How to grant full permission to a file created by my application for ALL users?

81,538

Solution 1

Note to people using this.

When using literal strings for the FileSystemAccessRule, it should be WellKnownSidType.WorldSid instead of "everyone".

The reason is because there are multiple Window languages and Everyone only applies to EN ones, so for Spanish, it might be "Todos" (or something else).

using System.Security.AccessControl;
using System.Security.Principal;
using System.IO;

private void GrantAccess(string fullPath)
{
    DirectoryInfo dInfo = new DirectoryInfo(fullPath);
    DirectorySecurity dSecurity = dInfo.GetAccessControl();
    dSecurity.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.NoPropagateInherit, AccessControlType.Allow));
    dInfo.SetAccessControl(dSecurity);
}

Solution 2

You will need to give full control to "Everyone" group on the machine. Found this post on MSDN which talks about it.

Hope this works for you.

Share:
81,538

Related videos on Youtube

nawfal
Author by

nawfal

You should accept the answer if it helped you by selecting the green tick mark on the top left of the answer. That's the encouraged practice at SO. Not only it helps future visitors, it encourages users to answer your questions. You should post what you have tried and tell us where you're stuck. That gives us more detail, and we can quickly give an answer by copy-pasting the code with minor modifications. Questions like I-need-this,-give-me-code doesnt work in SO. In the current format the question will be closed. You may read http://stackoverflow.com/faq additionally before posting. Do a good search on SO to ensure you're not asking a duplicated question, or else your question will be closed. Quick tag search

Updated on July 05, 2022

Comments

  • nawfal
    nawfal almost 2 years

    The tool I develop needs to grant access rights "Full Control" to a file created by it. It needs to be read, modified and deleted from all windows accounts and even possible future accounts. Could this be achieved?

    I know I can try this for a SPECIFIC_USER:

    FileSystemAccessRule rule = new FileSystemAccessRule(SPECIFIC_USER, FileSystemRights.FullControl, AccessControlType.Allow);
    FileSecurity fSecurity = File.GetAccessControl(filePath);
    fSecurity.SetAccessRule(rule);
    File.SetAccessControl(filePath, fSecurity);
    

    But how do I grant it to all users? And even possible future accounts? If the latter part is not possible, how to go about the first requirement?

    Thanks.

    EDIT:

    This is the code which worked for me. Taken from the answerer's link.

    private void GrantAccess(string fullPath)
    {
        DirectoryInfo dInfo = new DirectoryInfo(fullPath);
        DirectorySecurity dSecurity = dInfo.GetAccessControl();
        dSecurity.AddAccessRule(new FileSystemAccessRule(
            new SecurityIdentifier(WellKnownSidType.WorldSid, null), 
            FileSystemRights.FullControl,
            InheritanceFlags.ObjectInherit |
               InheritanceFlags.ContainerInherit,
            PropagationFlags.NoPropagateInherit,
            AccessControlType.Allow));
    
        dInfo.SetAccessControl(dSecurity);
    }
    

    Note the PropagationFlags.NoPropagateInherit which is required (mentioned towards the last in the link). It does grant privilege to even future accounts.

    • Angelo Vargas
      Angelo Vargas about 11 years
      Note to people, don't use "everyone", instead use new SecurityIdentifier(WellKnownSidType.WorldSid, null) which returns a SecurityIdentifier object. Everyone only works on english windows installations, using the other method ensures it's compatible with multiple language versions.
    • nawfal
      nawfal about 11 years
      @trukin can you make it an answer? thanks
    • Hina Khuman
      Hina Khuman over 6 years
      @nawfal: I'm having same issue, and I need to give access of my installation folder once application installed, but where can I write this code?
    • nawfal
      nawfal over 6 years
      @HinaKhuman Giving installation folder privileges are better handled by the installer. I dont know which one you are using but it should be pretty straight forward. If you wanna do it from C# then call the GrantAccess method from wherever you want but your application itself should have the rights.
    • Hina Khuman
      Hina Khuman over 6 years
      @nawfal: Thanks! see detailed question here: stackoverflow.com/q/48165315/5743676
  • nawfal
    nawfal over 12 years
    Thanks, Ill see to that. Does this grant access to even future accounts?
  • nawfal
    nawfal over 12 years
    Thanks it did work and grants access to future user accounts as well. Please accept my edit so that others know what exactly should be done.
  • CularBytes
    CularBytes over 9 years
    Thank-you so much.. been struggling with decompressing files and setting permissions to .mdf files (because I got read-only errors). Thanks!
  • hypehuman
    hypehuman almost 9 years
    May I ask the purpose of the return value?
  • Angelo Vargas
    Angelo Vargas almost 9 years
    @hypehuman oh none really, it was meant to be called from somewhere and if it failed (say GrantAccess caught an exception, then it would return false), then whatever code uses that should not continue since no permissions were granted.
  • anhtv13
    anhtv13 over 4 years
    DirectorySecurity is not found. What is the reference lib? i added 3 lines 'using...', still error.
  • Kappacake
    Kappacake almost 3 years
    Do not forget to include InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.NoPropagateInherit or it will only add the user/group without applying any permissions to it (the user/group will only have special permissions). Just spent an hour trying to understand why it would appply any permissions to the group, so hope this saves someone some time!