How to grant full permission to a file created by my application for ALL users?

c# .net winforms permissions user-accounts
nawfal picture nawfal · Feb 2, 2012 · Viewed 76.6k times · Source

The tool I develop needs to grant access rights "Full Control" to a file created by it. It needs to be read, modified and deleted from all windows accounts and even possible future accounts. Could this be achieved?

I know I can try this for a SPECIFIC_USER: 

FileSystemAccessRule rule = new FileSystemAccessRule(SPECIFIC_USER, FileSystemRights.FullControl, AccessControlType.Allow);
FileSecurity fSecurity = File.GetAccessControl(filePath);
fSecurity.SetAccessRule(rule);
File.SetAccessControl(filePath, fSecurity);

But how do I grant it to all users? And even possible future accounts? If the latter part is not possible, how to go about the first requirement?

Thanks.

EDIT:

This is the code which worked for me. Taken from the answerer's link.

private bool GrantAccess(string fullPath)
{
    DirectoryInfo dInfo = new DirectoryInfo(fullPath);
    DirectorySecurity dSecurity = dInfo.GetAccessControl();
    dSecurity.AddAccessRule(new FileSystemAccessRule(
        new SecurityIdentifier(WellKnownSidType.WorldSid, null), 
        FileSystemRights.FullControl,
        InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit,
        PropagationFlags.NoPropagateInherit,
        AccessControlType.Allow));

    dInfo.SetAccessControl(dSecurity);
    return true;
}

Note the PropagationFlags.NoPropagateInherit which is required (mentioned towards the last in the link). It does grant privilege to even future accounts.

Answer

Angelo Vargas picture Angelo Vargas · Apr 25, 2013

Note to people using this.

When using literal strings for the FileSystemAccessRule, it should be WellKnownSidType.WorldSid instead of "everyone".

The reason is because there are multiple Window languages and Everyone only applies to EN ones, so for Spanish, it might be "Todos" (or something else).

using System.Security.AccessControl;
using System.Security.Principal;
using System.IO;

private void GrantAccess(string fullPath)
{
    DirectoryInfo dInfo = new DirectoryInfo(fullPath);
    DirectorySecurity dSecurity = dInfo.GetAccessControl();
    dSecurity.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.NoPropagateInherit, AccessControlType.Allow));
    dInfo.SetAccessControl(dSecurity);
}

Related questions

How do I make a textbox that only accepts numbers?

I have a windows forms app with a textbox control that I want to only accept integer values. In the past I've done this kind of validation by overloading the KeyPress event and just removing characters which didn't fit the …

Read More
How do I update the GUI from another thread?

Which is the simplest way to update a Label from another Thread? I have a Form running on thread1, and from that I'm starting another thread (thread2). While thread2 is processing some files I would like to update a Label …

Read More
Get current folder path

I want to create a program that converts files. I would like the user to be able to place the executable file in any directory, and when executing that program (double-clicking on the .exe) I want the program to process …

Read More