I'm using the following code to assign domain groups permissions to a folder from a C# application:
DirectoryInfo myDirectoryInfo = new DirectoryInfo(@"\\Server002\G$\permissionTest");
DirectorySecurity myDirectorySecurity = myDirectoryInfo.GetAccessControl();
myDirectorySecurity.AddAccessRule(new FileSystemAccessRule(@"Domain\Sec_Group", FileSystemRights.Modify, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
myDirectoryInfo.SetAccessControl(myDirectorySecurity);
As an example, I'm executing that program on a server named server001 and use that code to apply domain groups to the ACL of a folder that is on a server named server002, and it works fine.
Now I need to add a security group that is on server002 to the folder, but with the program that is executed on server 001, for example, add the "Guests" local group of server002, but the action of adding that group to the ACL of the folder must be executed from the C# program that is running on server 001.
Could someone please tell me how to achieve this?
I found an alternative way to apply the permissions. I used the psexec program to run remote commands, so I was able to do a remote call to the desired server and run the icacls command to apply the permissions, then I put the command on C# to execute the instruction. The code that I did looks like this:
foreach (string server in servers)
{
string localPermissionsCommand = @"/C psexec /accepteula \\" + server + " icacls " + @"G:\theFolder\ /grant " + @"""Local server group""" + ":(OI)(CI)RX";
System.Diagnostics.Process.Start("CMD.exe", localPermissionsCommand);
}
So in this way you iterate through the variable servers to run the command on all the servers that you want. This approach worked for me.