanceFlags inheritFlag = InheritanceFlags.None;
InheritanceFlags inheritFlag2 = InheritanceFlags.ContainerInherit;
InheritanceFlags inheritFlag3 = InheritanceFlags.ObjectInherit;
PropagationFlags propagationFlags = PropagationFlags.None;
FileSystemRights access = FileSystemRights.ChangePermissions;
FileSystemRights access2 = FileSystemRights.Delete;
FileSystemRights access3 = FileSystemRights.TakeOwnership;
FileSystemRights access4 = FileSystemRights.DeleteSubdirectoriesAndFiles;
FileSystemRights ReadAccess = FileSystemRights.ReadAndExecute;
FileSystemRights ModifyAccess = FileSystemRights.Modify;
DirectoryInfo info = new DirectoryInfo(strPath);
DirectorySecurity security = info.GetAccessControl();
//set read right for group
NTAccount GroupRead = new NTAccount(StrDomain, strGroupRead);
security.AddAccessRule(new FileSystemAccessRule(GroupRead, ReadAccess, inheritFlag2, propagationFlags, AllowAccess));
security.AddAccessRule(new FileSystemAccessRule(GroupRead, ReadAccess, inheritFlag3, propagationFlags, AllowAccess));
//set Modify right for group
NTAccount GroupModify = new NTAccount(StrDomain, strGoupModify);
security.AddAccessRule(new FileSystemAccessRule(GroupModify, ModifyAccess, inheritFlag2, propagationFlags, AllowAccess));
security.AddAccessRule(new FileSystemAccessRule(GroupModify, ModifyAccess, inheritFlag3, propagationFlags, AllowAccess));
//set special right group
security.AddAccessRule(new FileSystemAccessRule(groupModify, access, inheritFlag, propagationFlags, DenyAccess)); //ChangePermission
security.AddAccessRule(new FileSystemAccessRule(groupModify, access2, inheritFlag, propagationFlags, DenyAccess)); //Delete
security.AddAccessRule(new FileSystemAccessRule(groupModify, access3, inheritFlag, propagationFlags, DenyAccess)); //Ownership
security.AddAccessRule(new FileSystemAccessRule(groupModify, access4, inheritFlag, propagationFlags, DenyAccess)); //Delete subfiles and folders
//add rights to folder
info.SetAccessControl(security);
这为您提供了一个带有读取和修改组的文件夹,修改组不能删除主文件夹,成员也不能取得它的所有权,也不能更改它的权限。
干杯
我在文件夹权限方面遇到了一些困难。
我基本上想将 AD 组添加到具有修改权限的文件夹,但随后对其进行限制。
问题是我不知道如何申请权限 “仅此文件夹”
目标是对主文件夹设置以下限制:
- 拒绝删除子文件夹
- 拒绝删除
- 拒绝更改权限
- 拒绝取得所有权
我找到了 AccessRule Class,但找不到有关如何使用 C# 执行此操作的任何详细信息
有人知道怎么做吗?
我找到了解决办法。 这是代码和信息:
//set params for all access sets
AccessControlType DenyAccess = AccessControlType.Deny;
AccessControlType AllowAccess = AccessControlType.Allow;
InheritanceFlags inheritFlag = InheritanceFlags.None;
InheritanceFlags inheritFlag2 = InheritanceFlags.ContainerInherit;
InheritanceFlags inheritFlag3 = InheritanceFlags.ObjectInherit;
PropagationFlags propagationFlags = PropagationFlags.None;
FileSystemRights access = FileSystemRights.ChangePermissions;
FileSystemRights access2 = FileSystemRights.Delete;
FileSystemRights access3 = FileSystemRights.TakeOwnership;
FileSystemRights access4 = FileSystemRights.DeleteSubdirectoriesAndFiles;
FileSystemRights ReadAccess = FileSystemRights.ReadAndExecute;
FileSystemRights ModifyAccess = FileSystemRights.Modify;
DirectoryInfo info = new DirectoryInfo(strPath);
DirectorySecurity security = info.GetAccessControl();
//set read right for group
NTAccount GroupRead = new NTAccount(StrDomain, strGroupRead);
security.AddAccessRule(new FileSystemAccessRule(GroupRead, ReadAccess, inheritFlag2, propagationFlags, AllowAccess));
security.AddAccessRule(new FileSystemAccessRule(GroupRead, ReadAccess, inheritFlag3, propagationFlags, AllowAccess));
//set Modify right for group
NTAccount GroupModify = new NTAccount(StrDomain, strGoupModify);
security.AddAccessRule(new FileSystemAccessRule(GroupModify, ModifyAccess, inheritFlag2, propagationFlags, AllowAccess));
security.AddAccessRule(new FileSystemAccessRule(GroupModify, ModifyAccess, inheritFlag3, propagationFlags, AllowAccess));
//set special right group
security.AddAccessRule(new FileSystemAccessRule(groupModify, access, inheritFlag, propagationFlags, DenyAccess)); //ChangePermission
security.AddAccessRule(new FileSystemAccessRule(groupModify, access2, inheritFlag, propagationFlags, DenyAccess)); //Delete
security.AddAccessRule(new FileSystemAccessRule(groupModify, access3, inheritFlag, propagationFlags, DenyAccess)); //Ownership
security.AddAccessRule(new FileSystemAccessRule(groupModify, access4, inheritFlag, propagationFlags, DenyAccess)); //Delete subfiles and folders
//add rights to folder
info.SetAccessControl(security);
这为您提供了一个带有读取和修改组的文件夹,修改组不能删除主文件夹,成员也不能取得它的所有权,也不能更改它的权限。
干杯