From 2fa1b52a36fffd6ecb25ce295687f40b12763d14 Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kyle.spearrin@gmail.com>
Date: Mon, 28 Aug 2017 17:05:38 -0400
Subject: [PATCH] permission rules

---
 src/Service/Installer.cs | 33 ++++++++++++++++-----------------
 1 file changed, 16 insertions(+), 17 deletions(-)

diff --git a/src/Service/Installer.cs b/src/Service/Installer.cs
index c756fa65..12089278 100644
--- a/src/Service/Installer.cs
+++ b/src/Service/Installer.cs
@@ -47,27 +47,26 @@ namespace Service
             }
 
             var sec = info.GetAccessControl();
-
-            var adminRule = new FileSystemAccessRule(
-                new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null),
-                FileSystemRights.FullControl | FileSystemRights.Write | FileSystemRights.Read,
-                InheritanceFlags.None,
-                PropagationFlags.NoPropagateInherit,
-                AccessControlType.Allow);
-            sec.AddAccessRule(adminRule);
-
-            var usersRule = new FileSystemAccessRule(
-                new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null),
-                FileSystemRights.FullControl | FileSystemRights.Write | FileSystemRights.Read,
-                InheritanceFlags.None,
-                PropagationFlags.NoPropagateInherit,
-                AccessControlType.Allow);
-            sec.AddAccessRule(usersRule);
-
+            AddPermission(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null), sec);
+            AddPermission(new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null), sec);
+            AddPermission(new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null), sec);
+            AddPermission(new SecurityIdentifier(WellKnownSidType.CreatorOwnerSid, null), sec);
+            AddPermission(WindowsIdentity.GetCurrent().User, sec);
             sec.SetAccessRuleProtection(isProtected: true, preserveInheritance: false);
             info.SetAccessControl(sec);
         }
 
+        private void AddPermission(IdentityReference sid, DirectorySecurity sec)
+        {
+            var rule = new FileSystemAccessRule(
+                sid,
+                FileSystemRights.FullControl | FileSystemRights.Write | FileSystemRights.Read,
+                InheritanceFlags.None,
+                PropagationFlags.NoPropagateInherit,
+                AccessControlType.Allow);
+            sec.AddAccessRule(rule);
+        }
+
         private void BeforeInstalled(object sender, InstallEventArgs e)
         {
             if(EventLog.SourceExists(_serviceInstaller.ServiceName))