Permissions and Permission Propogation
-
Hi Guys, Scenario: I have a .Net app that creates a new User and then assigns full read / write permissions for that user to the application Program Files and application HKLM Registry section. The application then runs under the current user and impersonates the authorised user to modify the appropriate sections when nescessary. The permissions assignment is assigned with the following code:
//Registry - Propogated Rule RegistryAccessRule rule = new RegistryAccessRule(LOGON\_USER\_NAME, RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow); RegistrySecurity security = new RegistrySecurity(); security.AddAccessRule(rule); //Create Test Sub Key in Registry with permissions for the MicaUser RegistryKey root = Registry.LocalMachine.CreateSubKey(SUB\_KEY\_ROOT, RegistryKeyPermissionCheck.ReadWriteSubTree); root.SetAccessControl(security); //File System - Propogated Rule FileSystemAccessRule rule = new FileSystemAccessRule(LOGON\_USER\_NAME, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow); DirectorySecurity security = new DirectorySecurity(); security.SetAccessRule(rule); //Create Test Directory in Program Files with permissions for the MicaUser Directory.CreateDirectory(dir); Directory.SetAccessControl(dir, security);Problem: When i check the registry / directory, i have full permissions for any existing folders / subkeys below the dir / subkey Root, but not for the root itself. i.e. HKLM\Software\MyApp\TestKey I Assign the permisssions to MyApp, then my User has full permissions on TestKey, but i am unable to create SubKeys in MyApp, nor delete the TestKey SubKey, nor set values in MyApp. This also applies to the ACL permissions on folders. My question is - how do i setup both propogating privelages, and full read / write permissions on the root item? Regards Tristan
------------------------------- Carrier Bags - 21st Century Tumbleweed.
-
Hi Guys, Scenario: I have a .Net app that creates a new User and then assigns full read / write permissions for that user to the application Program Files and application HKLM Registry section. The application then runs under the current user and impersonates the authorised user to modify the appropriate sections when nescessary. The permissions assignment is assigned with the following code:
//Registry - Propogated Rule RegistryAccessRule rule = new RegistryAccessRule(LOGON\_USER\_NAME, RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow); RegistrySecurity security = new RegistrySecurity(); security.AddAccessRule(rule); //Create Test Sub Key in Registry with permissions for the MicaUser RegistryKey root = Registry.LocalMachine.CreateSubKey(SUB\_KEY\_ROOT, RegistryKeyPermissionCheck.ReadWriteSubTree); root.SetAccessControl(security); //File System - Propogated Rule FileSystemAccessRule rule = new FileSystemAccessRule(LOGON\_USER\_NAME, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow); DirectorySecurity security = new DirectorySecurity(); security.SetAccessRule(rule); //Create Test Directory in Program Files with permissions for the MicaUser Directory.CreateDirectory(dir); Directory.SetAccessControl(dir, security);Problem: When i check the registry / directory, i have full permissions for any existing folders / subkeys below the dir / subkey Root, but not for the root itself. i.e. HKLM\Software\MyApp\TestKey I Assign the permisssions to MyApp, then my User has full permissions on TestKey, but i am unable to create SubKeys in MyApp, nor delete the TestKey SubKey, nor set values in MyApp. This also applies to the ACL permissions on folders. My question is - how do i setup both propogating privelages, and full read / write permissions on the root item? Regards Tristan
------------------------------- Carrier Bags - 21st Century Tumbleweed.
I have managed to open up the Registry sub key root by adding two seperate permissions:
RegistrySecurity security = new RegistrySecurity(); //Non Propogated Rule RegistryAccessRule rule = new RegistryAccessRule(LOGON\_USER\_NAME, RegistryRights.FullControl,InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow); security.AddAccessRule(rule); //Propogated Rule rule = new RegistryAccessRule(LOGON\_USER\_NAME, RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow); security.AddAccessRule(rule);This works for the registry, but not for the directory permissions. Any thoughts? Regards Tris
------------------------------- Carrier Bags - 21st Century Tumbleweed.