Dialup ACE

By | September 15, 2020

This the second article related to ACL, the first one is “Changing file ACL in Windows programmatically”. Going through WellKnownSidType commonly used security identifiers. I found some which I never heard about and several legacy ones, for example DIALUP. Just for fun I decided to test how this user permission look like in the file security properties. I create small c# application which add or remove this access control entity to/form express843.pdf files to the file ACL. By the way express843.pdf belongs to my Wordchaos Javascript project. The code:


using System;
using System.IO;
using System.Security;
using System.Security.AccessControl;
using System.Security.Principal;

namespace AccessControl
{
   class Program
   {
      static void Main(string[] args)
      {
         bool removedAU = false;
         try
         {
            FileInfo fi = new FileInfo("d:\\alex\\express843.pdf");
            FileSecurity security = fi.GetAccessControl(AccessControlSections.Access);
            AuthorizationRuleCollection arc = security.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
            foreach (FileSystemAccessRule fsar in arc)
            {
               if(fsar.IdentityReference.Value.Equals("NT AUTHORITY\\DIALUP"))
               {
                  removedAU = true;
                  security.RemoveAccessRule(fsar);
                  break;
               }
            }
            if (!removedAU)
            {
               SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.DialupSid, null);
               security.AddAccessRule(
                  new FileSystemAccessRule(sid,
                        FileSystemRights.FullControl,
                        InheritanceFlags.None, //.ContainerInherit | InheritanceFlags.ObjectInherit,
                        PropagationFlags.None,
                        AccessControlType.Allow));
            }
   fi.SetAccessControl(security);
         }
         catch (Exception ex)
         {
            Console.WriteLine(“Exception: ” + ex.Message);
         }
      }
   }
}

This works and how DIALUP ACE looks in express843.pdf ACL:

Security file Properties

icacls express843.pdf

Leave a Reply

Your email address will not be published. Required fields are marked *