AccessControl for Domain Users

ormonds

I am trying to set Inheritance to disabled and to deny access to domain users on a directory (FullFolder). My code is:-

        if (Directory.Exists(FullFolder))
        {
            DirectoryInfo di = new DirectoryInfo(FullFolder);
            DirectorySecurity ds = di.GetAccessControl();
            //First, disable Inheritance on this folder.
            ds.SetAccessRuleProtection(true, true);
            di.SetAccessControl(ds);
            //Now deny users full control
            string DomainUsers = Environment.UserDomainName + @"\\Users";
            FileSystemAccessRule fsar = new FileSystemAccessRule(DomainUsers, FileSystemRights.FullControl, AccessControlType.Deny);
            ds.AddAccessRule(fsar);
            di.SetAccessControl(ds);
        }

Disabled inheritance works fine. However the line adding the AccessRule fsar give an error "System.Security.PrincipalNotMappedException" Is the way I have set the user name wrong?

Richard Deeming

Shouldn't the group name be Domain Users rather than just Users? Try manually creating the rule on a folder, and then examining the ACL via code to see what the principal name looks like.

---

"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer

ormonds

Thank you, yes looking at the ACE helped me see it.