I'm creating a new AD user using system.directoryservices, enabling the user, creating the Exchange mailbox and all that happy stuff. I'm also trying to creat the user directory stored on our SAN.
In order to conform to our business standards I need to change the ACL's on the user folder to allow some and completely remove others. I can add the users without fail and assign the specific ACL's as needed. The trouble is that when I create the new folder
it inherits the parent folder permissions and unless I manually go in and remove the "Allow inheritable properties to propogate from the parent..." checkbox, it doesn't allow me to remove the inherited permissions.
<code>
'Create the new users folder
If CreateUserFolder.Exists Then
Session("Error") = "That user folder (" & UserFolderPath & ") already exists."
Response.Redirect("error.aspx")
End If
' Try to create the directory.
CreateUserFolder.Create()
'Redirect to a new page so it is obvious that the account was created
Response.Redirect("finished.aspx")
Catch ex As Exception
'Session("Error") = ex.ToString
'Response.Redirect("error.aspx")
End Try
End Sub
Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
' Create a new DirectoryInfoobject.
Dim dInfo As New DirectoryInfo(FileName)
' Get a DirectorySecurity object that represents the
' current security settings.
Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()
' Add the FileSystemAccessRule to the security settings.
dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))
' Set the new access settings.
dInfo.SetAccessControl(dSecurity)
End Sub
' Removes an ACL entry on the specified directory for the specified account.
Sub RemoveDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
' Create a new DirectoryInfo object.
Dim dInfo As New DirectoryInfo(FileName)
' Get a DirectorySecurity object that represents the
' current security settings.
Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()
' Add the FileSystemAccessRule to the security settings.
dSecurity.RemoveAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))
' Set the new access settings.
dInfo.SetAccessControl(dSecurity)
DaleP
Participant
982 Points
278 Posts
Directory.SetAccessControl
Dec 10, 2007 07:12 PM|LINK
Hi,
I'm creating a new AD user using system.directoryservices, enabling the user, creating the Exchange mailbox and all that happy stuff. I'm also trying to creat the user directory stored on our SAN.
In order to conform to our business standards I need to change the ACL's on the user folder to allow some and completely remove others. I can add the users without fail and assign the specific ACL's as needed. The trouble is that when I create the new folder it inherits the parent folder permissions and unless I manually go in and remove the "Allow inheritable properties to propogate from the parent..." checkbox, it doesn't allow me to remove the inherited permissions.
<code>
'Create the new users folder
If CreateUserFolder.Exists Then
Session("Error") = "That user folder (" & UserFolderPath & ") already exists."
Response.Redirect("error.aspx")
End If
' Try to create the directory.
CreateUserFolder.Create()
'Set the security on the folders
AddDirectorySecurity(UserFolderPath, "GOB\Domain Users", FileSystemRights.Traverse, AccessControlType.Allow)
AddDirectorySecurity(UserFolderPath, "GOB\Domain Users", FileSystemRights.ListDirectory, AccessControlType.Allow)
AddDirectorySecurity(UserFolderPath, "GOB\Domain Users", FileSystemRights.Read, AccessControlType.Allow)
AddDirectorySecurity(UserFolderPath, "GOB\Domain Users", FileSystemRights.ReadExtendedAttributes, AccessControlType.Allow)
AddDirectorySecurity(UserFolderPath, "GOB\Domain Users", FileSystemRights.ReadData, AccessControlType.Allow)
AddDirectorySecurity(UserFolderPath, "GOB\Domain Users", FileSystemRights.ReadAndExecute, AccessControlType.Allow)
RemoveDirectorySecurity(UserFolderPath, "everyone", FileSystemRights.Traverse, AccessControlType.Allow)
RemoveDirectorySecurity(UserFolderPath, "everyone", FileSystemRights.ListDirectory, AccessControlType.Allow)
RemoveDirectorySecurity(UserFolderPath, "everyone", FileSystemRights.Read, AccessControlType.Allow)
RemoveDirectorySecurity(UserFolderPath, "everyone", FileSystemRights.ReadExtendedAttributes, AccessControlType.Allow)
RemoveDirectorySecurity(UserFolderPath, "everyone", FileSystemRights.ReadData, AccessControlType.Allow)
RemoveDirectorySecurity(UserFolderPath, "everyone", FileSystemRights.ReadAndExecute, AccessControlType.Allow)
RemoveDirectorySecurity(UserFolderPath, "everyone", FileSystemRights.CreateFiles, AccessControlType.Allow)
RemoveDirectorySecurity(UserFolderPath, "everyone", FileSystemRights.AppendData, AccessControlType.Allow)
RemoveDirectorySecurity(UserFolderPath, "everyone", FileSystemRights.CreateDirectories, AccessControlType.Allow)
RemoveDirectorySecurity(UserFolderPath, "everyone", FileSystemRights.WriteData, AccessControlType.Allow)
'Redirect to a new page so it is obvious that the account was created
Response.Redirect("finished.aspx")
Catch ex As Exception
'Session("Error") = ex.ToString
'Response.Redirect("error.aspx")
End Try
End Sub
Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
' Create a new DirectoryInfoobject.
Dim dInfo As New DirectoryInfo(FileName)
' Get a DirectorySecurity object that represents the
' current security settings.
Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()
' Add the FileSystemAccessRule to the security settings.
dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))
' Set the new access settings.
dInfo.SetAccessControl(dSecurity)
End Sub
' Removes an ACL entry on the specified directory for the specified account.
Sub RemoveDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
' Create a new DirectoryInfo object.
Dim dInfo As New DirectoryInfo(FileName)
' Get a DirectorySecurity object that represents the
' current security settings.
Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()
' Add the FileSystemAccessRule to the security settings.
dSecurity.RemoveAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))
' Set the new access settings.
dInfo.SetAccessControl(dSecurity)
End Sub
</code>
Anyone know how I can get around this?