views:

160

answers:

1

I have the following code, that should remove the access of users from a certain folder. Unfortunately it doesn't (the access rule remains in place). No exception is thrown.

AuthorizationRuleCollection arc = ds.GetAccessRules(true, true, typeof(NTAccount));

foreach (FileSystemAccessRule ar in arc)
{
    if (ar.IdentityReference is NTAccount)
    {
        NTAccount account = ar.IdentityReference as NTAccount;

        if (!AdminUsers.Contains(account.Value) &&
            ownerAccount != account.Value)
        {
            ds.RemoveAccessRule(ar);
            WriteLog("Removed rule for: " + account);
        }

     }
}

outputDirectory.SetAccessControl(ds);

I can see from my logs that the RemoveAccessRule was called. Why isn't the rule gone?

Edit: The rule is an inherited rule. Do I need to do something different to remove inherited rules?

+1  A: 

Take a look at SetAccessRuleProtection on DirectorySecurity class, from reading it..I would think you'd need..

ds.RemoveAccessRule(ar);
ds.SetAccessRuleProtection(true,false);

play around with it.

Stan R.
I do believe that was it exactly. It's wonderful, many thanks.
C. Ross