How to deny the user to add new ‘User’ or ‘Group’ for a file in ACL

  acl, c++, permissions, windows

enter image description here

How to deny the user to add new ‘User’ or ‘Group’ for a file in ACL

Hi everyone,

I want to use C# to forbit the user to add other ‘Group’ or ‘User’ as the picture,
I cannot find any interface to do that,
If I cannot disable this operation, Can I disable the ‘FileSystemRights’ set(cannot set Read/Write…)?

FileInfo fInfo = new FileInfo(fileName);
FileSecurity fileAcl = fInfo.GetAccessControl();
NTAccount acc = (NTAccount)fileAcl.GetOwner(typeof(NTAccount));
Console.WriteLine("File owner:" + acc.Value);

because when my file has 1 owner of ‘Everyone’, and I disable the Everyone’s ‘FullControl’ right for this file,
but If other one add new ‘User’ to this file, and the new user also can allow the ‘FullControl’ right and operate the file.

Source: Windows Questions

LEAVE A COMMENT