1

我尝试在本地网络上为一个特殊组共享一个文件夹。我创建组,然后将当前用户添加到该组。在此之后,我在本地网络上共享该文件夹,并获得该组访问该文件夹的所有权限。在网络中,我看到了该文件夹,该组已授予所有权限,似乎一切正常,但我无法访问本地网络上的文件夹。

我使用这段代码:

 string ShareName = "SpecialShare";
 string Description = "This is a test";

 string folderPath = @"c:\ApplicationFolder\AppData";



try
        {
            NTAccount ntAccount = new NTAccount("SpecialGroup");

        SecurityIdentifier oGroupSID = (SecurityIdentifier)ntAccount.Translate(typeof(SecurityIdentifier));
        byte[] utenteSIDArray = new byte[oGroupSID.BinaryLength];
        oGroupSID.GetBinaryForm(utenteSIDArray, 0);

        ManagementClass oGroupTrustee = new ManagementClass(new ManagementPath("Win32_Trustee"), null);
        oGroupTrustee["Name"] = "SpecialGroup";
        oGroupTrustee["SID"] = utenteSIDArray;

        ManagementClass oGroupACE = new ManagementClass(new ManagementPath("Win32_ACE"), null);
        oGroupACE["AccessMask"] = 2032127; //full access
        oGroupACE["AceFlags"] = AceFlags.ObjectInherit | AceFlags.ContainerInherit;
        oGroupACE["AceType"] = AceType.AccessAllowed;
        oGroupACE["Trustee"] = oGroupTrustee;

        ManagementObject oGroupSecurityDescriptor = new ManagementClass(new ManagementPath("Win32_SecurityDescriptor"), null);
        oGroupSecurityDescriptor["ControlFlags"] = 4;
        oGroupSecurityDescriptor["DACL"] = new object[] { oGroupACE };

        DirectoryInfo dInfo = new DirectoryInfo(folderPath);
        DirectorySecurity dSecurity = dInfo.GetAccessControl();
        dSecurity.AddAccessRule(new FileSystemAccessRule("SpecialGroup", FileSystemRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
        dInfo.SetAccessControl(dSecurity);

        ManagementClass managementClass = new ManagementClass("Win32_Share");
        ManagementBaseObject inParams = managementClass.GetMethodParameters("Create");

        //MessageBox.Show(managementClass.Derivation[0]);
        inParams["Description"] = Description;
        inParams["Name"] = ShareName;
        inParams["Path"] = folderPath;
        inParams["Type"] = 0; //Disk Drive
        inParams["MaximumAllowed"] = null;
        inParams["Password"] = null;
        inParams["Access"] = oGroupSecurityDescriptor;



        ManagementBaseObject outParams;
        outParams = managementClass.InvokeMethod("Create", inParams, null);

        if ((uint)(outParams.Properties["ReturnValue"].Value) != 0)
            throw new Exception();

        ManagementObject share = new ManagementObject(managementClass.Path + ".Name='" + ShareName + "'");
        share.InvokeMethod("SetShareInfo", new object[] { Int32.MaxValue, Description, oGroupSecurityDescriptor });

        dInfo.Refresh();


    }
    catch (Exception ex)
    {
        MessageBox.Show(ex.ToString());
    }
4

0 回答 0