如何为所有用户授予应用程序创建的文件的完全权限?

我开发的工具需要向它创建的文件授予访问权限“完全控制”。它需要被读取,修改和删除从所有的窗口帐户,甚至可能的未来帐户。这能实现吗?

我知道我可以针对特定用户尝试这种方法:

FileSystemAccessRule rule = new FileSystemAccessRule(SPECIFIC_USER, FileSystemRights.FullControl, AccessControlType.Allow);
FileSecurity fSecurity = File.GetAccessControl(filePath);
fSecurity.SetAccessRule(rule);
File.SetAccessControl(filePath, fSecurity);

但是如何将其授予所有用户呢?甚至是未来可能的账户?如果后一部分是不可能的,那么如何实现第一个要求呢?

谢谢。

编辑:

这是我用过的密码,从答案的链接中提取出来的。

private void GrantAccess(string fullPath)
{
DirectoryInfo dInfo = new DirectoryInfo(fullPath);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
dSecurity.AddAccessRule(new FileSystemAccessRule(
new SecurityIdentifier(WellKnownSidType.WorldSid, null),
FileSystemRights.FullControl,
InheritanceFlags.ObjectInherit |
InheritanceFlags.ContainerInherit,
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow));


dInfo.SetAccessControl(dSecurity);
}

请注意所需的 PropagationFlags.NoPropagateInherit(在链接的最后提到)。它甚至给予未来的帐户特权。

83760 次浏览
小开

You will need to give full control to "Everyone" group on the machine. Found this post on MSDN which talks about it.

Hope this works for you.

小开
最佳答案

Note to people using this.

When using literal strings for the FileSystemAccessRule, it should be WellKnownSidType.WorldSid instead of "everyone".

The reason is because there are multiple Window languages and Everyone only applies to EN ones, so for Spanish, it might be "Todos" (or something else).

using System.Security.AccessControl;
using System.Security.Principal;
using System.IO;


private void GrantAccess(string fullPath)
{
DirectoryInfo dInfo = new DirectoryInfo(fullPath);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
dSecurity.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.NoPropagateInherit, AccessControlType.Allow));
dInfo.SetAccessControl(dSecurity);
}

提交答案