C#修改文件夹和文件的NTFS安全权限
using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.IO;
using System.Linq;
using System.Security.AccessControl;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
namespace WindowsFormsApp2
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
/// <summary>
/// 获取系统Chrome的安装路径
/// </summary>
/// <param name="exeName">chrome.exe</param>
/// <returns>string 程序所在字符串</returns>
public string GetChromeUpdatePath()
{
try
{
string App = "chrome.exe";
RegistryKey regKey = Registry.CurrentUser;
RegistryKey regSubKey = regKey.OpenSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\" + App, false);
object objResult = regSubKey.GetValue(string.Empty);
RegistryValueKind regValueKind = regSubKey.GetValueKind(string.Empty);
if (regValueKind == Microsoft.Win32.RegistryValueKind.String)
{
string strChromePath=objResult.ToString();
int pos = strChromePath.IndexOf(@"\Google\");
string strGooglePosition = strChromePath.Substring(0, pos + 7) + @"\Update";
return strGooglePosition;
}
return "";
}
catch
{
return "";
}
}
/// <summary>
/// 让文件夹权限最小化,限制其更新和执行
/// </summary>
/// <param name="filePath"></param>
static void AddSecurityControll2File(string filePath)
{
//获取文件信息
FileInfo fileInfo = new FileInfo(filePath);
//获得该文件的访问权限
System.Security.AccessControl.FileSecurity fileSecurity = fileInfo.GetAccessControl();
//移除用户组的访问权限规则
fileSecurity.RemoveAccessRule(new FileSystemAccessRule(@"Administrator", FileSystemRights.FullControl, AccessControlType.Allow));
//添加用户组的访问权限规则
fileSecurity.AddAccessRule(new FileSystemAccessRule(@"Administrator", FileSystemRights.Modify, AccessControlType.Deny));
fileSecurity.AddAccessRule(new FileSystemAccessRule(@"Everyone", FileSystemRights.Modify, AccessControlType.Deny));
//设置访问权限
fileInfo.SetAccessControl(fileSecurity);
}
/// <summary>
///让文件权限最小化,限制其更新和执行
/// </summary>
/// <param name="dirPath"></param>
static void AddSecurityControll2Folder(string dirPath)
{
//获取文件夹信息
DirectoryInfo dir = new DirectoryInfo(dirPath);
//获得该文件夹的所有访问权限
System.Security.AccessControl.DirectorySecurity dirSecurity = dir.GetAccessControl(AccessControlSections.All);
//设定文件ACL继承
InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
//Administrator用户组的访问权限规则限制(权限最小化)
FileSystemAccessRule AdministratorFileSystemAccessRuleAllow = new FileSystemAccessRule("Administrator", FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
FileSystemAccessRule AdministratorFileSystemAccessRuleDeny = new FileSystemAccessRule("Administrator", FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Deny);
FileSystemAccessRule EveryoneFileSystemAccessRuleDeny = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Deny);
bool isModified = false;
dirSecurity.ModifyAccessRule(AccessControlModification.Remove, AdministratorFileSystemAccessRuleAllow, out isModified);
dirSecurity.ModifyAccessRule(AccessControlModification.Add, AdministratorFileSystemAccessRuleDeny, out isModified);
dirSecurity.ModifyAccessRule(AccessControlModification.Add, EveryoneFileSystemAccessRuleDeny, out isModified);
//设置访问权限
dir.SetAccessControl(dirSecurity);
}
private void button1_Click(object sender, EventArgs e)
{
//
string UpdatePath = GetChromeUpdatePath();
AddSecurityControll2Folder(UpdatePath);
string UpdateMainFile = UpdatePath + @"\keygen.exe";
AddSecurityControll2File( UpdateMainFile);
}
private void button2_Click(object sender, EventArgs e)
{
FolderBrowserDialog path = new FolderBrowserDialog();
path.ShowDialog();
string txtPath = path.SelectedPath;
textBoxPathName.Text = txtPath;
}
}
}
