给你一个我自己收集整理的类:
例:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
using
System.Security.AccessControl;
string
strPath =
"d:\temp"
;
if
(!Directory.Exists(strPath))
{
Directory.CreateDirectory(strPath);
}
// 重新设置目录访问权限
NTFSHelper.RemoveDirectoryAccountSecurityAll(strPath);
NTFSHelper.AddDirectorySecurity(strPath,
"SYSTEM"
, FileSystemRights.FullControl);
NTFSHelper.AddDirectorySecurity(strPath,
"Administrators"
, FileSystemRights.FullControl);
|
NTFSHelper.cs
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
|
using
System;
using
System.IO;
using
System.Text;
using
System.Collections.Generic;
using
System.Security.AccessControl;
namespace
NTFS
{
public
sealed
class
NTFSHelper
{
#region 目录权限
#region 添加权限
///
/// 添加 指定目录 指定用户 指定的 权限
///
///
///
///
public
static
void
AddDirectorySecurity(
string
FileName,
string
Account,
string
UserRights)
{
FileSystemRights Rights =
new
FileSystemRights();
if
(UserRights.IndexOf(
"R"
) >= 0)
{
Rights = Rights | FileSystemRights.Read;
}
if
(UserRights.IndexOf(
"C"
) >= 0)
{
Rights = Rights | FileSystemRights.ChangePermissions;
}
if
(UserRights.IndexOf(
"F"
) >= 0)
{
Rights = Rights | FileSystemRights.FullControl;
}
if
(UserRights.IndexOf(
"W"
) >= 0)
{
Rights = Rights | FileSystemRights.Write;
}
bool
ok;
DirectoryInfo dInfo =
new
DirectoryInfo(FileName);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
InheritanceFlags iFlags =
new
InheritanceFlags();
iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
FileSystemAccessRule AccessRule2 =
new
FileSystemAccessRule(Account, Rights, iFlags, PropagationFlags.None, AccessControlType.Allow);
dSecurity.ModifyAccessRule(AccessControlModification.Add, AccessRule2,
out
ok);
dInfo.SetAccessControl(dSecurity);
}
///
/// 添加 指定目录 指定用户 指定的 权限
///
///
///
///
public
static
void
AddDirectorySecurity(
string
FileName,
string
Account, FileSystemRights Rights)
{
bool
ok;
DirectoryInfo dInfo =
new
DirectoryInfo(FileName);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
InheritanceFlags iFlags =
new
InheritanceFlags();
iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
FileSystemAccessRule AccessRule2 =
new
FileSystemAccessRule(Account, Rights, iFlags, PropagationFlags.None, AccessControlType.Allow);
dSecurity.ModifyAccessRule(AccessControlModification.Add, AccessRule2,
out
ok);
dInfo.SetAccessControl(dSecurity);
}
#endregion
#region 获取目录权限
///
/// 获取 指定目录 除Administrators和SYSTEM之外的 权限列表
///
///
///
public
static
List<
string
> GetDirectoryAccountSecurity(
string
DirName)
{
List<
string
> dAccount =
new
List<
string
>();
DirectoryInfo dInfo =
new
DirectoryInfo(DirName);
if
(dInfo.Exists)
{
DirectorySecurity sec = Directory.GetAccessControl(DirName, AccessControlSections.All);
foreach
(FileSystemAccessRule rule
in
sec.GetAccessRules(
true
,
true
,
typeof
(System.Security.Principal.NTAccount)))
{
if
(rule.IdentityReference.Value !=
@"NT AUTHORITY\SYSTEM"
&& rule.IdentityReference.Value !=
@"BUILTIN\Administrators"
)
dAccount.Add(rule.IdentityReference.Value);
}
}
return
dAccount;
}
///
/// 获取 指定目录 所有权限列表
///
///
///
public
static
List<
string
> GetDirectoryAccountSecurityAll(
string
DirName)
{
List<
string
> dAccount =
new
List<
string
>();
DirectoryInfo dInfo =
new
DirectoryInfo(DirName);
if
(dInfo.Exists)
{
DirectorySecurity sec = Directory.GetAccessControl(DirName, AccessControlSections.All);
foreach
(FileSystemAccessRule rule
in
sec.GetAccessRules(
true
,
true
,
typeof
(System.Security.Principal.NTAccount)))
{
dAccount.Add(rule.IdentityReference.Value);
}
}
return
dAccount;
}
#endregion
#region 移除目录权限
///
/// 移除 指定目录 指定用户的 权限
///
///
///
public
static
void
RemoveDirectoryAccountSecurity(
string
DirName,
string
Account)
{
DirectoryInfo dInfo =
new
DirectoryInfo(DirName);
if
(dInfo.Exists)
{
System.Security.Principal.NTAccount myAccount =
new
System.Security.Principal.NTAccount(System.Environment.MachineName, Account);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
FileSystemAccessRule AccessRule =
new
FileSystemAccessRule(Account, FileSystemRights.FullControl, AccessControlType.Allow);
FileSystemAccessRule AccessRule2 =
new
FileSystemAccessRule(Account, FileSystemRights.FullControl, AccessControlType.Deny);
InheritanceFlags iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
PropagationFlags pFlags = PropagationFlags.InheritOnly | PropagationFlags.NoPropagateInherit;
dSecurity.AccessRuleFactory(myAccount, 983551,
false
, iFlags, pFlags, AccessControlType.Allow);
dSecurity.RemoveAccessRuleAll(AccessRule);
dSecurity.RemoveAccessRuleAll(AccessRule2);
dInfo.SetAccessControl(dSecurity);
}
}
///
/// 移除 指定目录 所有权限
///
///
public
static
void
RemoveDirectoryAccountSecurityAll(
string
DirName)
{
RemoveDirectoryAccountSecurityProtection(DirName);
List<
string
> dAccount = GetDirectoryAccountSecurityAll(DirName);
foreach
(
string
account
in
dAccount)
{
RemoveDirectoryAccountSecurity(DirName, account);
}
}
///
/// 移除 指定目录 所有继承的权限
///
///
public
static
void
RemoveDirectoryAccountSecurityProtection(
string
DirName)
{
DirectoryInfo dInfo =
new
DirectoryInfo(DirName);
if
(dInfo.Exists)
{
DirectorySecurity dSecurity = dInfo.GetAccessControl();
dSecurity.SetAccessRuleProtection(
true
,
false
);
dSecurity.SetAuditRuleProtection(
true
,
false
);
dInfo.SetAccessControl(dSecurity);
}
}
#endregion
#endregion
#region 文件权限
///
/// 获取 指定文件 除Administrators和SYSTEM之外的 权限列表
///
///
///
public
static
List<
string
> GetFileAccountSecurity(
string
fileName)
{
List<
string
> fAccount =
new
List<
string
>();
FileInfo fInfo =
new
FileInfo(fileName);
if
(fInfo.Exists)
{
FileSecurity fec = File.GetAccessControl(fileName, AccessControlSections.All);
foreach
(FileSystemAccessRule rule
in
fec.GetAccessRules(
true
,
true
,
typeof
(System.Security.Principal.NTAccount)))
{
if
(rule.IdentityReference.Value !=
@"NT AUTHORITY\SYSTEM"
&& rule.IdentityReference.Value !=
@"BUILTIN\Administrators"
)
fAccount.Add(rule.IdentityReference.Value);
}
}
return
fAccount;
}
///
/// 移除 指定文件 指定用户的 权限
///
///
///
public
static
void
RemoveFileAccountSecurity(
string
fileName,
string
Account)
{
FileInfo fInfo =
new
FileInfo(fileName);
if
(fInfo.Exists)
{
FileSecurity fSecurity = fInfo.GetAccessControl();
FileSystemAccessRule AccessRule =
new
FileSystemAccessRule(Account, FileSystemRights.FullControl, AccessControlType.Allow);
FileSystemAccessRule AccessRule2 =
new
FileSystemAccessRule(Account, FileSystemRights.FullControl, AccessControlType.Deny);
fSecurity.RemoveAccessRuleAll(AccessRule);
fSecurity.RemoveAccessRuleAll(AccessRule2);
fInfo.SetAccessControl(fSecurity);
}
}
#endregion
}
}
|