Last post Dec 02, 2010 07:14 AM by aburrow
Dec 02, 2010 07:14 AM|aburrow|LINK
I ended up using SetACL to clean up the "pseudo-inherited" entries.
I'm using the below code as part of a larger web based permissions control system for our central file server.
The code works fine if I have the directory pre-set to inherited permissions. The issue is if the folder is set to not-inherit and I change to inherit through the web interface.
This if statement "if (entry.IsInherited == true)" combined with the "resetaccessrule" command duplicate's the inherited permissions thus you have the same permissions as inherited and explicit. If I change the " if (entry.IsInherited == true) to "==false"
then it doesn't allow the addition of explicit permissions from the web interface.
What I'd like to be able to do is while inherited permissions is selected allow the addition of explicit permissions thus combining both inherited and explicit permissions on the selected folder.
if (IsInheriting == true)
//Inheritance is turned on
foreach (ace entry in _dacl)
if (entry.IsInherited == false)
if (entry.Rule == null)
//Get the account SID
NTAccount acct = new NTAccount(entry.UserAccount);
IdentityReference id = acct.Translate(typeof(SecurityIdentifier));
//Remove the Account based on SID
//Change/Add user to DACL.