5

I'm working on an application which stores some files in the CommonApplicationData folder. My application has to modify these files. I managed to create a custom action to grant fullcontrol rights to my application folder in the CommonApplicationData folder. But this didn't solve the problem for non-admin users. When I log on as a user and try to modify one of these files, I get the "Access Denied" message.
How can I solve this problem? Thanks.
Here is the code which I used in the Custom Action:

public void GetUsers()
        {
            SelectQuery sQuery = new SelectQuery("Win32_UserAccount", "Domain='" + System.Environment.UserDomainName.ToString() + "'");
            try
            {
                ManagementObjectSearcher mSearcher = new ManagementObjectSearcher(sQuery);
                foreach (ManagementObject mObject in mSearcher.Get())
                {
                    Permission(mObject["Name"].ToString());
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.ToString());
            }
        }
        private void Permission(string user)
        {
            string directory = Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData);
            string CompanyFolderPath = Path.Combine(directory, "naseelco\\lms2004");
            DirectoryInfo myDirectoryInfo = new DirectoryInfo(CompanyFolderPath);
            DirectorySecurity myDirectorySecurity = myDirectoryInfo.GetAccessControl();
            string User = System.Environment.UserDomainName + "\\" + user;
            myDirectorySecurity.AddAccessRule(new FileSystemAccessRule(User, FileSystemRights.FullControl, AccessControlType.Allow));
            myDirectoryInfo.SetAccessControl(myDirectorySecurity);
        }

EDIT:
For those who would like to know the solution for this problem: Instead of granting Access Rights to the parent folder, the individual files int that folder are granted Access Rights for each user. The Permission method in the code above has been modified as follows:

private void Permission(string user)
{
  string directory = Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData);
  string filePath = Path.Combine(directory, "naseelco\\lms2004\\fms.txt");
  FileSecurity fSecurity = File.GetAccessControl(filePath);
  FileSystemAccessRule rule = new FileSystemAccessRule(user, FileSystemRights.FullControl, AccessControlType.Allow);
  fSecurity.SetAccessRule(rule);
  File.SetAccessControl(filePath, fSecurity);
}
Cœur
  • 37,241
  • 25
  • 195
  • 267
FadelMS
  • 2,027
  • 5
  • 25
  • 42
  • Wouldn't it just be easier to pick a folder that already allowed read/write access to non-admin users? – David Heffernan Oct 24 '11 at 20:15
  • 1
    @David Heffernan: like what? I'm using a sub-folder in CommonApplicationData. – FadelMS Oct 24 '11 at 20:31
  • @FadelMS: I've run into this same problem before. +1 User App Data folders are what `non-admin` users have rights to, but these are non-overlapping locations, so you can not store global data. I'm hoping you post a solution when you find it. You may have to use the registry or the Program Files location. –  Oct 24 '11 at 20:39
  • @jp2code: curious, what do you mean by non-overlapping locations? – Scott Wylie Oct 24 '11 at 20:41
  • 2
    `CommonApplicationData` is the same folder for all users; however, all users (as FadelMS has found) do not have access to that. –  Oct 24 '11 at 20:50
  • You can use [`FOLDERID_Public`](http://msdn.microsoft.com/en-us/library/windows/desktop/dd378457(v=vs.85).aspx) on Vista. – David Heffernan Oct 24 '11 at 21:19
  • I think you can find the solution [here](http://stackoverflow.com/questions/8944765/c-sharp-set-directory-permissions-for-all-users-in-windows-7). – Massimo Oct 09 '13 at 13:45

1 Answers1

6

A good solution is to grant full control to Everyone using xcacls.exe or any other ACL tool. This tool can be added as a custom action in your setup project.

Granting privileges to each user is not recommended because future accounts will not be covered. Also, doing this through custom code doesn't always work. Windows permissions are a bit tricky when it comes to controlling them through code.

Cosmin
  • 21,216
  • 5
  • 45
  • 60