How to deny the user to add new ‘User’ or ‘Group’ for a file in ACL
I want to use C# to forbit the user to add other ‘Group’ or ‘User’ as the picture,
I cannot find any interface to do that,
If I cannot disable this operation, Can I disable the ‘FileSystemRights’ set(cannot set Read/Write…)?
FileInfo fInfo = new FileInfo(fileName); FileSecurity fileAcl = fInfo.GetAccessControl(); NTAccount acc = (NTAccount)fileAcl.GetOwner(typeof(NTAccount)); Console.WriteLine("File owner:" + acc.Value);
because when my file has 1 owner of ‘Everyone’, and I disable the Everyone’s ‘FullControl’ right for this file,
but If other one add new ‘User’ to this file, and the new user also can allow the ‘FullControl’ right and operate the file.
Source: Windows Questions