Full user folder access gain and take by "Security" nmspc.
-
If you don't want to study all case: how to gain full access to specified user above specified folder, and take it back away, not using cacls, but using VB Security namespace
Hi, this is not my chief fire me Q, it is just for fun. I created console app which may delete older restore points of all disks.
Module Module1
Sub Main()
Console.WriteLine("Deleting restore points")
Console.Write("Points to let, >=1: ")
Dim letd% = CInt(Val(Console.ReadLine))
Console.Write("Admin username: ")
Dim user$ = Console.ReadLine
If letd = 0 Then letd = 1
Dim drives() As IO.DriveInfo = IO.DriveInfo.GetDrives
Dim dir, rps(), tmp() As IO.DirectoryInfo, td#, tt#
For i As Integer = 0 To UB(drives)
If Not drives(i).Name.ToLower.StartsWith("a") Then
If drives(i).IsReady Then
tmp = drives(i).RootDirectory.GetDirectories("System Volume Information")
If UB(tmp) = 0 Then
dir = tmp(0)
Console.Write(drives(i).Name.First)
If drives(i).DriveFormat = "NTFS" Then Grant(drives(i).Name, user, True)
rps = dir.GetDirectories("RP*", IO.SearchOption.AllDirectories)
Array.Sort(rps, New dic)
td = 0
For j As Integer = 0 To UB(rps) - letd
td += dirSize(rps(j))
rps(j).Delete(True)
Next
If drives(i).DriveFormat = "NTFS" Then Grant(drives(i).Name, user, False)
End If
Console.WriteLine(td.ToString("C", System.Globalization.CultureInfo.InvariantCulture) & "kb")
tt += td
End If
End If
Next
Console.Write("=" & tt.ToString("C", System.Globalization.CultureInfo.InvariantCulture) & "kb")
Console.Read()
End Sub
#Region "Dir comparer"
Class dic
Implements IComparer
Public Function Compare(ByVal x As Object, ByVal y As Object) As Integer Implements System.Collections.IComparer.Compare
Return String.Compare(CType(x, IO.DirectoryInfo).Name, CType(y, IO.DirectoryInfo).Name)
End Function
End Class
#End Region
Sub Grant(ByVal volume$, ByVal user$, ByVal add%)
Dim ac As System.Security.AccessControl.DirectorySecurity = New IO.DirectoryInfo(volume & "System Volume Information").GetAccessControl
'Dim am As System.Security.AccessControl.AccessControlModification = Security.AccessControl.AccessControlModification.Remove
'ac.ModifyAccessRule(Security.AccessControl.AccessControlModification.Remove)
With ac.GetAccessRules(True, True, GetType(System.Security.Principal.NTAccount))
Dim a = .Item(0)
End With
If add Then
Shell("cacls """ & volume & "System Volume Information"" /E /G " & user & ":F", 1, True, -1)
Else
Shell("cacls """ & volume & "System Volume Information"" /E /R " & user & "")
End If
End Sub
Function UB%(ByVal arr As Object)
If arr Is Nothing Then
Return -2
ElseIf arr.GetType.IsArray Then
Return CType(arr, System.Array).GetUpperBound(0)
Else
Return -3
End If
End Function
Function dirSize#(ByVal dir As IO.DirectoryInfo)
Dim items() As IO.FileInfo = dir.GetFiles("*.*", IO.SearchOption.AllDirectories)
For i As Integer = 0 To UB(items)
dirSize += items(i).Length
Next
dirSize = dirSize / 1000
End Function
End ModuleSo, if you look at bold section - it is allowing you to access these directiories, which are from installation disallowed for user to do anything. And after deletition it is by the second part of IF secured back. But If you look at italic section: I would like to rewrite the bold section with that italic slavery. I have totally lost in there. Do you someone have experiences with these structures? (By using shell and cacls I cannot get rid of "Proceeded Folder: C:System Volume". I tried >NULL and cmd /q /k. I Would be really glad to understand how is that DirectorySecurity class thought to be used...
-
Ok. I just found the way how to read permissions of user upon folder. But as appears in comments, it is not usefull at all. When you don't have permission to folder, you cannot determine it in any correct way, using DirectorySecurity class. So it stays: when you want to check your rights to execute or write directory, you must use Try-Catch - there is no "legal" way to do it. Anyway here is correct way to use DirectorySecurity class:
Dim security As Security.AccessControl.DirectorySecurity 'C:\8e60d354588754b76f07744034512a\update Dim path0$ path0 = "C:\8e60d354588754b76f07744034512a" 'parent, free access folder path0 = "C:\8e60d354588754b76f07744034512a\update\" 'access disalowed folder 'path0 = "C:\download" 'test folder with free access 'NONE = only sections possible to obtain on '\update\' folder security = New System.Security.AccessControl.DirectorySecurity(path0, System.Security.AccessControl.AccessControlSections.None) 'this is priceless - with NONE getSecurity necessary for '\update\': 'Dim owner = security.GetOwner(GetType(System.Security.Principal.NTAccount)) Dim rules As System.Security.AccessControl.AuthorizationRuleCollection rules = security.GetAccessRules(True, True, GetType(System.Security.Principal.SecurityIdentifier)) Dim fsar As System.Security.AccessControl.FileSystemAccessRule For Each rule As System.Security.AccessControl.AuthorizationRule In rules Console.WriteLine(rule.ToString) 'this tells nothing If rule.GetType.Equals(GetType(System.Security.AccessControl.FileSystemAccessRule)) Then 'in my example this shown same fsar for both three folders fsar = rule 'in my example this shown Everyone for both check and disallowed directory Console.WriteLine(fsar.IdentityReference.Translate(GetType(Security.Principal.NTAccount))) 'Diagnostics.Process.GetCurrentProcess End If Next
Post a reply
Quick links
Recent activity
- arif ahmad replied to How to receive data in web ...
- William Thompson replied to What is the name of the Win...
- Sameera Piyadigamage replied to Point of Sale Developers: H...
- Scott Carline replied to 4 x C# Developers for large...
- Rajendra Dhakal replied to Restore SQL Server text dat...
- cloud rainda replied to How to convert between TS f...
Enter your message below
Sign in or Join us (it's free).