How to grant full permission to a file created by my application for ALL users?
Solution 1
Note to people using this.
When using literal strings for the FileSystemAccessRule, it should be WellKnownSidType.WorldSid instead of "everyone".
The reason is because there are multiple Window languages and Everyone only applies to EN ones, so for Spanish, it might be "Todos" (or something else).
using System.Security.AccessControl;
using System.Security.Principal;
using System.IO;
private void GrantAccess(string fullPath)
{
DirectoryInfo dInfo = new DirectoryInfo(fullPath);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
dSecurity.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.NoPropagateInherit, AccessControlType.Allow));
dInfo.SetAccessControl(dSecurity);
}
Solution 2
You will need to give full control to "Everyone" group on the machine. Found this post on MSDN which talks about it.
Hope this works for you.
Related videos on Youtube
08 : 03
01 : 45
03 : 28
13 : 30
04 : 11
01 : 53
11 : 14
20 : 47
27 : 20
06 : 54
nawfal
You should accept the answer if it helped you by selecting the green tick mark on the top left of the answer. That's the encouraged practice at SO. Not only it helps future visitors, it encourages users to answer your questions. You should post what you have tried and tell us where you're stuck. That gives us more detail, and we can quickly give an answer by copy-pasting the code with minor modifications. Questions like I-need-this,-give-me-code doesnt work in SO. In the current format the question will be closed. You may read http://stackoverflow.com/faq additionally before posting. Do a good search on SO to ensure you're not asking a duplicated question, or else your question will be closed. Quick tag search
Updated on July 05, 2022Comments
-
nawfal almost 2 years
The tool I develop needs to grant access rights "Full Control" to a file created by it. It needs to be read, modified and deleted from all windows accounts and even possible future accounts. Could this be achieved?
I know I can try this for a SPECIFIC_USER:
FileSystemAccessRule rule = new FileSystemAccessRule(SPECIFIC_USER, FileSystemRights.FullControl, AccessControlType.Allow); FileSecurity fSecurity = File.GetAccessControl(filePath); fSecurity.SetAccessRule(rule); File.SetAccessControl(filePath, fSecurity);But how do I grant it to all users? And even possible future accounts? If the latter part is not possible, how to go about the first requirement?
Thanks.
EDIT:
This is the code which worked for me. Taken from the answerer's link.
private void GrantAccess(string fullPath) { DirectoryInfo dInfo = new DirectoryInfo(fullPath); DirectorySecurity dSecurity = dInfo.GetAccessControl(); dSecurity.AddAccessRule(new FileSystemAccessRule( new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.NoPropagateInherit, AccessControlType.Allow)); dInfo.SetAccessControl(dSecurity); }Note the
PropagationFlags.NoPropagateInheritwhich is required (mentioned towards the last in the link). It does grant privilege to even future accounts.-
Angelo Vargas about 11 yearsNote to people, don't use "everyone", instead use
new SecurityIdentifier(WellKnownSidType.WorldSid, null)which returns a SecurityIdentifier object. Everyone only works on english windows installations, using the other method ensures it's compatible with multiple language versions. -
nawfal about 11 years@trukin can you make it an answer? thanks
-
Hina Khuman over 6 years@nawfal: I'm having same issue, and I need to give access of my installation folder once application installed, but where can I write this code? -
nawfal over 6 years@HinaKhuman Giving installation folder privileges are better handled by the installer. I dont know which one you are using but it should be pretty straight forward. If you wanna do it from C# then call the GrantAccess method from wherever you want but your application itself should have the rights.
-
Hina Khuman over 6 years@nawfal: Thanks! see detailed question here: stackoverflow.com/q/48165315/5743676
-
-
nawfal over 12 yearsThanks, Ill see to that. Does this grant access to even future accounts?
-
nawfal over 12 yearsThanks it did work and grants access to future user accounts as well. Please accept my edit so that others know what exactly should be done.
-
CularBytes over 9 yearsThank-you so much.. been struggling with decompressing files and setting permissions to .mdf files (because I got read-only errors). Thanks! -
hypehuman almost 9 yearsMay I ask the purpose of the return value?
-
Angelo Vargas almost 9 years@hypehuman oh none really, it was meant to be called from somewhere and if it failed (say GrantAccess caught an exception, then it would return false), then whatever code uses that should not continue since no permissions were granted.
-
anhtv13 over 4 yearsDirectorySecurity is not found. What is the reference lib? i added 3 lines 'using...', still error.
-
Kappacake almost 3 yearsDo not forget to includeInheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.NoPropagateInheritor it will only add the user/group without applying any permissions to it (the user/group will only have special permissions). Just spent an hour trying to understand why it would appply any permissions to the group, so hope this saves someone some time!
