permission rules

2025-12-13 14:53:16 +00:00 · 2017-08-28 17:05:38 -04:00
parent 41d0b53898
commit 2fa1b52a36
1 changed files with 16 additions and 17 deletions
--- a/src/Service/Installer.cs
+++ b/src/Service/Installer.cs
@@ -47,27 +47,26 @@ namespace Service
            }
            var sec = info.GetAccessControl();
-
+            AddPermission(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null), sec);
-            var adminRule = new FileSystemAccessRule(
+            AddPermission(new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null), sec);
-                new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null),
+            AddPermission(new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null), sec);
-                FileSystemRights.FullControl | FileSystemRights.Write | FileSystemRights.Read,
+            AddPermission(new SecurityIdentifier(WellKnownSidType.CreatorOwnerSid, null), sec);
-                InheritanceFlags.None,
+            AddPermission(WindowsIdentity.GetCurrent().User, sec);
                PropagationFlags.NoPropagateInherit,
                AccessControlType.Allow);
            sec.AddAccessRule(adminRule);
            var usersRule = new FileSystemAccessRule(
                new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null),
                FileSystemRights.FullControl | FileSystemRights.Write | FileSystemRights.Read,
                InheritanceFlags.None,
                PropagationFlags.NoPropagateInherit,
                AccessControlType.Allow);
            sec.AddAccessRule(usersRule);
            sec.SetAccessRuleProtection(isProtected: true, preserveInheritance: false);
            info.SetAccessControl(sec);
        }
        private void AddPermission(IdentityReference sid, DirectorySecurity sec)
        {
            var rule = new FileSystemAccessRule(
                sid,
                FileSystemRights.FullControl | FileSystemRights.Write | FileSystemRights.Read,
                InheritanceFlags.None,
                PropagationFlags.NoPropagateInherit,
                AccessControlType.Allow);
            sec.AddAccessRule(rule);
        }
        private void BeforeInstalled(object sender, InstallEventArgs e)
        {
            if(EventLog.SourceExists(_serviceInstaller.ServiceName))